Enterprise Wireless – Not Your Home Network

By: Darin Barton CISSP, CISA

Your enterprise wireless is not the same as your home wireless – so why are so many IT professionals treating it like it is?

One could easily feel discouraged at how misinformed some IT professionals are when it comes to enterprise wireless.  There is often a serious lack of understanding into the complexity and scope of enterprise Wi-Fi and the need to architect and implement it properly.

Recent Experiences

A few months back I was contacted by an organization to determine why several wireless access points were not working within an office building.  I suggested a wireless survey to diagnose the RF distribution and surrounding noise disturbances plus a review of the AP and controller configurations.  This was accepted as a smart go-forward plan.  The cost of this was minimal with about 1.5 days of effort to perform the survey and create a value driven report.  When the IT Director saw the cost, he explained that he could easily put in a wireless D-Link device to fix the problem, which would cost less than the survey, so why spend the extra money.  (Once I picked my jaw off the ground) I explained the technical and business reasons why adding a home wireless router to an existing enterprise solution was not a sound idea.  At the end-of-day he went with the D-Link.

The result:  After a month they were still experiencing wireless issues but were determined to fix it on their own.

More recently, I was contacted by a parts manufacturing company interested in upgrading and expanding their wireless to accommodate newer bar code guns within a densely (machine) populated warehouse space.  Once again, I recommended an on-site wireless survey (due to the size of the warehouse, the number of industrial machines, the size and length of racking and shelving, the height of the ceiling, the newer wireless technology, etc..).  When I quoted the service to the IT manager I was told that they expected the survey for free.  Knowing where this was going I suggested that we could provide a logical wireless survey* for free but it would be far less accurate and likely result in later refinements (specifically in their case).  They indicating they were going to do it themselves.

The result:  Their new hand-held devices work intermittently and they still have not completed their access point roll-out because of interference.

*A logical wireless survey is when we use a floor map inserted into a wireless survey tool.  We code the map with construction and/or office materials that might interfere with wireless RF, such as; walls (glass, concrete, drywall), windows, kitchen microwaves, machinery, etc. to provide an (as close to) accurate representation of the environment within a logical footprint.

Wireless for Business

Your business Wi-Fi – the wireless that is providing access to your data infrastructures, carrying your confidential information, and allowing your business to function smoothly – must be at least four things:

1. Available,
2. Accessible,
3. Manageable, and;
4. Secure.

If one of these four criteria are not present then your business wireless infrastructure will continually cause you pain, headaches, money, time, confidence, and eventually you will require a wireless intervention.

The Best Way to Avoid an Intervention – Follow These Ten Recommendations:

1. Wireless technology is as limited as your imagination (and experience) – take the time to consider what you want your wireless to do for your business.
2. Choose the right manufacturer based on your business needs and objectives.
3. Select an experienced partner to implement the solution.
4. Conduct a thorough on-site survey as part of the implementation strategy.
5. Architect and scope the solution with capacity, traffic volume and security in mind.
6. Build roaming and resiliency into your architecture and configuration strategy.
7. Use certificate-based authentication if possible.
8. Keep SSIDs to a minimum.
9. Secure your wireless architecture with diligence – some wireless solutions are more secure than others.
10. Use and configure your management tools properly for monitoring alerts, events, assets, RTLS (Real Time Location System) and security.

Too often, IT professionals think they can competently implement their corporate Wi-Fi on their own.  My experience has shown me, time-and-again, that this technology (while bountiful) is not fully understood, and, the most successful IT professionals understand their limitations and seek out experts for help.  The days of DiY wireless are over – use your Wi-Fi partners and value-added resellers (VARs) wisely.

:Darin Barton CISSP, CISA is a senior security professional in Toronto Canada, with 20+ years’ experience in cyber security and currently employed with Access 2 Networks Inc. (A2N).