by Michael Brandenburg, Technical Editor
Wireless local area networks (WLANs) have a broad range of communications and security standards that will probably continue emerging over the years as technology advances. With each new iteration of the WLAN communications standard, performance and functionality has been enhanced, evolving the standards into a real alternative to wired Ethernet for primary corporate access. Unfortunately, this progress has made the 802.11 standard an alphabet soup of protocols and options that can be daunting for all but the most experienced wireless engineers. But there are several communications and security standards that every IT administrator should be aware of.
The latest of the wireless standards, 802.11n, adds speed and functionality to the WLAN that was not possible with the 802.11b and 802.11g technologies that came before. The performance enhancements come from 802.11n access points that utilize Multiple Input Multiple Output (MIMO) antennas, a technology that can lower transmission errors and improve efficiency. With a theoretical maximum throughput of 600 Mbps, 802.11n actually offers speeds comparable to 100 Mbps wired networks and, as such, many enterprises are using wireless networks as the primary means of network access.
802.11n is also the first in the wireless networking standards with the ability to operate in both the 2.4 and 5 GHz bands and to provide legacy support for older wireless standards. Known as hybrid mode, an 802.11n access point can also serve 802.11b/g clients in the 2.4 GHz channels or 802.11a clients at 5 GHz, albeit at a performance cost for actual 802.11n-capable devices. Access points forced into a hybrid mode cannot take advantage of channel bonding, for example, limiting 802.11n clients to the same 20 MHz of channel capacity as older clients. To support a mix of wireless clients while delivering the maximum speeds for everyone, many enterprise WLAN vendors and integrators suggest deploying dual radio access points. With a radio for each frequency range, these 802.11n access points can serve 802.11n clients in the 5 GHz range, for example, in a native or greenfield mode that can take advantage of all of the available functionality of the standard while using the second radio in hybrid mode to serve legacy clients in the 2.4 GHz spectrum.
With ratification of the new "n" standard finalized in late 2009, any remaining roadblocks for migrating from 802.11a/b/g technology to 802.11n have been removed. With ratification of the standard behind it, 802.11n has become the go-to choice for any new deployments. Of course, not every enterprise is ready to jump onto the 802.11n bandwagon. Whether a wholesale upgrade is not in budget or the company simply does not yet have wireless clients that support the new standard, many enterprises are not in a position to swap out their entire wireless infrastructure to embrace the new capabilities of the standard. Fortunately, with backward compatibility and hybrid mode, 802.11n access points can be rolled out gradually to sites that can take advantage of the higher performance, as long as a number of design considerations are taken into account.
Understanding WLAN security standards
Unlike wired networks, wireless access is not limited to the physical confines of your company's facilities, meaning that without adequate measures, an enterprise's data is available to anyone within range of the access points. A multi-pronged approach to security is necessary to address the unique nature of wireless networks. First and foremost, encrypting the data exchanged between the access points and clients is a necessity. The first attempt at encryption was known as Wired Equivalent Privacy (WEP), but as a result of flaws discovered within the protocol, it has been replaced with Wi-Fi Protected Access (WPA) and more recently WPA2. Each successive encryption scheme has ramped up the level of protection, but enterprise administrators still have to be ever vigilant in guarding against continuing threats to their wireless networks and corporate data and adjust their security strategy to deal with them. For some market verticals, such as the retail industry, this is not only a wise practice but a requirement for compliance with the Payment Card Industry Data Security Standard (PCI DSS), designed to ensure that customer credit card data is protected.
Encryption is only one of the weapons at IT's disposal for securing wireless networks. Wireless Intrusion Prevention Systems (WIPS), available from the WLAN vendors themselves, as well as third-party solutions, actively scan for attempts to break into the wireless network and search for rogue devices, alerting administrators to any of these threats. A rogue access point, for example, could be something as innocent as a misguided employee bringing in a consumer unit for convenient wireless access or something as malicious as a hacker attempting to gain access. Either way, rogue devices create a back door into the enterprise network. WIPS solutions are designed to identify, locate and remedy these security gaps.
Finally, an often-overlooked security concern with wireless is guest access. While it is relatively straightforward to open up wireless networks for customers, vendors and suppliers while segregating them from the primary network, there could still be a corporate liability for what these guest users actually do with that access. Furthermore, any completely open network gives hackers, spammers and so on a place to launch their attacks. Fortunately, advanced guest access solutions are available, forcing an authentication step before allowing access. Known guests can be quickly supplied with credentials with a predetermined revocation time. These types of solutions allow administrators not only to control who is utilizing their wireless networks but also to keep track of what guest users are actually doing with that access.
This was first published in June 2010