This page contains a Flash digital edition of a book.
FEATURE WIRELESS


A Systematic Approach to Wireless Network Deployment Received Wisdom By Nick Beer, Dynamode UK


Wireless has come a long way over the last decade, since 802.11b was introduced for the first time to consumers. So where are we now with Wireless LAN (WLAN) technology? How has it continued to grow in popularity compared with other technologies and how best can we implement this into our workspace?


Wireless networks are the norm these days, be it in homes, business, airports or even in some towns like Milton Keynes, UK, which allow free, unrestricted wireless network roaming for the general public. The past few years have seen phenomenal integration of wireless components into different form factors. In the beginning there was the normal PCI Bus adapter, and since then wireless has been integrated into various other form factors, notably PCMCIA and USB interfaces. USB interfaces in particular have gained ground at the expensive of other device interfaces. Why is this? Of course, they are simple for a user to install without opening up the computer and they usually allow plug’n’play capability. However, in the recent past, it seemed


like USB was being sidestepped for ‘professional level’ wireless networks, due to lack of range. Physics tells us that an antenna needs to be long to pick up and create a signal. Most wireless USB adapters from vendors concentrated more on the cosmetics than the actual performance of the product itself. Not liking overlong adapters, the internal PCBs relied (as they also do today) on metal etchings on the PCB to mimic an antenna. This is okay for residential users, but it is not the ideal way of transmitting data for business and corporate users. Chipset vendors in recent years


have greatly increased the integration of wireless logic into chipsets. Several notable vendors now use single ASIC Core Chipsets, meaning only a single chip populates a USB wireless PCB. Although internal antennas are still the norm, the advent of 802.11n and the use of MIMO multiple antennas have greatly increased the signal distance and bandwidth enjoyed by USB devices. However, returning to the laws of physics, there are limitations with this design, meaning internal wireless PCI, PCIe and internal cards with external omnidirectional antennas continue to sell well. This is the case with notebook and mobile computers which rely on their internal, factory-fitted wireless to connect to their WLANs. Take for example the popular Apple range of


10 NETCOMMS Volume I, Issue 4 2011


notebooks. Very sleek and very stylish, some Apple models have metal casings, not the best way of maximising wireless signal power. The trend now, or perhaps over the past 12 months, and especially for mobile users, is to use a new breed of wireless USB adapters – ones that incorporate an external omnidirectional antenna onto the USB PCB itself, similar to a wireless PCI adapter. Offering superior range than internally etched wireless antennas, these normally have the benefit of being removable, normally using an SMA connector. This allows more powerful (gain) antennas to be easily attached, which increasing range even further. However, users and IT integrators need to be aware that this in itself causes issues in the work space, not least for security. WLANs that send signals and data


over extended areas need to be correctly deployed to allow both good signal coverage with no dead spots. Users also need to know where the actual signal can be accessed so that they can enforce the correct security measures. The offices of small businesses are frequently located in public areas, such as high streets, which of course have a large flow of people. With the 802.11n, and its associated increased range, the signal in almost all instances will ‘bleed’ not only to the public areas but in many cases to other adjacent business. This is not an ideal way of doing things, especially if a business is transmitting sensitive information. Often, armed with just a wireless


network ‘sniffer’ I can walk down the high street and bingo, SSIDs pop up, normally still with the default broadcast name of the wireless access point. What makes matters worse, there is little or no wireless security to prevent an individual either attaching themselves to the target network or possibly using some form of easy-to-obtain Wireless LAN data sniffer freely available from the Internet. This risk is not just restricted to small business. On a recent visit to a secondary school in Essex, I was amazed to find that the whole wireless network was unencrypted, was broadcasting the school’s name and was allowing anyone to attach themselves to the network and possibly even gain access to the local government network as a whole.


Lack of security may not always be


the result of the integrator not setting it up in the first place, especially in the case of schools. Very often if an access point (AP) goes down, there may be backup ones, ready to replace the faulty one. Most schools have many of these dotted around classrooms, walkways or administration areas. If an IT support engineer is unable to visit and thus configure the access point, it is very often the case that the school will not setup encryption because it can be too problematic, and if configured incorrectly it will not allow any users on it. The mindset is then to leave it unencrypted until an engineer is in the area to configure it. Very often, if the site is now working, the network will be left well alone and encryption will never be adopted. Believe me, this happens more often than not. Even now, in business and public


sector departments, in a high number of instances encryption has not been thought through. There is no excuse now for using outdated WEP encryption. A few years back WEP was still used, only because other parts of the WLAN may not have included more robust protocols such as WPA. This is no longer the case: almost all vendors have either incorporated firmwares to include WPA and the stronger WPA2. Using WEP, even the stronger 128-bit, will therefore cause serious issues. A flaw in the RC4 algorithm means that freely available internet ‘sniffers’ can simply run in ‘promiscuous’ mode and within a few minutes allow the individual to ‘see’ the data being transmitted. Consider a varied approach. At


least replace the default SSID to something different, turn off SSID broadcasting and use WPA2 together with a combination of MAC address filtering if you have the option and it does not cause too many support issues in your environment. More expensive APs will use RADIUS support and, of course, logging. Use this if you have the option. You will feel safer if you do.


www.netcommseurope.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60