Republished with permission from
WatchGuard Technologies, Inc.
Securing the Small, All-Wireless Network
by Lisa Phifer, Vice President, Core Competence, Inc.
Much has been written about adding wireless access to existing networks, but many small businesses and teleworkers are faced with a different task: building a brand new network from scratch.
In both existing and new networks, using 802.11 wireless can speed build-out, reduce cabling cost, simplify adds/moves/drops, and enhance business productivity by making networked resources more readily-accessible. But if you’re creating a brand new SOHO network today, wireless also presents unique opportunities and challenges.
On one hand, starting with a clean slate has distinct advantages. If your network design doesn’t need to accommodate legacy systems, you can make more extensive use of innovative wireless hardware and software.
Companies with existing networks tend to view wireless as yet another way to reach the wired backbone. In a brand new network, using wireless for both access and backbone connectivity may be more attractive. Pulling Cat5 through walls can be problematic, particularly in older buildings and rental properties. By using wireless, you may be able to avoid cabling for most or all of your users. Many home and small business networks can get away with minimal Ethernet to connect wireless routers to DSL/cable modems and workgroup servers. Wireless access points (APs) that support Power-over-Ethernet can also be used to avoid running new power lines to hard-to-reach places.
Existing networks often include multi-vendor devices that were procured over a long period of time. When wireless access is added to such a network, gluing new devices to existing provisioning and monitoring systems can be tough. Brand new networks can benefit by starting off with compatible products that support centralized, coordinated administration. Consider procuring components from just one vendor, or selecting multi-vendor products that have already been integrated with each other.
New networks also have a great opportunity to take advantage of multi-function wireless devices. For example, home networkers may consider buying or leasing broadband modems that include built-in wireless access points APs. Teleworkers and small businesses can leverage the new generation of SOHO firewalls with built-in APs. Buying devices with built-in wireless eliminates the complexity of integrating independent devices. You won’t need to figure out which interface should host the AP, and access controls and filters can be simpler.
Small businesses that require secure remote access across the Internet can more readily consider wireless-specific security measures like the mobile VPNs sold by NetMotion, Ecutel or NetSeal. Teleworkers must employ whatever VPN solution their company requires for remote access. However, small businesses should consider all VPN options available to them, including those based on PPTP, IPsec, SSL, and emerging mobile VPN protocols. Mobile VPNs are particularly useful for companies that need seamless wireless LAN/WAN roaming -- a requirement that other VPNs have a hard time meeting.
On the other hand, starting fresh means that you'll be trekking into uncharted territory without a foundation of IT infrastructure, tools, and traffic history. Potential stumbling blocks to watch out for include the following.
Tight coupling that ties your hands in the
Using the wrong wireless
Inappropriate use of residential-grade
Inadequate understanding of
Wireless LANs have been a tremendous boon to home and small business networking. SOHO WLANs are now growing faster than enterprise WLANs, driven by the spread of always-on broadband services and resulting demand for inexpensive, easy-to-deploy Internet access sharing. In fact, wireless LAN gear is so turn-key that many of us start using it without actually designing the network to meet security and performance needs.
Creating a new SOHO WLAN from scratch isn’t that difficult, but up-front planning can help you to avoid speed bumps in the road ahead. Consider the unique opportunities and challenges identified in this column, but don’t stop there. Consult general guidelines for secure WLAN deployment; here are some additional resources to get you started:
Copyright© 2003, WatchGuard Technologies, Inc. All rights reserved. WatchGuard, LiveSecurity, Firebox and ServerLock are trademarks or registered trademarks of WatchGuard Technologies, Inc. in the United States and other countries.
Copyright © 1996 - 2003
WatchGuard Technologies, Inc. All rights reserved.