Thursday 30 May 2013

Planning a wireless network?

Having worked in IT for a number of years, I remember planning wired networks, where we could work out easily how many points were needed for a network.  It was two network points per desk for the computer and telephone, and the odd point for printers and fax machines around the office.

Fast forward to the current day, and as well as the wired network, we have to consider what the wireless requirement is.  We are all aware of bad wireless deployments, where laptops revert to using a cable.  Some of the challenges were discussed in a previous blog post, "They even have wireless internet now!"

There are a number of considerations, challenges and questions that need to be addressed prior to tackling a wireless network project.

There is a need to understand what sort of access is required, and how you determine your policy and strategy can begin with the following questions:
  • What devices are you allowing to access the wireless network?
  • Will these devices be part of a BYOD (Bring Your Own Device) initiative, corporate devices supplied by the organisation or a mixture of the two?
  • Which parts of the network will these devices access, the corporate network or a guest network?
  • Will the devices be segmented by whether they fulfil a policy criteria, such as OS, AV, etc, using a NAC (Network Access Control) solution?
Understand the devices that will be access your network and determinerning whether these devices have a 5.0GHz AN wireless card, or a 2.4GHz BGN wireless card. Understand how many devices will be used, as some people carry three or four wireless enabled devices!

Understanding the number of devices and which frequency they can work in, means that channel conflicts can be dealt with at the planning stage, rather than trying to fix it post installation.

Sounds straight forward, but you'll need to know which areas will require wireless coverage.

Will your users need to roam with their devices?  Some wireless solutions deal better with roaming than others, so should a be a consideration when looking at the different vendor offerings.

Wireless networks can go beyond the confines of your building or coverage area.  With correct access point placement or signal manipulation, the wireless footprint can be made to fit the building, reducing the likelihood of access from outside the area of coverage.

Once you know which areas need wireless coverage, you'll need to understand the density requirements.  For example, a lecture theatre may have a requirement for up to 500 wireless devices connected at once, while the office down the hallway may have a requirement for one wireless device.  By understanding density, we can tackle how many radios are required in each area.

Another consideration is bandwidth, what do these devices need to do once they have access to the wireless network.  Do they need basic web access, streaming video, video conferencing or voice over wifi?  These all have differing demands on bandwidth, so it is essential the bandwidth requirements are met to give a good user experience.

It is shocking to see there are still a large number of unencrypted or open wireless networks out there.  We all know we should encrypted our networks, but depending on the solution this can cause large overheads on the network, especially with the traditional controller with controller-less access points, where the packets have to be sent back to the controller for decryption.  Open networks run quicker, but that doesn't mean we should configure them like that!  Protect that network, especially if it's offering corporate network access, and your footprint exceeds the building.

Is there a provision to the deal with the threat of rouge access points, which effectively extend your wired network via a wireless access point you are not aware of?  There are normally provisions for web filtering within an organisation, but what's to stop your corporate devices joining a neighbouring wireless network and getting unfiltered access (and the associated threats and malware) from the internet onto devices on your network?  How do you stop a device from becoming a wireless hotspot, even after they fulfil the policy laid down by your NAC solution?

The consideration with wireless is about access, but security comes a poor second when planning the network.  Ensure that there is a level of intrusion prevention on your wireless network, if you want to properly secure it.

(Can you spot the rogue access point here?)

To what end?
With a greater understanding of the various areas touched upon above, you can ensure you have a successful wireless deployment, that is secure, requiring little administration and exceeds the expectation of the user.

No comments:

Post a Comment