Malaysian software developer, Pannasoft Technologies Sdn Bhd., was looking for convenience and cost savings when it implemented its LAN two years ago. The company went ahead with a wired LAN but shortly thereafter a wireless network was added. Adopting a wireless LAN (WLAN) environment gave its staff an option to access the company network or the Net from anywhere in the office via any Wi-Fi enabled device.
?The WLAN made it easier for us to add new users, eliminating the need to lay an extra cable or mount a new network access point on the wall,? says Pannasoft Technologies? chief operating officer, C.Y. Fok. Furthermore, the company had an estimated cost savings of 20 percent with the WLAN implementation as opposed to having to wire all PC and laptop computer users, he reveals.
Pannasoft utilizes the WLAN for non-critical applications such as accessing information on the Internet. For mission critical applications that are hosted on the back-end servers, the company prefers its employees to gain access through a wired connection to ensure stability and good performance, Fok says.
The increasing number of wireless hotspots is helping users get accustomed to the convenience of Wi-Fi, and this has contributed to the growth of WLAN deployments in enterprises. IDC?s Enterprise End-User Communication Study conducted last year on WLAN adoption rate in Malaysia found that 16.6 percent of the respondents already have a WLAN in their enterprises, while 16.3 percent intend to deploy one in the near future.
Nevertheless, WLAN has not begun to replace the wired network. IDC Malaysia?s senior analyst, Lincoln Lee, says that both networks will co-exist for the time being because a considerable amount of investment has already been made in wired networks. Furthermore, there are still quite a number of devices that depend on a wired network. ?Also, many IT managers have a difficult time justifying the value of deploying a WLAN,? says Lee.
META Group?s senior research analyst for Asia Pacific, Bjarne Munch, agrees. He says that although there are smaller enterprises and branch offices deploying WLANs, the majority of enterprises still have a limited business case for such deployments.
Munch adds that WLANs will never fully replace a wired infrastructure because the latter has significantly more capacity. ?It meets the growing demand for capacity especially with services such as VOIP, video conferencing and video streaming gaining popularity.?
Hindering the growth of WLAN also is the management of air interface and access points, especially in large enterprises. Pannasoft, for instance, had to determine the number of WLAN access points required, the best location for the access points to ensure throughput and uninterrupted service, as well as how to manage the various wireless devices.
Issues such as reduced throughput and service disruptions also diminish the benefit of wireless mobility, says Pannasoft?s Fok. For instance, the position of a client device with respect to an access point is critical for maintaining throughput. As users move between access points, they create random demand and location spikes. In addition, the WLAN will have to cater to unpredictable user and traffic load when users join and leave the network randomly, he says.
Another concern for enterprises when it comes to WLAN deployment is security, which Lee of IDC says remains high on the list of concerns among IT managers. Most people deem a wired network to be secure because data is transmitted over the airwaves. However, Choi Chik Choy, business development director of Cisco Systems Malaysia?s Advanced Technologies Group, contends that it is not necessarily the case.
He says that depending on how the wired network is configured, any person who could get access to the physical network port in a meeting room, for instance, could still access to the network without being authenticated. ?WLANs with the proper security settings can be more secure than a basic wired network that is not encrypted,? he says.
Fortinet?s managing director for Southeast Asia, Benjamin Teh, however, argues that wired networks are still inherently more secure due to the physical deployment of these networks. Wired networks are ?contained? in a specific location such as in the office, and one would have to physically access the location to breach the network. On the other hand, a wireless signal (of the WLAN) can be picked up in the vicinity of the network.
?Lack of accessibility will always provide a safer passage for data versus one that is available everywhere. The more available the network is, the more opportunities onlookers will have the to take a sniff,? says Teh.
Nevertheless, users should not be disheartened because security for wireless technology is evolving. Cisco?s Choi says that users can start by securing a WLAN at three levels: at the laptop level, at the access points, and by the network managers to ensure security policies are strictly adhered to.
Establishing a VPN is another means of boosting WLAN security. Data travelling in a VPN will be encrypted traffic and authentication is also required so that only authorized users are allowed to access the VPN.
VPN technologies today can be deployed on wired and wireless networks. Thus, regardless of whether a user is accessing the enterprise network using a DSL connection at home, a mobile phone with a VPN client or via a laptop at a wireless hot-spot, the same security policy is applied based on a common security mechanism.
As a user goes through a WLAN point through the Internet and ultimately into the corporate network, data will be encrypted throughout using 3DES or AES encryption.
The secret to deploying secure WLANs is in segmenting this portion of the network structure from more sensitive environments. Once the host is connected to the WLAN segment, standard access controls such as two-factor authentication to wired network resources should apply, Teh explains.
An access point that can firewall off the physical segment as well as scan for blended threats should be in place, too, because even in wired networks, VPNs do not stop blended threats from infecting one segment of the network and spreading to other parts through the encrypted VPN tunnel, adds Teh.
Today, many security standards are available to secure the data in transit between a WLAN host and clients. WPA and WEP are some of the standard encryption schemes that are already finding their way into today?s access points.
The various encryption schemes, however, might be of concern for organizations looking at deploying WLANs. This is because different generations of WLAN products support different encryption schemes. For example, if there are 802.11b equipment alongside those that support 802.11g and 802.11a, then these equipment would likely have different levels of encryption capabilities ranging from the antiquated 40-bit WEP, to 128-bit WEP, and WPA.
By using a variety of tools, it is very easy to probe old equipment that supports 40-bit WEP schemes, and subsequently snoop on the traffic. Although WPA provides a higher level of security it is still possible for someone to breach it, says Sam Tew, technical manager at Check Point Software Technologies. However, a new WPA standard -- WPA-2 or 802.11i -- has recently been ratified and this is expected to provide stronger wireless encryption capabilities as it uses the AES encryption standard. The downside, however, is that the standard would require new hardware to be installed for existing WLANs users, he says.
Technology aside, WLANs can be deployed effectively in enterprises by following some common best practices, says Pannasoft? Fok. He recommends the following:
* Controlling the WLAN broadcast area and locking each access point, which is often overlooked. Many wireless access points allow signal strength to be adjusted. It is best to place the access points as far away as possible from exterior walls and windows, and to test the signal strength so that unauthorized access from nearby locations is impossible. Remember to also change the default password on all access points.
* Using SSID (Service Set Identifier) intelligently. Buy access points that allow SSID broadcasting to be disabled. This will prevent the access points from broadcasting the network name and associating with clients that are not configured with your SSID.
* Implement user authentication and secure the WLAN with IPsec VPN or clientless VPN. This is the most secure way to improve user authentication, data integrity, and data confidentiality services on a WLAN.
* Deploying a personal firewall and antivirus software on all mobile devices.
Although security issues remain a concern, the right technology together with access policies that are enforced effectively will promote a healthy WLAN environment in enterprises.