Five Ways to Improve Your Wireless Network
While installing a wireless network may seem trendy, it makes good business sense. You have the flexibility and convenience of working untethered, plus you won't have to pay someone to come in and reroute network cables if you hire new employees or reconfigure your office floor plan.
Setting up a wireless network requires thought and planning. We spoke with Doug Potts, a security specialist at CDW, to find out what you can do to ensure their network works as smoothly and as securely as possible. The five steps to improving your wireless network are listed in order of their cost and complexity. Whether you take one or all five depends on the size of your budget and the level of security you need.
1. Set Up Wireless Encryption
You have two types of encryption from which to choose: WEP and WPA with AES encryption. Potts likened 128-bit WEP encryption to a barking dog that frightens off a burglar. "Now AES, that's 256-bit an even tougher type of encryption," Potts said. "That's like having the dog, an alarm system and a guard out front."
According to Potts, the 128-bit WEP encryption can be cracked, but it can take up to four hours of work to do it To date, he says, 256-bit AES has never been cracked.
Most wireless access points (APs) support both WEP and WPA standards, but not all client cards (the Wi-Fi card that plugs into your laptop) support AES encryption, which requires a dedicated chip.
"At the very minimum," said Potts, "everyone running a wireless network should have WEP installed and turned on."
Typically you'll pay about $50 to $100 more for an AP that supports AES. Potts says that if you're installing a wireless network for the first time, it's a good idea to invest in the security features that WPA offers. If you already have a wireless network, Potts recommends upgrading all of your APs to WPA over time as your budget allows.
2. Stick With the Same Vendor
"Some manufacturers build a Turbo mode into their APs and Wi-Fi cards," he said. "It's supposed to double your network throughput, but it only works if all your cards come from the same vendor. It could even be available only on a specific card within a vendor's line."
Potts continued, "D-Link has an AP and a Wi-Fi card that are specific to the Turbo mode feature. The company makes lots of cards and APs, but not all of them support that feature. This is true of most vendors," Potts said.
3. Do a Site Survey
"A site survey will tell you exactly how far your signal reaches," said Potts. "Take your laptop and Wi-Fi card and call up the utility that measures signal strength, [each maker has it's own Cisco's is called ACU] and walk around your office with the utility running. That will tell you how far the signal reaches and the signals strength," said Potts. There's also lots of software that can help you do site surveys, such as the programs from Wireless Valley.
"If the signal's strong throughout the office, then go outside and keep walking around to see how far it leaks," he said. "I work on the fifth floor of a building in downtown Chicago, and when I'm in my office and I turn on my laptop, I can access the unprotected network from the coffee shop on the first floor."
Small businesses need to be aware that their network's AP signal could be traveling further than they want and creating a potential security breach. Potts pointed out that encryption offers a good deal of protection, but the longer someone has access to your network, the greater the chance they can crack it.
"Remember WEP encryption can be cracked," [argh] said Potts. "If your signal leaks out into the parking lot, you're giving someone the time and opportunity to hack you. If the signal's contained to your office, you significantly reduce the likelihood of an outside attack."
4. Place Your Wireless Network on Its own VLAN
"Not everyone needs to know everything," said Potts "This is a way to add a layer of internal data protection to your business." This is a somewhat more costly addition to a wireless network, but a good option if your business requires compliance with HIPAA or other types of state and federal regulations or you want to make sure that your personnel or other backend data isn't readily accessible.
Potts pointed out that high-end equipment manufacturers typically support VLAN capability. "You'll find VLAN in Cisco, Proxim and 3Com products," said Potts, "but not in Linksys, D-Link or NetGear."
5. Set Up a Secondary Authentication Mechanism
"Of these five steps, this is the most expensive option," he said. "A company would need to invest in a RADIUS server, which can range anywhere from $3,000 to $8,000 dollars depending on the size of the company."
However, a number of low cost solutions for small businesses exist to help them use authentication servers that utilize the protocol called 802.1X. They include software packages like LucidLink or Elektron that runs on a local computer to turn it into a RADIUS authentication server, or hosted RADIUS like WSC Guard or WiTopia.net.
What kind of company would need this high level type of security? "This is mostly used in hospitals or medical practices that need to comply with HIPAA regulations," said Potts. "Other fields include financial services that must comply with Sarbanes-Oxley or industries with the money and the need to install a locked-down wireless network."
Lauren Simonds is the managing editor of SmallBusinessComputing.com