Could your business use wireless LAN?

Businesses like yours are increasingly using Wireless LAN (WLAN) to extend their parameters. No doubt you’re already adopting some mobile elements, be it laptops, smartphones or outside network access. But would a workplace without wires actually make a difference to your business, and is it safe?

The answer to both questions is probably ‘yes’, providing you do it right. A report by Gartner states that up until the end of this year, the misconfiguration of WLAN access points and client software will account for nearly three-quarters of security attacks. However, this need not be the case if implemented correctly and in accordance with the specific needs of the organisation.

ORGANISATIONAL BENEFITS 

WLAN is supporting a new de-facto way of working for many companies, with benefits to both users and IT management staff.

For staff, it represents freedom from their desk. Being issued with a laptop rather than a desktop means that they are on ‘home territory’ wherever they move to, with full access to all the resources to which they are accustomed. This isn’t just a theoretical benefit. In companies where WLAN has been deployed, employees carrying their laptops from meeting to meeting have become a very common sight.

These benefits are amplified when IP telephony is taken into consideration. Whether using a headset with a softphone (an application on the laptop) or a separate wireless handset, WLAN allows staff to remain in telephone contact in the usual manner completely seamlessly, with no requirement for any fiddling with cables.

An interesting side-effect of supporting this working style within business premises is that it promotes the same approach beyond the physical boundaries of the building. Having a laptop means your staff can take their work home with them if a deadline is looming and can work in exactly the same desktop environment as in the office, and with IP telephony implemented they are even available on their usual extension.

For IT managers, the main benefit is that facilitating constant movement of staff around the building incurs absolutely zero management overhead. The management of connectivity all happens automatically in accordance with the initial configuration, and problems arising from worn and faulty sockets become a thing of the past.

Furthermore, if the correct technology and security policies are deployed, your IT manager will actually have a much better picture of the activities of individual users across the WLAN, something that is beneficial both for security and troubleshooting purposes.

And then there are the environmental benefits to everyone in the form of a tidier, cable-free office.

PLANNING FOR WLAN

However, careful planning is neededto obtain all these benefits, along with a thorough understanding of both the organisation’s existing IT policies and all potential WLAN options.

Selection of the right equipment is also essential. A solution that uses a central switch to control both user sessions and access point configuration, such as those provided by Trapeze and 3Com, provides an excellent foundation for simple management of sophisticated installations.

Not only does it provide for robust and transparent management of users, but it also helps to minimise IT department overheads by allowing for the automatic addition of new radios to expand coverage areas, something that has previously been extremely time consuming.

SETTING THE SECURITY STANDARD 

Security has long been a hot topic in WLAN. Since the early days of insecure MAC authentication and static-key Wired Equivalent Privacy, WEP encryption, the IEEE standard, has come a long way.

The introduction of 802.1x authentication has enabled network managers to authenticate users with their standard domain logins, often in a manner that is completely invisible to the user. If you look beyond the jargon this simply means your staff won’t feel like they’re passing through a metal detector every time they log in. Indeed, the sophistication of the security policies deployed to support a new WLAN installation in many cases actually results in the wireless network being more secure than the wired network.

The reason for this is that the vulnerability of standard computer sockets has long been overlooked, as they have always been within the physical confines of the organisation (with access to them subject to the building’s physical security).

Meanwhile, the highly effective WLAN security technology that prevents unauthorised access from, say, the car park is equally effective within the building. This point may be old news for those organisations with tightly controlled physical security, but in organisations where there is a through-put of outsiders (e.g. businesses providing services on their premises), it represents food for thought. What is the point of having secure WLAN if outsiders can gain network access via any of the wall/floor sockets?

It is for this reason that WLAN can be the catalyst that prompts IT managers to review their policies and demand higher standards of wired security than they have had in the past.

Another area in which there have been significant advances is laptop security. It is one thing to ensure that an installed WLAN is fully secured, but if general use of WLAN is also prompting users to connect at home and to public hotspots, then the vulnerability of these machines needs to be considered. Installation of dedicated agent software onto laptops creates the ability to extend enforcement of company data security policies out into the field.

The final piece of the jigsaw is dealing with any threats that do manage to find their way onto the network. As these threats can come from a variety of sources and not just wireless devices, we recommend deployment of a network-wide Intrusion Prevention appliance, such as TippingPoint, that scans all network traffic to identify attacks and implement countermeasures.

IMPLEMENTATION PROCESS

It is all well and good addressing the security and management concerns associated with WLAN, but success or failure is really dependant on the implementation process.

Development of a wireless installation starts with an assessment of customer requirements. We believe the following process works:

1) Physical survey to identify radio locations

2) Project design and scoping

3) Cabling and physical infrastructure upgrades

4) Configuration and installation

5) Support and maintenance

The number of users expected within each physical area is included in the plan. At this stage, ascertain the provenance and suitability of client devices to be included in the wireless network. Once users and devices have been properly identified, it becomes possible to discuss ways the network should be managed and answer questions such as whether guest access is to be provided (and if it should be charged for), how each user/device group is to be secured and how the network is going to be managed.

Network pre-qualification is an important part of this initial work. This not only ensures that your hardware is capable of supporting wireless traffic but also takes into consideration any necessary integration with existing security policy. Working with what you’ve got should cut your overall cost. Once the audit is complete you’ll be able, via your provider or a consultancy, to start deploying.

THE COSTS 

Finally, what does all this cost? In terms of the cost of implementation, for a company employing around 100 where four or five access points will be needed (each can support between 20-25 users) you’re looking at around £8,000. This encompasses hardware, software, configuration, CAD processing, network integration and one year’s support and maintenance. The larger number of people that are covered, the greater the efficiencies of scale.

Gary Duke is the founder and director of WLAN implementation consultancy LAN 2 LAN. Clients include Group 4 Securicor, Mouchel Parkman, Securiplan, QAS and The Prudential and EDF Energy.