implementing wlan 80211b 80211g 80211a 80211iImplementing a WLAN: Good Planning is the Key to Success Introduction Wireless LAN (WLAN) technology has matured and become a practical alternative to traditional networks. It offers the kind of anywhere/anytime Channelization and deployment standards play an important role in WLAN implementations. A channel represents a narrow band of radio frequency. Since radio frequency modulates within a band of frequencies, there is a limited amount of bandwidth within any given connectivity that today’s highly mobile workforce has come to expect. Wireless LANs can provide full access to network resources from any place within range of an Access Point (AP). range to carry data, which impacts the overall capacity of the WLAN. It is important that the frequencies do not overlap or the throughput On one level, a wireless LAN is very much like a wired LAN. There are endpoint devices (servers, workstations, printers) enabled by network would be significantly lowered as the network sorts and reassembles the data packets sent over the air. There are a few basic deployment cards and data is transferred with network communication protocols. Instead of traveling on fiber or copper, data is transferred with Radio standards from which to choose, with more being tested. Four considerations will be discussed in this paper, including 802.11b, 802.11g, 802.11a and 802.11i. Frequency (RF) signals. Wireless LANs make it easier for employees to stay on line and in touch. The increased flexibility of Wireless LANs enables more Data rates up to 6 Mbps of effective throughput (throughput used for data transfer vs. overhead) can be supported with an 802.11b deployment. productive work teams, supports greater employee collaboration and contributes to employee satisfaction. Workers like the mobility and This selection is often chosen if there are a small number of users per AP, if WLAN access is needed for handheld PCs or if an existing sense of empowerment that a WLAN can provide. 802.11b WLAN needs to be expanded to accommodate more traffic. 802.11b does penetrate walls and provide good indoor range. To Since it has become a popular technology used within a residence, many businesses are familiar with the basics of wireless networking. prevent interference with other equipment, the physical environment should be free of other wireless devices, such as cordless phones, The ease of setting up a WLAN is contributing to its rapid adoption. However, a successful WLAN implementation requires the same kind of microwaves or elevators utilizing the same 2.4 GHz frequency. advanced detailed planning and attention to detail as any other network deployment. Because it can provide effective throughput up to 25 – 30 Mbps, 802.11g may be a good option for businesses needing more throughput. Businesses using an existing 801.11b network can upgrade to 802.11g since they both operate on the 2.4 GHz frequency. Applications needing Networking Requirements Analysis and Deployment Considerations high bandwidth and speed, such as large graphics, audio, data and video files, are commonly used with this selection. Similar to 802.11b, 802.11g The first step in a WLAN implementation is to conduct a thorough business analysis to verify that wireless technology will meet business penetrates walls, offers good indoor range and may experience interference from other devices on the same frequency. needs and deliver the required functionality. The physical environment (indoors, outdoors or both), the kind of traffic the WLAN will need to Another deployment selection that offers enhanced throughput to support applications requiring high bandwidth is 802.11a. This carry (data, voice, video or all of the above) and the type of business function it is intended toserve (such as conferencing, customer service selection provides lower interference with other devices than 802.11b, but typically has a slightly shorter indoor and outdoor range than or sales support) should be considered. It is also important to factor in future application requirements, growth and scalability as part of the initial assessment. 802.11b and 802.11g. 802.11a operates on a 5 GHz band, which is a different and wider frequency spectrum than 802.11b and 802.11g, allowing more channels and more overall throughput. The wider frequency band allows 802.11a to support up to eight non-overlapping channels. 802.11b and 802.11g support up to three non-overlapping •5 – 10 power users who are constantly on the network and deal with large files channels. Frequency ranges and channels may vary by country. Toincrease capacity, more APs may be added, which gives users more opportunity to enter the network. Networks are optimized when the The number of radio frequency channels required by an organization is determined by assessing usage requirements. For example, a public APs are set to different channels. hotspot such as a lobby can usually be well supported by the 802.11b standard for e-mail support or viewing web sites. A conference room A newer standard that has been developed addresses security weaknesses regarding both authentication and encryption protocols. may be better served by the 802.11a standard for transfer and collaborative work with data files. A home office might be best suited by a 802.11g-based network to help enable good application This selection, 802.11i, encompasses 802.1X, Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES) protocols. performance for virtual office workers. The number of simultaneous users that an AP can support depends mostly on the amount of data traffic traveling at a time (heavy versus light The Site Survey With the requirements and deployment confirmed, it’s time for a site survey. The best surveys are done literally on-site. Modeling tools downloads and uploads). Bandwidth is shared among users on a WLAN as with wired network connections. Network performance, as gauged by can simulate an environment without an actual visit, but they are only as good as the source data. Key elements to be determined in this the number of simultaneous users, hinges on the combined computing activity. For example, with 802.11b, each hardware access point has up to survey are identifying the number and placement of APs and assessing the attenuation of radio frequency obstacles. 6 Mbps effective throughput. This capacity is adequate for: The speed at which a WLAN performs depends on many things, such as the efficiency of the wired network, the configuration of the •15 – 25 nominal users who are mostly idle and check on occasional text based e-mail building, and the type of WLAN employed. As a general rule for all WLANs, data throughput decreases as the distance between the •10 – 15 mainstream users who frequently use e-mail and download and upload moderately sized files WLAN access point and the wireless client increases. An assessment of AP signal strength using various antenna and AP configurations Obstruction Degree of Attenuation Example Open space None Cafeteria, courtyard Wood Low Inner wall, office partition, door, floor Plaster Low Inner wall (old plaster lower than new plaster) Synthetic materials Low Office partition Cinder block Low Inner wall, outer wall Asbestos Low Ceiling Glass Low Non-tinted window Metal tinted glass Low Tinted window Wire mesh in glass Medium Door, partition Human body Medium Large group of people Water Medium Damp wood, aquarium, organic inventory Bricks Medium Inner wall, outer wall, floor Marble Medium Inner wall, outer wall, floor Ceramic (metal content or backing) High Ceramic tile, ceiling, floor Paper High Roll or stack of paper stock Concrete High Floor, outer wall, support pillar Bulletproof glass High Security booth Silvering Very High Mirror Metal Very High Desk, office partition, reinforced concrete, elevator shart, filing cabinet, sprinkler system, ventilator helps determine the number and placement of required APs needed to provide adequate radio coverage. This process involves: One way to make a WLAN more secure is to limit its reach. At the design stage, the WLAN’s engineers should be clear about how far •Gathering facility drawings and blueprints, documenting wiring such as the location of host systems and documenting power outlets and structural elements (such as metal firebreaks and walls, and wide wireless access is really needed, so they can select APs that will shape the signal’s range and direction. It’s also a good idea to isolate the WLAN from the rest of the network with an internal firewall or Wireless DMZ. doorways and passageways). •Assessing environmental radio coverage including the selection of AP devices and radio for the installation areas where signal interference is avoided or minimized. The optimal positioning of Several security technologies can provide added levels of protection for WLANs: access points and antennas is also determined. •Service Set Identifier (SSID) identifies the WLAN. Clients must be configured with the correct SSID to access their WLAN. The SSID should not be broadcast and the key should be shared only with •Assessing channel interference and conducting testing to help ensure radio transmissions do not overlap. those having legitimate need to access the network. Finally, the SSID should be changed periodically. •Choosing antenna placement including positioning of omnidirectional and directional antenna. •Media Access Control (MAC) is access based on a filtering system of MAC addresses configured for a specific LAN switched port. It restricts WLAN access to computers that are on a list created for •Establish diversity reception including overcoming interference or fading by positioning multiple antennas in certain locations. each AP on the WLAN network. It also restricts the connection of APs and the LAN switch port. •Assessing electrical systems including review of AP electrical installation alternatives to prevent performance degradation on inherent or random electrical problems. •Wired Equivalent Privacy (WEP) is an encryption method that protects WLAN data streams between clients and APs as specified by the 802.11 standard. There have been flaws identified in this •Redundancy should be considered for conference rooms, cafeterias and other multiuse spaces to help ensure good throughput. security mechanism and its effectiveness is uncertain. Attenuation of radio frequency obstacles should also be considered as part of the site survey and assessment. Both the ability of radio waves •IEEE 802.1X is a security standard featuring a port-based authentication framework and dynamic distribution of session keys for WEP encryption. A radius server is required. to transmit and receive information and the speed of transmission are impacted by the nature of any obstructions in the signal path. The illustration on page 2 shows the relative degree of attenuation for common obstructions. •IEEE 802.11i is an upcoming security method being developed by the IEEE that features 802.1X authentication and includes Advanced Encryption Standard (AES) for added protection. Another enhancement, Temporal Key Integrity Protocol (TKIP), allows encryption keys to be changed frequently. Wood floors can cause floor-to-floor interaction between APs. It is important to ensure that channel selections are appropriate for vertically adjacent access points. All office and room doors should be closed before beginning the survey in order to assess reception at its •Wi-Fi Protected Access (WPA) is a method that addresses the encryption issues of WEP by utilizing Temporal Key Integrity Protocol, which wraps around WEP and changes the encryption key lowest level. The corner of a room should be avoided as a placement area for an access point. If placed in a corner, about 75% of the AP frequently. WPA also includes the authentication benefits of 802.1X. coverage is wasted. This also gives unauthorized users outside the room a better chance to access the AP. •Extensible Authentication Protocol (EAP) is a point-to-point protocol that supports multiple authentication methods. The support of EAP types depends upon vendor implementation. EAP provides the Tounderstand what other frequencies might be present in the proposed WLAN space, surveys should also include an RF spectrum analysis. framework for the client, the authenticator (the wireless access device or access point) and the authentication server to authenticate Security Considerations Security is often cited as a key concern in a WLAN implementation, as it can be a potential open door to the network. Before deployment, each other and communicate the encryption keys. Providing security features to a WLAN involves coordinating multiple elements. WPA protocol is normally recommended over WEP protocol. the WLAN’s security issues should be clarified stating clearly what kind of authentication measures and encryption methods will be used. Strong encryption should be used and the default administrative password should be frequently changed. A “strong” password should Developing and documenting a WLAN security policy is a good first step. Many security breaches can be traced to policy failures, not be used, containing at least eight characters, with a combination of letters and numbers. The Service Set Identifier (SSID) should not be technology failures. WLAN security policies should be similar to any other network security policy, with a stated purpose, a clear scope and broadcast because it forces users to know the name of the network in order toconnect. Rogue users won’t see the WLAN as an assigned responsibilities. available network. Regular network audits should be performed to identify and disable or reconfigure rogue APs. Rogue APs are those installed without the IT Automotive Company Overcomes WLAN Design Issues department’s knowledge. These APs are not configured with any security settings and may leave an open door for unauthorized access Business Situation to the network. Some rogue APs may not be connected to the network. However, due to their presence, users may attempt to use An automotive manufacturing company wanted to implement a WLAN to help boost productivity and the AP by providing valid user authentication information (such as user ID and password), which can be retrieved via other methods such as efficiencies for multiple business units. The network design needed to handle several diverse requirements: unauthorized hacking and exploitation. From a physical standpoint, in areas requiring limited access, access points should be placed adjacent to or straddling the high-security area. •Each business unit required separate access to specific resources – segmentation and separation of resources was required for confidentiality Businesses may want to consider making the use of virtual private networks (VPNs) part of their security policy. In doing this, users •The same wireless network needed to provide access to guests as well as internal restricted resources would need to use a VPN to enter the corporate network through a wireless access point. •Guests should only have access to the Internet Equipment With the right up-front planning, the actual implementation of a WLAN is largely a plug-and-play activity. WLANs are engineered with a few •Wireless access could not reach beyond the host buildings types of components. A typical network infrastructure is composed of the following equipment: •The wireless network needed to have a variety of security features to help prevent it from being a gateway into the rest of the corporate network •Hardware – WLANs consist of two main building blocks, including an AP that connects to the network and a wireless adapter installed in the computing device. Networking Solution Senior Security Consultants were provided to review the current network design. A wireless site survey was •Access point (AP) – An AP is a small box, usually with one or two antennas. This radio-based receiver/transmitter is connected to the wired LAN (or broadband connection) using Ethernet cables. performed to identify access point and signal strength needs. Authorized wireless hacking methodologies, such •Antennas and bridges – Antennas enhance radio frequency coverage, extending the range of an 802.11 WLAN (See the Age of the Wireless LAN for more information). Bridges provide a point-to- as wireless detection, sniffing and network scanning, were conducted to check the performance of the design. Several troublesome design issues were discovered, including: point wireless connection between two LANs. •The signal was available in the parking lot and beyond •Wireless adapter – A wireless adapter functions like a network interface card (NIC) in that it allows the client computing device access to the network by means of the wireless AP. •There was no authentication on the WLAN •The WLAN was connected to the server segment without a firewall •Clients – Clients are items such as workstations, laptops, phones, printers or other WNIC-enabled devices. Authentication issues were rectified by implementing Wired Equivalent Privacy (WEP – is a scheme that is part Most devices on a WLAN are referred to as stations and are equipped with Wireless Network Interface Cards (WNICs). A service set is a of the IEEE 802.11 wireless networking standard to help secure IEEE 802.11 wireless networks), which was the only collection of stations that can communicate with each other. Service sets are connected at some point toa Distribution System, which is safeguard available for the procured equipment. Configuration changes and detailed network design recommendations usually a wired LAN. were provided to restrict access to the WLAN, restrict access between the WLAN and the corporate network and Depending upon security requirements and policies of the user, an authentication server may be needed to validate the user and the AP. address common architectural practices. Specifically, the company was shown how to restrict users to appropriate A management server may be needed to help monitor and maintain the WLAN. Advanced network management may require a gateway network resources. For example, lobby guests were segmented away from the rest of the network. Finally, server that provides Quality of Service for different groups of users and applications. corporate servers were firewalled away from the wireless LAN and additional layers of authentication were It is important to check for interoperability between the network infrastructure and client-side WLAN components. It is also important implemented to help ensure authorized access. The automotive manufacturer was left with a WLAN solution to verify that the clients are on the correct frequency by selecting appropriate channels on the APs. 802.11a products are inherently that helped improve employee productivity and accommodate the access needs of the business. operate on separate frequencies. Even though 802.11b and 802.11g products operate on the same frequency, due to modulation programs providing wireless connectivity to a small segment of a larger environment. Other times, a wireless network solution must be differences, they need to be designed for dual mode operation or upgraded to ensure compatibility. implemented across the entire organization. Many businesses take a Build-and-Test approach, bringing up one segment of the WLAN at a APs should be placed in strategic areas to provide adequate coverage. Many IT managers avoid outside facing walls to help minimize security time, then testing and approving it before moving on to the next segment. Each segment test also checks the deployed security features. threats from people in parking lots. Overlapping of coverage is important for maintaining a continuous connection around a building. Summary WLANs help increase productivity and team collaboration and help facilitate more efficient decision making. Compared to a wired APs should be set to different channels to avoid cross talk, or colliding with signals that degrade performance while the data packets are sorted and put together correctly. network, WLANs can provide a more flexible technical infrastructure, at a reduced cost. Since they can be installed or relocated quickly, WLANs offer natural business continuity advantages. New architectural direction incorporates wireless band controllers to support APs. The controllers do authentication, aid in QOS, and collect statistics. Today, that information allows for a more scalable implementation. A successful WLAN implementation is a matter of striking the right balance between functionality, performance and security objectives. With careful planning and the right advice from experienced professionals, businesses can expect to benefit from what the wireless technology has to offer. Roll Out Once the design of the WLAN is established, it is important to develop a plan for deployment. Deployments sometimes consist of pilot For more information contact yourRepresentative or visit us at |
|
In cities, towns and remote locations, mini satellite dishes point attentively to the Southern sky. Emblazoned with names like DirecTv,
ExpressVu, DirecWay, Web Conferencing, iNetVu, Linkstar, XM Satellite Radio, Sirius Satellite Radio
iDirect their numbers are growing at an amazing rate. Iridium Satellite Phone is the only provider of truly global satellite
voice and data solutions with complete coverage of the earth (including oceans, airways and Polar Regions).
Get the latest buzz on Free satellite tv systems - including the features and benefits that make them today's ultimate television viewing experience.(Get Dish)
Ever wonder why these satellite dish systems are in such great demand?
Does high speed internet service or digital television programming via satellite intrigue you?
If you've never heard of Cheap VoIP, get ready to change the way you think about long-distance phone calls. VoIP, or Voice over Internet Protocol, is a method for taking analog audio signals and turning them into digital data (IP packets) that can be transmitted over the Internet. |
