The do`s and don`ts of wireless networking

The confusion surrounding wireless networking - with its plethora of standards and technologies - is dissipating as designers, technologists and implementers reach consensus on the 802.11x platform and accept that there have to be high levels of interaction between competing standards.

As a result, wireless LAN purchases are again on the rise, as companies move to keep pace with the demands of users for increased "mobility".

Graham Vorster, chief technology officer at Duxbury Networking, examines some of the rules and pitfalls associated with wireless LAN installations.

Wireless LANs are deceptively easy to install. Their simplicity, however, masks an array of issues that are critical to its success as a business-based infrastructure.

As easy as it is to get a wireless network up and running, doing it correctly takes as much upfront planning and perhaps more ongoing diligence than a traditional wired network.

A good starting point is the existing wired network, as the wireless network will be an extension of this infrastructure.

By examining the wired network, it is possible to see traffic patterns and bandwidth demand typical of the user population. Based on this, it is easier to estimate the throughput, coverage and security requirements for a given set of applications.

These considerations, in turn, guide planners through the process of evaluating different wireless interface cards and access points.

In addition, key considerations in the design phase include the size of the facility being prepared for the wireless LAN, building construction materials and number of users.

One thing often overlooked is that wireless LANs require wiring: wired Ethernet jacks may have to be installed in order for access points to be attached to the wired LAN.

And electrical power outlets may be needed for the access points, though some vendors offer the option of powering the access devices over Category 5 cable.

Although the subject of security always comes up later in network design, it is wise to consider it early with wireless LANs because of their inherent vulnerabilities.

Wireless LANs are, by definition, insecure: Data is broadcast through the air and is hard to contain. For example, the original encryption scheme for the 802.11 standard, the wireless encryption protocol (WEP), had several inherent weaknesses.

Depending on the requirements, security can range from turning on the basic WEP encryption to full-blown authentication and encryption via VPNs tied into RADIUS servers.

Many users don`t seem to realise that the default security level for most wireless LAN equipment is zero. As a result, many companies that have wireless nets installed omit to turn on encryption, leaving their nets completely open.

Perhaps it is best to treat a wireless LAN as if it were a public Internet, putting a firewall between the LAN and the wired net, and using a campus VPN and authentication via an X.500 directory.

This configuration is increasingly common, but it comes with a number of trade-offs. Administration becomes more complicated, requiring the distribution and updates of VPN client software to thousands of devices.

As there may be a lack of VPN clients for some operating systems, a separate wired infrastructure linking access points on the other side of the firewall may have to be built.

A related but obscure issue is that many wireless laptop users don`t realise their wireless cards remain active, even if they`re not using the VPN. It Is possible for an attacker to use this active link to jump a worker`s laptop and infect it with a virus or other malicious code, which is transmitted to the corporate network via the VPN when the worker logs on.

For most organisations, basic security should include at least 128-bit WEP encryption, the use of obscure network names, a clear prohibition on hooking up unauthorised access points, and periodic efforts to crack their own networks using programs such as WEP Crack, Airsnort and Netstumbler.

The actual wireless LAN design - including how many access points are placed - hinges on several factors: the type of materials used in building construction and furnishings, the number of users in a given area and whether that number changes, and the throughput those users need.

The larger the deployment and the more demanding the applications, the more complicated the equation becomes.

Be on the look out for a mistake often made at this time: using one brand of interface card and access point for the initial design, then a different brand in the final deployment.

Doing so can lead to surprises stemming from different radio frequency propagation characteristics, which leads to dead spots and lower bandwidth.

A site survey is essential for dealing with one of the most confusing design issues: 802.11b access points have a maximum of three non-overlapping channels for users.

Too many access points, haphazardly placed, will overlap these channels and users will see a serious drop in performance because of contention for the channel.

Proper channel configuration can allow three access points to be stacked on top of one another, giving users maximum available bandwidth.

Products for the recently ratified 802.11a standard have eight indoor channels and four more for outdoors, which means that more access points can be packed into the same area, to support more users at higher bandwidth - and, for now, at a higher cost compared with 802.11b LANs.

In theory, the higher bandwidth of 802.11a means the radios cover less distance, so two to four times more 802.11a access points will be needed to cover the same area as with 802.11b. But this will vary greatly from site to site.

Most users and integrators agree that deployment of a properly surveyed and designed wireless LAN is usually straightforward.

Experts recommend staging the equipment first - create the network names and identification databases, load the net information into the access points, burn in the IP addresses and test everything.

It is then a matter of pulling the needed cables for the access points, possibly adding some power outlets and attaching the access points.

But details remain: for example, if there are outdoor units involved, these need to be properly enclosed and grounded.

One of the final steps is to test the installed wireless LAN thoroughly, at all levels, checking security policies, throughput and coverage.

User training must not be overlooked and should take into account everything from security issues to the more mundane idea of teaching people that moving their wireless clients a metre or two might improve throughput significantly.