In an increasingly mobile world, organizations are under pressure to provide reliable wireless networks that provide users with seamless connectivity. At Interop ITX, wireless experts provided guidance on how to build a secure WLAN that provides users with the mobile experience they expect.
Rowell Dionicio, who designs and deploys WiFi networks for higher education, said he likes to do a lot of WLAN planning up front to gather requirements. The planning reduces the amount of assumptions that go into the WLAN design, which leads to fewer errors and better productivity.
"The most expensive part of wireless is going back and redoing your design," he said in his presentation on building WLANs for high density and capacity.
In WLAN planning, Dionicio advised finding out how many and what types of devices will be using the wireless network. "No device is the same. Each has a different capability," he said, adding that the goal is to get the highest signal to noise ratio. Also, consider what applications users will be accessing; that will impact how the WLAN works and the user experience on it.
"When upgrading access points, you can't forget about your switches," Dionicio said. The switch needs to support the PoE requirements of the AP.
Networking pros also need to keep aesthetics in mind in their WLAN design. If a building is ornate, it's possible to run into folks who can't be bothered with "your ugly access points," he said. "Don't design blindly and rely on a floorplan that was designed for you. Do a walk though of the environment," he said. "Ask where you can place APs. It comes down to reaching a compromise."
Beyond planning, Dionicio explained the steps involved in design with predictive site surveys that determine where APs are placed. He also explained the hazards of co-channel interference, recommended planning WiFi networks for 5 GHz, and described some of the tools he uses in his work.
With increasing use of wireless networks in the enterprise, security of course must be a priority. Jennifer Huber, mobility solutions architect at World Wide Technology, provided some do's and don'ts when it comes to WLAN security.
A common wireless security practice is to hide SSIDs, but they're easily uncovered, she said.
"Just because you're not broadcasting your SSID doesn't mean you're secure," Huber said. The practice also is problematic because it makes it harder for your clients to connect, forcing them to default to unknown SSIDs.
MAC address filtering is another common practice that doesn't actually help secure the network, Huber said, noting that MAC addresses can be easily spoofed. The only situation where MAC filtering makes sense is in an outdoor mesh network, she added.
Huber recommended using two-factor authentication whenever possible and said the best option for wireless encryption is WPA2 Enterprise, which combines AES/CCMP with 802.1x Extensible Authentication Protocol (EAP).
If possible, put the corporate SSID on a 5 GHz network, and make 2.4 GHz the guest network, Huber advised.
She described the risks associated with the two top mobile platforms, Apple iOS and Android, explaining that unlike iOS, software updates can be haphazard on Android devices. Android users also can introduce risks when they install an application by unknowingly granting the app control of functions on the device or even full control of the device.
Organizations have a lot of options to control the devices coming onto their WLAN with mobile device management software, which can limit or restrict access in a variety of ways and enforce security mechanisms, Huber said.