ITPRC NEWS - December 2001 - http://www.itprc.com/

The Yin and Yang of Wireless LANs
By Irwin Lazar

From a network manager’s point of view Wireless LANs represent two opposite extremes.  On one side is the promise of providing users with ubiquitous access from anywhere in the office, campus or any other location with wireless support.  On the other side are the enormous challenges of delivering sufficient performance while also securing wireless transmissions and access to wireless networks.  In this month’s column we’ll provide best practices for realizing the promise of wireless LANs while avoiding the pitfalls.

Most wireless LAN concerns boil down into the following: Interference, Security, and Mobility.  Each of these is explained in greater detail in the following sections.

Interference:
Most Wireless LANs are based on the IEEE 802.11b standard.  This standard uses the unlicensed 2.4 GHz band for all communication.  This is the same band used by Bluetooth, cordless phones, two-way radios, and other communications devices.  But interference in wireless LANs can also come from multiple access points or from “hidden transmitters” (where one transmitting station is hidden from another, resulting in a collision when both try to send to the access point).  Mitigating interference requires careful engineering of access point placement.  An RF survey using one of several commercial tools and applications can help pinpoint potential interference sources, as well as confirm optimal placement of access points sufficient to insure uninterrupted coverage throughout the location.

Enterprises may also want to consider making the jump to 802.11a, which uses a reserved spectrum at 5 GHz and thus is not subject to interference issues that plague 802.11b.  Keep in mind though that most public wireless services, such as airports and libraries, use 802.11b so insuring backwards compatibility for traveling users is a must.

Security:
To say that wireless LANs present a security risk is the mother of all understatements.  Since it is nearly impossible to restrict radio waves from either entering or leaving the typical enterprise location, the wireless network is vulnerable to attack from someone sitting in the parking lot, the building next door, or another floor within your facility.  Further complicating this issue is the vulnerability of the default 802.11p security protocol, WEP (Wireless-Equivalency Protocol).  WEP provides an easily breakable key structure that can be hacked by even a semi-skilled hacker using publicly available tools.  As several press articles have shown, many network managers don’t even turn on WEP and instead leave their wireless network completely vulnerable to anyone with a client device. 

Securing wireless networks is a multi-step approach designed to discourage attacks and protect valuable network resources.  At a minimum, network managers should implement a unique network name (SSID) and turn on WEP.  For further security, implement authentication mechanisms such as 802.1x with Radius, MAC-address filtering, or even client-server VPNs.  In addition, the wireless LAN should be treated as a public network and should be segmented from the corporate wired network by the use of a firewall.  In addition, security tools should be implemented that prevent unauthorized access points from being deployed on the wired network.

Mobility:
In an ideal environment, a user would be able to undock their wired laptop, take it to another building or across the campus, or even home or to a public wireless facility, and be able to connect to the corporate network without any manual intervention.  Fortunately this isn’t a pipe dream.  Placing all access points in a single broadcast domain by the use of VLANs easily provides wireless roaming on the campus.  New products from companies such as NetMotion and Intel establish a client-server relationship between the end-user device and a corporate proxy server.  These products enable wireless users to reestablish secure connectivity with corporate data resources provided that they have IP connectivity (which may even be across the public Internet).

Wireless LANs offer tremendous benefits to enterprise users.  Employees enjoy new freedom and are no longer tied to their desktop wired connection to access corporate information resources. Even more importantly, people can now get work done while they sit in long meetings or conferences, but we’ll leave that issue for a future column.

..............................
Irwin Lazar is a Senior Consultant for Burton Group where he focuses on strategic planning and network architecture for Fortune 500 enterprises as well as large service providers. He is the conference director for MPLScon and runs The MPLS Resource Center and The Information Technology Professional's Resource Center. 

Please send any comments about this article to ilazar@tbg.com ============================================================