Setting up for wireless

The potential benefits of wireless networks are obvious: roaming connectivity and elimination of the need to string Ethernet cables throughout the office.

The bottom-line benefit for your employees is also obvious: increased flexibility and productivity. That slim laptop PC can easily let employees keep working in the conference room, cafeteria or cubicle. Research studies have shown productivity gains of 5 percent to 30 percent when employees have access to wireless networks.

Although the gains of wireless local-area networks (WLANs) are obvious, the costs and challenges of building and maintaining wireless networks are often not.

The most publicized challenge, of course, is security. If you are broadcasting data through the air, it is more vulnerable than when it travels through Ethernet cables. Ensuring a wireless network’s security calls for a commitment to monitoring the network, educating users, and managing hardware and software updates.

In addition, although WLANs have low upfront deployment costs compared with wired LAN infrastructures’, long-term maintenance expenses make a wireless network’s infrastructure costs nearly equal to — and in some cases higher than — those of a traditional LAN.

In this Quick Start, we address the main issues that agencies should consider when deciding to set up a wireless network.

Back to basics
Simply put, WLANs use radio frequency instead of wires to create networks. Client hardware, such as internal or external cards or USB-based devices, connect to the WLAN via a wireless access point (WAP).

WLANs come in two modes: ad hoc or infrastructure. Users operating in the field may set up ad hoc WLANs to directly connect with one another. Agencies with a traditional wired network would probably choose to activate WLANs in infrastructure mode, in which servers channel access to the wireless network and administrators can better manage the network.

Because WLANs use radio waves, the closer you are to the transmitter the better throughput you will achieve. When you plan your WLAN, determining the best locations for WAPs is critical. WAPs are available as stand-alone devices or can be integrated into a variety of network routers.

It’s all in the design
So all that sounds simple, doesn’t it? Two factors complicate matters, however.

First, you must ensure that your WLAN design provides consistent coverage and throughput in all areas where clients may need connectivity. Second, you must ensure that the whole system is secure. Both goals require planning.

The first step, said Jean Kaplan, a research analyst at IDC, a technology consulting firm, is to survey your users’ needs. “From the organizational side, you have to figure out who gets access and how,” Kaplan said.

The “who” in the equation will tell you where you need to provide wireless coverage. And the “how” will tell you what kind of coverage you need to supply. If, for example, some users will be using wireless access for streaming data, you may need to provide higher throughput to guarantee continuous coverage. Similarly, if your users need to roam as they work, rather than move from one hot spot to another, you must choose an appropriate protocol.

If your agency is on a campus, you may need to connect WLANs in adjoining buildings, but running cables between buildings may be too expensive. When the buildings are not too far apart and in a direct line of sight, you can configure WAPs so that the networks in each building can communicate with one another. This is known as bridging mode. When administrators configure a pair of WAPs in this manner, they communicate point-to-point to carry traffic from one building to the next. But the setup does not allow for connectivity because unauthorized users could tap the connection between the buildings.

You must weigh other considerations, too. For example, at some point, you may want to use your WLAN for voice communications. In that case, you would need to be careful about configuring roaming options because laptop computers and phones roam the WLAN differently. A laptop may only switch network connections if the IP address changes as it comes in contact with different WAPs.

In contrast, you would need to configure your wireless IP phones so that they maintain the same IP address because if it changes during a call, the phones would disconnect the call.

Several potential trap doors exist, Kaplan said, but you can dodge them with good planning and coordination with your selected vendor. “You may start out thinking you want to provide connectivity to a limited number of people, and then that number grows,” Kaplan said. “The key is to work with whomever you choose as the vendor. Poll all the necessary parties so that you don’t get people chiming in after the fact.”

If you design your system without planning for features such as voice communications or location services, you could encounter unexpected costs. “If you need to change any of your infrastructure later, you have to get up into the ceilings,” Kaplan said.

Picking protocols
After you’ve surveyed your needs, you’ll want to figure out which wireless protocol is most appropriate. Several protocols are available, and some devices support multiple protocols, though they often cost more.

The Institute of Electrical and Electronics Engineers (IEEE) developed — and modifies — the standard behind WLAN technology. The institute began its work in the early 1990s and continues to advance WLAN technologies. To read detailed information on the standard and its amendments, visit standards.ieee.org/getieee802/802.11.html.

The 802.11a protocol yields a maximum throughput of 54 megabits/sec at 5 GHz, has lower rates of interference than the other protocols do, and is usually limited to a line-of-sight range, which means you need to purchase more WAPs to cover a space. The 802.11b and 802.11g protocols can achieve maximum throughputs of 11 megabits/sec and 54 megabits/sec, respectively, on the 2.4 GHz frequency, but walls, water and metal can adversely affect their signals. Their range is about 100 feet.

A new 802.11 amendment, 802.11n, is in the works and holds promise for greater range and throughput. Capable of operating on the 2.4 GHz or 5 GHz frequencies, 802.11n is said to achieve a throughput of 540 megabits/sec at a range of 160 feet. However, some reports indicate that 802.11n causes interference on WLANs when it must coexist with earlier protocols, such as 802.11b and 802.11g. The IEEE’s standards organization is resolving remaining issues with 802.11n before its expected release in 2007 or 2008.

After determining which protocol is best for your agency, check with your vendor to be sure the WAPs and client hardware support 802.11i. The 802.11i standard provides several security advantages.

Vetting vendors
Once you’ve decided which protocols you want to support, you should choose a vendor based on factors such as management tools and customer support. The bulk of available WLAN equipment is fairly commoditized. The main differences you will find among providers are management and reporting tools and integration with other hardware, such as laptop PCs or routers.

Most of the more than 3,000 WLAN products apply the 802.11 standard and its amendments, such as 802.11a, 802.11b or 802.11g. The protocol choice determines the maximum possible throughput and transmission frequency. Many products also support multiple protocols.

You should expect the WLAN standard and products based on it to evolve, so you will need to regularly update equipment and firmware. Major suppliers of WLAN equipment include 3COM, Alcatel, Belkin, Cisco Systems, D-Link, NetGear and Proxim. Suppliers of computing equipment, such as Dell and Hewlett-Packard, are also introducing their own WLAN products. The Wi-Fi Alliance has a useful WLAN product locator at certifications.wi-fi.org/wbcs_certified_products.php.

Securing the air
The biggest challenge of wireless networks is that they are notoriously difficult to secure.

In surveying wireless coverage, for example, IT employees often discover that an employee has set up a personal WLAN, unwittingly providing access to the agency’s or department’s wired network. Even when there are no rogue access points, ensuring security can be a daunting chore.

The default parameters of most WLAN equipment are the most open settings possible. For example, WAP Service Set Identifiers are frequently a vendor’s name, and the equipment often arrives with settings that allow clear text traffic out of the box — including passwords. Clear text traffic is unencrypted traffic that anyone could access to steal passwords and other data. That is not good.

In addition to creating an agencywide wireless security policy, you should perform several other technical tasks to ensure that your organization follows best practices for securing your WLAN.

Beyond setting basic policies, agencies and departments should develop resources for monitoring WLAN security and responding to problems.

“All networks are going to have downtime and trouble spots,” said Wade Williamson, product manager at AirMagnet, a major vendor of monitoring and security tools for WLANs. “Do you want dedicated monitoring that automatically catches every problem? Do you want reactive analyzers that can work networkwide? Do you want mobile tools that IT staff can use in the field? The answer can be any combination of the above, but the important part is to think about the answer before you are facing your first big emergency.”

Like WLAN technology, wireless security systems are maturing. At a recent trade show, wireless security and monitoring providers admitted that some hackers had been able to get around their security mechanisms. If you have in-house wireless security technologies, you should be diligent about updating or replacing them as new updates and capabilities become available.

When shopping for wireless security systems, you will find that they differ greatly in features and form. Some products are software only, while others are hardware only. A third camp combines the software and hardware approaches.

In addition, some solutions only let you know about rogue devices, but others block intruders and detect interference problems. Incident reporting also varies greatly. Some have a few canned reports, and others allow administrators to generate custom reports or export reports to a central server for more detailed forensics work.

Leading providers of wireless security solutions include AirTight Networks, AirMagnet, Bluesocket and Network Chemistry. As with WAPs, wireless security solutions are also part of many enterprise solutions that leading WLAN providers offer.

Although WLAN technologies have challenges to overcome, WLANs can be fairly well secured using diligence, best practices, common sense and technologies such as strong encryption and authentication. Future 802.11 plans also hold some intriguing possibilities, such as mesh networks, so keeping WLANs on the radar is highly advisable.

Planning for the unexpected
Above all, when preparing to implement your WLAN, plan for the unexpected.

Don’t just accommodate your current needs, Kaplan said, look to the future. “What kind of ability is your workforce going to require? How mobile will your workforce be, and what kind of access will it need?” Kaplan asked. Organizations should plan for those needs, he advised, rather than rip up the ceilings two years from now.

Williamson agreed, adding that new challenges will emerge on the applications side, too. He foresees the broad adoption of new real-time applications, such as voice and video. “Overall, I think that agencies should plan for the wireless LAN to be a strategic part of their overall network, and that means choosing solutions that are standards-based and extensible,” Williamson said.

What are the most common stumbling blocks to wireless functionality? Phil Redman, research vice president at Gartner Group, said the two most common trap doors are not defining requirements well enough and not appreciating the continuing costs of managing WLANs. To a greater extent than with wired networks, “once you put the WLAN system in, there are maintenance and support costs. These are ongoing costs that should be factored in.”

Williamson said one of those ongoing costs is for site surveys, which are necessary to ensure that your WLAN stays attuned to the changing physical environment. “Surveying for a wireless deployment is absolutely critical,” he said. “If you skip this step, you are either going to overspend on your infrastructure by buying hardware you don’t need, or you are going to have dead spots and performance gaps in the WLAN.”

Biggs, a senior engineer and freelance technical writer based in northern California, is a Federal Computer Week analyst. She can be reached at maggiebiggs@acm.org. Patrick Marshall contributed to this article.