informa
/
Risk
News

Get Remote Wi-Fi Right

With a little specialized know-how, it's possible to have secure wireless LANs at remote sites.


$499 million
Worldwide wireless LAN equipment revenue in 1Q '08; up 1% from the previous quarter as companies hold steady with investments.
Data: Infonetics
If remote users as a group keep security teams awake at night, remote users on wireless networks are the nightmare scenario. But it doesn't have to be that way--secure WLANs are possible at remote sites, you just need a little specialized know-how.

Promise: With devices including laptops, PDAs, and smartphones providing seamlessly integrated wireless functionality, secure, on-demand Wi-Fi is fast becoming more necessity than luxury. Throw up an access point as an extension to the wired network and instant employee gratification is assured. "We have wireless now," is what they'll say.

That's the theory, anyway.

Reality Check:
In contrast to corporate headquarters where the brass walks the halls and wireless access is typically superb, the best most remote sites can hope for are a few autonomous APs slapped up by a visiting IT team as an afterthought during a server upgrade. The system may work, but it likely won't work well. Impromptu deployments done to get the wireless monkey off IT's back can backfire because these "solutions" are rarely well thought out, lack a cohesive design, are difficult to support, and are cheap, both literally and figuratively. To make matters worse, the more employees using the system, the slower access becomes. In the best possible scenario, a single one-radio AP will service one person at about 20 Mbps throughput, two people at 10 Mbps each, and so on.

InformationWeek Reports

And, with a lack of on-site IT support, wireless can seem like a mystery technology to local users. Maybe you get interference with the neighboring business' APs or from a poorly shielded microwave oven. Simple autonomous APs often lack the intelligence to identify sources of RF interference, and forget doing anything about it, such as switching to a less-congested frequency. Client configuration problems and old wireless drivers can confound users with the result being, "Hers works but mine doesn't!"

One alternative, doing nothing, is worse because employees often will take matters into their own hands. A single unauthorized AP can leave the local wired network--and the corporate WAN to which it connects--wide open to exploitation. Since IT considers the remote site a Wi-Fi-free zone, who knows when the rogue will be detected.

DIG DEEPER
See much more
on deploying WLANs to remote sites in our Wireless Everywhere Special Report.
The silver lining is that well-running wireless systems configured with a few essential features can provide adequate service to remote offices. Vendors such as Aruba Networks, Motorola (Symbol), and Cisco offer small versions of their controller-based lightweight Wi-Fi systems that are well suited to remote offices and can become extensions of the enterprise WLAN. This helps ensure that remote WLANs adhere to a company's wireless security policy that defines controls such as authentication, role-based access privileges, and encryption. Further, extensions to enterprise wireless architectures may enhance performance through smarter channel agility and increase visibility by adding the ability to spot and report rogues. It's even possible to have some of these features without a controller.

Grant Moerschel is co-founder of technology consultancy WaveGard; contact him at [email protected]

Return to the story:
6 Top Technologies For Remote Office Support ... And 2 To Avoid

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5