LAS VEGAS -- Now that wireless networks are becoming as complicated as wired networks, a panel of experts at Networld+Interop said Tuesday that wireless LAN (WLAN) implementations now require the same careful planning and complex, dynamic security to meet growing business needs.
Enterprise wireless networks are being used by a range of individuals, but not all users should have the same access capabilities, said Merwyn Andrade, chief technology officer of San Jose, Calif.-based Aruba Wireless Networks Inc. Wi-Fi networks also carry applications as diverse as phone calls and e-mail that have very different requirements.
"What was once a simple matter of adding wireless access points to a network is now a holy mess across the entire network," he said.
Step 1: Assessment
The first step to deploying Wi-Fi in a complicated environment is finding out what is already happening in the wireless environment, said Diane Schmidt, director of product marketing, Ethernet switching and WLANs at Brampton, Ontario, Canada-based Nortel Networks Corp. One recent check of the airwaves at Nortel's offices netted dozens of unauthorized access points, she said.
Schmidt said that until a business has developed a wireless device policy, it should block rogue access points by interfering with the signals.
That is something that appealed to attendee John Mortensen, a senior network administrator with the Northrop Grumman Federal Credit Union in Gardena, Calif. He said his organization has put off deploying a WLAN because it has other budgetary priorities right now.
For that reason, Mortensen said the organization has been concerned about rogue access points. It sweeps for them occasionally, but he said blocking them completely would be a better solution.
Step 2: Usefulness
Once a business has decided to implement Wi-Fi, it needs to determine who, where and how it will be used. That will not only make the roll out go more smoothly, but will also aid in developing a sound security policy, said Philip Kwan, director of enterprise applications with San Jose, Calif.-based Foundry Networks Inc.
Another key component of a successful implementation is understanding what applications will run over the network and how they will be used, Schmidt said. Voice packets, for example, are very sensitive to latency. That means that roaming between subnets, which can require a user to reauthenticate, can be problematic, as can high levels of encryption, which can also cause latency.
Kwan suggested seeking out wireless products that use hardware rather than software-based encryption because they will perform better.
Whatever security solution an enterprise chooses, it needs to be able to support different levels of encryption for different applications, Schmidt said.
If it is likely that voice traffic will use the wireless LAN, it also important that the firewall can filter traffic in the most common VoIPs, including H.323, SIP and XML.
Step 3: Security
Businesses should take advantage of new abilities to divide users into groups and restrict access based on user needs, Kwan said. That theme appealed to Bobby Magee, a microcomputer specialist in the Texas A&M University athletics department in College Station, Texas.
The media organizations that cover football and other sports have been clamoring for Wi-Fi in its sports stadium, so they can file stories and photographs more quickly, Magee said. But school officials want the department to use a virtual private network (VPN) over its WLAN.
VPNs are often cumbersome to deploy and must be managed by the university IT department, which would prohibit the media from using the Wi-Fi network, Magee said.
Instead, Magee is considering a wireless switch architecture that would enable him to segregate users based on the groups to which they belong. He would turn access on and off as he pleases, monitor individual users via MAC addresses and even throw users off the network if warranted.
That level of detailed management is now available for 802.11 networks, Kwan said. Given the ever-changing ways that businesses are using wireless, he said, it is very necessary.