Over the past two years, 802.11 challenges have changed, from satisfying basic necessities like security and coverage, to addressing broader deployment issues like management and quality. Our Wireless Advisor tips have tracked that evolution, serving as an on-going resource for WLAN planners and administrators. This month, we pause to review the ground that we have covered together, and to solicit your input for future tips.
Long and winding road to 802.11i and WPA2
In the summer of 2004, the big news was ratification of the 802.11i MAC Security Enhancements standard. After years of WLAN security woes, 802.11i was expected to lay those concerns to rest. The Wi-Fi Alliance test program for 802.11i, WPA2, started to churn out products in 3Q04. But product upgrades take time; Windows XP support for WPA2 did not become available until mid-2005. Although most new 802.11 products now include 802.11i, many companies have legacy equipment that cannot be upgraded to WPA2. Charting a practical 802.11i/WPA2 migration path therefore remains a challenge for many. Tips that address related issues include the following:
- 802.11i: Robust and ready to go (Jul 14, 2004)
Would-be WEP crackers can pack their bags and go home. The long-awaited 802.11i standard WLAN enhancement for Robust Security Networks (RSNs) has finally arrived. What can you expect to see in products, and when?
- Using virtual APs to enable coexistence (Jun 16, 2004)
There are clear benefits to strengthening security, but any upgrade requires both careful planning and coexistence of old and new. This tip describes how virtual access points (APs) can help to enable peaceful coexistence during this transition and beyond.
- WLAN Enhancements in XP SP2 (Aug 18, 2004)
When Microsoft finally released Service Pack 2 (SP2) for Windows XP, this tip drilled into SP2's lengthy list of OS and application tweaks to explore the changes and upgrades that directly impact 802.11 wireless networks and users.
- Upgrading your WLAN to WPA2 (Jun 15 2005)
Once you've decided to move up to WPA2, it's time to start looking for product support. This tip describes what you will need in the way of WPA2-capable APs, wireless adapters, client software, and authentication infrastructure.
When standards are not enough
802.11i was a major milestone for WLAN security, but one standard does not make an entire network secure. WPA2 may secure data in transit, but it doesn't prevent wireless device compromise. WPA2 may define two options for wireless authentication, but deploying those options safely requires care. WPA2 improves security for authorized users, but does not find or stop rogue intruders. Tips that describe how to meet these additional WLAN security needs include the following:
- Spyware: Is someone watching you? (Sep 16, 2004)
WLAN security has long focused on protecting traffic over the air, but far less attention has been paid to securing wireless laptops, PDAs and smartphones. This tip specifically addresses one of today's fastest growing client-side threats: Spyware.
- Locking down wireless hot spots with 802.1X (Oct 20, 2004)
Hot spots can increase productivity, but careless use may lead to compromise. Without protection, passwords and proprietary data sent over the air are easily captured. This tip discusses how some hot spots are now using WPA-enterprise to prevent this.
- Using WPA without Enterprise AAA (Nov 17, 2004)
WPA-Enterprise is great for companies with IT infrastructure and staff, but what about the rest of us? This tip outlines the benefits and limitations of using WPA-Personal and secret passphrases for WLAN authentication.
- Beyond wireless intrusion detection (Dec 16, 2004)
There are many products and services capable of detecting rogue devices, WLAN attack signatures, and deviations from baselined behavior. This tip discusses what else you can expect to find in today's new Wireless Intrusion Prevention Systems.
- Creating a wireless security policy (May 19, 2005)
Deploying a business WLAN without security policy is like piloting an airplane without instruction. You'll may off the ground, but someone is going to get hurt. This tip describes what WLAN security policies should contain and where to find policy templates.
Bigger, better WLANs
As security has improved, other challenges have risen to the top of most WLAN administrator to-do lists. Limited-purpose pilot WLANs have grown into larger production WLANs, running head-long into prime-time issues. How can you expand your WLAN's reach? How can you provide for seamless roaming when users move from AP to AP? How can you configure and control wireless clients on an enterprise scale? Tips that delve into these thorny issues include the following:
- Moving freely between access points (Jan 19, 2005)
Wireless roaming can be magically transparent or frustratingly disruptive. This tip offers simple steps to facilitate station movement between APs in WLANs of modest size, and identifies challenges faced by larger WLANs with more complex topologies.
- Understanding wireless LAN signal strength (Feb 16, 2005)
This tip tries answers the question asked by so many WLAN owners: How can I predict, measure, and improve signal strength? It includes a hot-linked list of freely-available and commercial tools that can prove helpful in this common quest.
- Going The Distance With MIMO (Mar 15, 2005)
IEEE 802.11n is a next-generation WLAN radio standard known as MIMO -- Multiple-Input, Multiple-Output -- that will deliver faster services over greater distances. This tip provides an early look at MIMO products and their reported reach.
- Managing Wi-Fi stations (Apr 19, 2005)
As Wi-Fi becomes pervasive, companies are seeking more control over stations. Defeating risky wireless may start with user education, but what options do companies have to centrally define, configure, monitor, and enforce wireless station settings?
Managing WLAN performance and quality
As Wi-Fi usage evolves from mail checking and web browsing to other business applications, including real-time services like voice and video, WLANs are expected to not only connect but to meet performance and quality requirements. WLAN administrators are increasingly faced with challenges like phantom radio interference and collisions between old and new WLANs. WLAN planners are being asked to develop workable plans to support more demanding wireless applications. Tips that touch on these emerging needs include the following:
- Eliminating interference thru Wi-Fi spectrum analysis (Jul 21, 2005)
WLAN traffic analyzers can help you determine that certain 802.11 stations are experiencing high error rates due to noise. But what is the source of that interference, and how can you eliminate it? This tip explains how to find the culprit using RF spectrum analyzers.
- B vs. G: Understanding mixed WLAN performance (Aug 17, 2005)
There is a price to be paid for backwards compatibility: the presence of 802.11b stations can degrade 802.11g performance. To get the most from your 802.11g AP, it can be helpful to understand the "protection" mechanism that enables B/G coexistence.
- When quality counts: 802.11e, WMM, and beyond (Sept 14, 2005)
The 802.11e MAC Enhancements for Quality of Service (QoS) standard will improve delivery of multimedia data, voice, audio, and video traffic over 802.11a/b/g networks. This tip discusses 802.11e QoS and Wi-Fi Multimedia (WMM), a draft subset of 802.11e.
In a recent Wireless Advisor tip, we broke from our usual tactical advice to discuss WLAN deployment motivations, benefits, and ROI justifications. Last month, we took a brief diversion from 802.11 to consider security threats against Bluetooth. And what do we have up our sleeves for next month?
Well, as 2005 draws to a close, we'd really like to hear from you. What topics would you like to read about in Wireless Advisor tips? Are there new WLAN challenges that you'd like to see us address? Other wireless technologies that you'd like us to tackle? Please send any topic suggestions to [email protected]. On behalf of all those who write tips for Wireless Advisor, we thank you for your interest -- past, present and future!
-- Lisa Phifer, December 2005
About the author: Lisa Phifer is vice president of Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.