By Team Digit Published Date
01 - Apr - 2005
| Last Updated
01 - Apr - 2005
Computers invaded us, and won. The very nature of businesses today demands mobility and instant, anywhere access to critical information. While the Internet has given us this much-required data mobility on a global scale, the same does not hold true within our own offices. Unfortunately, the desktop has been the ruling party so far, and mobile devices are only just gaining popularity.

We tend not to realise how chained we are to our seats at work. Executives jet across the world, access their e-mails in airports worldwide, meet with clients in hotels and restaurants, and download presentations; yet, within their own offices, they are confined to a 4 x 6 foot space called a cubicle-and all because of a short wire with an RJ45 connector on one end. Networking, the bane of mobility!

Vying With Wi-Fi
If this were the company awards ceremony, we would have numerous distinguished speakers gushing superlatives, introducing the persona that single-handedly revolutionised mobile computing. Yes, that's perhaps the most apt introduction to Wi-Fi. Without it, every mobile device, from laptops to PDAs, would be nothing more than external hard drives-absolutely useless on their own, but great for transporting data from one network to another.

But should all businesses set up a Wi-Fi network? If only it were that simple! New companies have no problem deciding: Wi-Fi is the way to go-the setup is quick, easy and affordable, and shifting offices is as easy as packing and unpacking the equipment. However, existing businesses really have to weigh the mobility offered against the costs. If you have a huge inventory management setup, and lots of employees using equipment such as laptops and barcode scanners, you should seriously consider Wi-Fi as an option.

Access Point Antennas 
Perhaps the most ignored feature when choosing an access point, antennas should be given considerable thought. Most access points come with omni-directional antennas, which means that the access point sends out a signal in the form of a sphere all around itself. This is especially useful when placing an access point in the centre of a smaller office, as it can cover the entire office area easily. However, it is when we reach larger offices-where numerous access points are needed-that directional access point antennas may offer you some relief.
Directional antennas also offer some relief for those obsessed with security, as you can ensure that all your access points offer a known and fixed coverage area. Directional antenna-based access points could be set to ensure that no one ever gets a signal outside the office walls, and thus cannot hack into the network. Directional antennas also help you plan and position your access points better, so as to offer maximum coverage. Their biggest advantage, however, is the fact that they offer greater bandwidth and range, as a result of being focussed in a single direction.
When deploying a WLAN in a large multi-storeyed office, uni-directional antennas will be needed to ensure that there is no overlap of signals of access points running on the same channel, thus breaking the seamless network.

I'm Sold. What Now?
You need to do a site survey, and then decide upon the number of access points you need in order to be able to provide seamless network coverage. You also need to keep in mind that there's no such thing as a true wireless LAN (WLAN) with no trace of wires. Your servers and access points need to be connected via a regular wired LAN to give them the connection stability they need. You also need to make sure that you overlap the access point coverage areas sufficiently to offer the maximum possible network speeds to your users.

You will obviously need a lot of Wi-Fi-enabled equipment to make use of your WLAN setup, and if this equipment isn't already deployed, this cost needs to be factored in as well.

The Site Survey
A proper Radio Frequency (RF) site survey is a requisite, and it can be done in two ways-as a task left to the firm you hire to deploy WLAN, or done by your in-house IT deployment team. Of course, smaller businesses could have a systems engineer using one access point and a laptop to set up and walk around the site checking signal strengths. Whatever the case, your WLAN deployment needs planning, as anything, from a wall to machinery can disrupt the wireless signals.

You must also consider actual working conditions when planning your WLAN setup. For instance, a warehouse where a site survey is done when there is less activity and no goods are stored; after deployment, however, you may find that running machinery, or even piled up goods, can interfere with the wireless signals.

You should recognise the dynamics of your environment. As explained above, a warehouse may require different deployment tactics than a regular office. In an office, users will be at their desks most of the time. However, a regular office will also have cubicles, walls and other obstructions that will adversely affect the signal.

A Seamless WLAN
A seamless WLAN setup is one where users can stroll across the covered area, and at the same time have constant access to the network. This is easier said than done, and is a lot more complicated than just setting up access points to cover the desired area. The 802.11 specification offers 14 different channels, or frequencies, at which access points can be set. The problem is, these frequencies are too close together-a difference of just five MHz between channels-and interference is caused. To overcome this interference, the three standard channels used are 1, 6 and 11. To offer seamless roaming around the coverage area, you will need to ensure that any three neighbouring access points are configured to run on these three different channels.

This is easy when setting up a two-dimensional coverage area, say, on a single floor. However, when you have to do this for a building, with access required on multiple floors, sketch a 3D view of your coverage area and make sure that all access points-on all the floors-are set to operate on different channels. A good blueprint of your office building will come in handy. You will also need a wireless network monitoring tool to test the actual setup.

The Interference Dilemma 
The biggest thing that afflicts a WLAN is interference. A WLAN signal is fragile and can easily be disrupted by something as simple as a wall, so the last thing you need are pesky devices sending your WLAN crashing. The 802.11 protocol runs at about 2.4 GHz, and this frequency is prone to interference from numerous sources. The problem with interference is the additional load that is put on your networks. If one wireless device is sending data packets to another, and interference occurs, the receiver gets a packet with errors.
Most often, receivers are programmed to not respond to the sender when this happens, and this results in the sender transmitting the packet once again. The problem here is that all these packets being re-sent can use as much as half your bandwidth, which will hurt the overall WLAN performance. Some devices that can cause interference with WLANs are:

Cordless phones running at 2.4 GHZ
These are the latest cordless phones that offer a longer range from their base station. However, the problem lies in the fact that these cordless phones use the same frequency as WLANs, and thus turn out to be the biggest source for interference. If you have any of these phones installed in your office, you will need to get rid of them whenever you install your WLAN or be ready to face pathetic speeds.

Bluetooth-enabled devices
Many mobile phones and PDAs today are Bluetooth-enabled, and this can cause interference if a user uses such a device where the signal strength of an access point is already low-far away from the access point and close to a device connected to the WLAN. Thankfully, current research, driven by the increase in popularity of both Bluetooth-enabled devices and Wi-Fi, will soon put an end to this menace.

Microwave ovens
Every time employees heat their food, you might find users in the immediate surroundings yanking out clumps of hair. Placing an access point next to a microwave oven is a definite no-no, as these ovens emit signals that clash with Wi-Fi.

Power Cables
Improperly shielded power cables can interfere with wireless signals, and it is best to keep access points positioned away from power cables or power junction boxes.

Other WLANs
Most companies in India share buildings, floors or even offices with other companies.  In such a scenario, a neighbouring office's WLAN could cause interference with your own deployment. This is something you should inspect and test thoroughly when doing your RF site survey.
Every network needs to provide its users with the bandwidth they require, and this is where wired LANs definitely have an edge. A standard wired LAN will offer your users a theoretical bandwidth of 100 Mbps, almost double the theoretical bandwidth of 54 Mbps for a WLAN. However, just as you do not expect the full 100 Mbps bandwidth from wired LANs, you cannot expect anywhere close to 54 Mbps for WLANs.

The most logical calculation is to halve this bandwidth and divide it by the number of users you plan to provide access to in a given area. For instance, if there are 10 users on a WLAN per access point, each user will get 27/10 = 2.7 Mbps of maximum bandwidth, which will suffice for most. Only users who constantly transfer  large files to and from a server will need more bandwidth. Take into account this user-density factor when deploying your WLAN.

Now that you have your WLAN plans in place, your biggest concern will be security. No one wants to have their private office LAN visible to the outside world. Apart from people snooping around your LAN, you will also be put at risk by worms and viruses from neighbouring WLAN setups or wireless devices. What you need to do is ensure that your WLAN is as secure as it can be.

If you are paranoid about security, program each access point to filter requests by MAC addresses

First of all, get a WLAN monitoring tool. In case your system administrators largely use Linux, then 'kismet', the default WLAN monitoring tool for Linux, will do the job. Windows users can choose from a huge list of commercial as well as free tools.

A seamless WLAN will need all access points to have the same Service Set Identifier (SSID). The primary thing systems administrators should do is change the SSID so as to leave others guessing. Default SSIDs for various access point manufacturers are well known, and hence these should be changed immediately. Make sure you don't use your company name or initials as the SSID.

Software Saviours 
Possibly the best way to check your security is to use the very tools someone would use to gain unauthorised access to your WLAN. Here's a short list of tools that are built either to attack or defend:
AirSnort: A WLAN sniffer tool that recovers encryption keys by passively monitoring transmissions. It calculates the encryption key after it has received enough packets. It can be downloaded from http://snipurl.com/dgif
WEPCrack: This uses the latest RC4 key scheduling to crack a WLAN's WEP code. Get it from http://snipurl.com/dgih
NetStumbler: This tool lets you 'discover' any WLANs or access points in your vicinity. This tool can also be used for your site survey, as it will inform you of any existing WLANs that may cause interference or help you know your signal strength at different points. It can be downloaded from http://snipurl.com/dgij
Internet Scanner: The Internet Scanner provides an automated network vulnerability assessment. It performs distributed or event-driven probes of network services, operating systems, routers/switches, servers, firewalls, and application routers to identify potential risks. Try an evaluation version at http://snipurl.com/dgil
Wireless Scanner: This detects and analyses your WLAN access points and clients. It identifies and reports unauthorised and misconfigured devices. Try it by going to http://snipurl.com/dgim.
BlackIce PC Protection: This is a personal firewall for laptops and Wi-Fi-enabled desktops with the ability to protect you from intrusions and client-to-client attacks. Download a trial from http://snipurl.com/dgio
You should also visit www.iss.net, the homepage of Internet Security Systems, a leading security consultant to companies and governments world-wide. Here, you will find some of the tools mentioned above, and also many security solutions for enterprises, educational institutions and even governments.

Also, you must enable encryption of signals so that unauthorised users cannot use wireless Ethernet sniffers to spy on the network. Even the 128-bit WEP encryption is fallible. For details on problems that WEP faces, visit http://snipurl.com/ dggs. The latest 802.11i standard addresses these problems and is recommended for its use of AES encryption.

Turn off broadcast pings to make access points invisible to sniffers and simple network analysis tools. If you are paranoid about security, program each access point to filter requests by MAC addresses, though you will need to add every single wireless device's MAC address to every access point in the network. Or simply secure your network by information overload. Once you set up WLAN, go to http://snipurl.com/dgh4 and download FakeAP. When you run this, any intruder will see thousands of access points-so your actual access points are hidden by vast numbers.

In Sum
Though there are costs involved, and security at stake, the fact is that as wireless technologies get faster, better and more secure, Wi-Fi could give your business a welcome boost of steroids. In fact, in certain cases, you might find that Wi-Fi is the only option.

Look out for the Fast Track book on Wireless Networking, free with the May 2005 issue of Digit!

Team DigitTeam Digit

All of us are better than one of us.