Although you won't find much marketing devoted to the number of channels that
each protocol supports, you definitely need to understand the benefits of having
more channels. The 802.11a protocol "owns" a wider band of frequencies than
802.11b or 802.11g and consequently has room to divide those frequencies into
more discrete channels. The 802.11a protocol supports eight channels, whereas
802.11b and 802.11g offer only three channels apiece. Each channel can support
the data rate specified by the wireless standard in use. Some quick math reveals
that 802.11b gives you three 11Mbps channels for a maximum data rate of 33Mbps,
802.11g gives you three 54Mbps for 162Mbps, and 802.11a gives you eight 54Mbps
channels, resulting in a maximum data rate of 432Mbps. Even the latest 802.11g
standard, which purports to deliver 108Mbps, provides an overall data rate of
only 324Mbps.
From these numbers, you can see the advantage that 802.11a holds. Of course,
802.11a carries a higher price tag, and you'll need to decide whether the number
of users and their network speed requirements warrant deploying it. You should
also be aware that some hardware supports multiple standards, via additional
radios, to give you more flexibility in your deployment.
Step 5: Perform a Site Survey
After you've received your hardware, you should perform a site survey to assess
your wireless coverage and make any necessary adjustments before you unleash
your users upon the new infrastructure. Many vendors of enterprise wireless-network
hardware offer free site-survey software. The software lets you measure the
wireless signal strength from locations throughout your coverage area to determine
whether APs are optimally placed or whether you need additional APs to address
coverage deficiencies.
To perform a site survey without installing your hardware first, temporarily
position an AP or antenna where you think it should go, then measure its coverage.
Repeat the process at the next location. During your site survey, be sure to
also test worst-case scenarios, such as closed doors; brick, metal, and concrete
obstructions; and the farthest acceptable coverage points. Also ensure that,
where multiple APs are combined to provide coverage for a large area, adequate
signal overlap allows for roaming without losing connectivity. Update your building
map to show where you need to permanently mount your hardware based on what
you find during your site survey. Then, proceed with your wireless hardware
deployment.
Step 6: Implement Security
You need to protect your wireless network from unauthorized access by outsiders.
If you fail to secure your wireless network and the computing resources to which
it connects, you might as well print sensitive corporate information on a huge
banner and hang it outside your building.
The dizzying array of abbreviations related to wireless security can be intimidating,
but some basic security guidelines will put you on the right track. Table
2, gives you a list of the security abbreviations you're most likely to
come across, along with a brief definition of each. Although configuring your
specific hardware might require reading the manual, and although properly implementing
more complex security options—such as Remote Authentication Dial-In User
Service (RADIUS), Extensible Authentication Protocol (EAP), or VPN—might
require outside assistance or training, these are some basic security guidelines
to get you on track to having a secure wireless network.
Start by changing your hardware's default administrator password. If you don't,
anyone who bought the same brand of gear you did or who knows the default password
that ships with your type of hardware could easily take over your wireless network.
Next, lower your network's profile by turning off Service Set Identifier (SSID)
broadcasting and changing the default SSID. The SSID is an identifier that's
usually broadcast to help users find and connect to a given AP. When you turn
off SSID broadcasting, you no longer advertise to passersby that you have a
wireless network. Factory-provided SSID values are widely published on the Web,
so you can further deter snoops by changing the SSID and configuring authorized
clients with the new SSID.
For even more control over who is able to access your wireless network, enable
and configure MAC address filtering. MAC address filtering lets you specify
a list of MAC addresses that are allowed to access your wireless APs. By making
these simple changes, you'll be able to control who "sees" your network and
provide a first line of defense.
After plugging some of the security holes inherent in factory default settings,
you can focus on safeguarding your wireless traffic and keeping out unauthenticated
users. To prevent access by unauthenticated users, add EAP authentication and
enable the strongest feasible encryption. EAP is a point-to-point protocol that
supports secure authentication without requiring the use of certificates. If
you want to ensure that only authorized users can connect to your WLAN, look
into EAP and the EAP methods (e.g., Extensible Authentication Protocol? Transport
Layer Security—EAP-TLS, Extensible Authentication Protocol?Tunneled Transport
Layer Security—EAP-TTLS, EAPLEAP) that your hardware and client system
support.
The Achilles heel of wireless networks has always been that they transmit over
open airwaves and are easier to intercept or eavesdrop on than wired networks.
The goal of encryption is to ensure that only intended parties are able to make
sense of transmitted data. Wi-Fi vendors are continually developing, standardizing
on, and implementing ever-stronger methods of encryption. Although the original
Wired Equivalency Privacy (WEP) standard has been labeled as insufficiently
secure, it's better than nothing. But unless your budget limits you to buying
archaic hardware, you should have more advanced encryption options to choose
from, including Temporal Key Integrity Protocol (TKIP) and Advanced Encryption
Standard-(AES). If, even after deploying the strongest security options your
equipment has to offer, you still have reservations about your wireless network's
security, you can deploy your WLAN as a separate network that can connect to
your company's network only through a secure VPN connection.
There's one other important security element to consider. The general availability
of wireless hardware makes it easy for one of your users to create his or her
own wireless network by simply plugging a wireless router into a live LAN jack
in your company's building. In a heartbeat, that user can nullify every wireless
security measure you've put into place. Consequently, your company must have
a strong policy regarding rogue APs, and you have to be vigilant in detecting
and promptly removing such equipment from your network.
