Wi-Fi, or wireless fidelity, is a term promulgated by the non-profit Wireless Fidelity Alliance organization to designate products adhering to the IEEE 802.11 standard for wireless LANs. A Wi-Fi network broadcasts a radio signal, operating in the unlicensed 2.4 and 5 GHz radio bands, with a data rate of between 11 (IEEE 802.11b) and 54 Mbps (IEEE 802.11a).
"A new generation of 'Wi-Fi certified' wireless products have emerged which not only incorporate state-of-the-art security measures, but also ensure interoperability across Wi-Fi certified products from different manufacturers. "
Benefits of Wi-Fi:
With Wi-Fi networks, an entirely new set of benefits and services can be offered:
· Access to the wired corporate network and the Internet for laptop users and guests, anywhere within corporate offices
· Freedom from wire connections, making it easy to move office locations without incurring network wiring costs
· True modular phone access within corporate buildings, where service is frequently spotty, by using Wi-Fi gateways to route phone calls and signals from other hand-held devices
· "Last mile" installations in which calling might be inconvenient or expensive
Planning the Installation:
The first step in any wireless installation is planning. That is, you must first determine who needs wireless access, where the users will be, and how they will access the network. It is recommended that you perform a walkabout of the area and obtain a blueprint of the building.
A Wi-Fi radio signal has a range of about 100 to 300 feet indoors, and up to 2,000 feet outdoors. And an access point can handle from 10 to 30 users, depending upon use patterns. For highly-populated cubicle areas, for example, multiple access points may be needed. Possible obstructions must be identified, as signals will pass through most walls but will stop at metal obstructions, such as elevator shafts. Also, overlaps in coverage should be built in to avoid blind spots.
Second, obtain the necessary equipment. Unless you have only a few users and will be using a peer-to-peer network, you will need base stations as determined by your plan. For the office, companies such as Cisco, Symbol, and 3Com offer enterprise-grade office equipment with the latest security features. To avoid conflicts, buy all equipment from the same company, and make sure that adjacent access points use the same frequency but different channels.
Securing the Network:
Securing the network is particularly important given the significant vulnerability of wireless networks. However, there are a number of technologies available today that can make your wireless network as secure as your wired network.
· WPA. Wi-Fi Protected Access (WPA) is a standards-based security technology which secures Wi-Fi networks. WPA comes in two versions, a personal edition and an enterprise edition. The enterprise edition provides 128-bit data encryption, including dynamic session keys, as well as strong access controls. WPA2 provides government-grade security with FIPS 140-2 compliant AES encryption. It is important to note, however, that WPA and other wireless encryption methods protect only activity between Wi-Fi enabled computers and Wi-Fi certified access points. Once the data is on public networks or on the Internet, your data will again be vulnerable unless other measures are taken, such as SSL.
· Media Access Control (MAC) Filtering. Every Wi-Fi radio has a unique MAC number. Access points can be programmed to only accept specified MAC addresses, thereby ensuring that only authorized users have access to the wireless network.
· Closing Your Network. To counter scanning tools which can find and tap into wireless networks, you should disable network name or SSID broadcasting at all access points. This will ensure that your network is not shown on a list of networks available to outside users.
· Virtual Private Networks. A VPN creates a "virtual tunnel" from the user's computer to the corporate system, encrypting data transferred to computers outside the corporate offices. VPN technology also works for wireless networks and can protect transmissions from Wi-Fi equipped computers to corporate servers.
· Remote Access Dial-Up User Service (RADIUS). RADIUS is standard authentication technology used by many corporations to protect access to their wireless networks. It uses a user name and password scheme to verify the user's access rights to the network, and various levels of access can be enabled.
· Other Security Measures. Some sort of firewall is essential to securing a wireless network. Some Wi-Fi gateways and access points provide a built-in firewall. But if yours does not, you must protect your network with a firewall just as you would with your Ethernet or other wired network. For those with a preference for Kerberos-based security, Kerberos can be implemented for wireless networks as well. And the Wi-Fi Alliance has developed security standards such as 802.11i and 802.1x which use advanced encryption technologies such as AES and TKIP, as well as secure key-distribution methods.
Conclusion:
With the host of wireless security technologies now available, there is a security solution available for nearly every wireless network. No longer is there any reason for corporate IT departments to balk at offering wireless services to their users.
About Jonathan Coupal:
Jonathan Coupal is the Vice President and Chief Technology Officer of ITX Corp. Mr. Coupal manages both the day-to-day and strategic operations of the Technology Integration Practice Group. Among Mr. Coupal's greatest strengths are evaluating customers' unique problems, developing innovative, cost effective solutions and providing a "best practice" implementation methodology. Mr. Coupal's extensive knowledge and experience enables him to fully analyze client systems to recommend the most effective technologies and solutions that will both optimize their business processes and fulfill immediate and future goals. Mr. Coupal and his team build a high level of trust with clients, establishing ITX as their IT partner of choice.
Mr. Coupal holds certifications with Microsoft and CompTia, including MCSE, MCSA, Security+, Linux+ and i-Net+, and served as a Subject Matter Expert (SME) for the development of the CompTia Linux+.
0 comments:
Post a Comment