How to sabotage your wireless network

Consumer-grade wireless gear and a consumer mind-set are bad for business networks

All too many businesses start a wireless network by installing Wi-Fi the same way you would at home. They will buy a low-end, consumer-grade access point from a Linksys, D-Link, or Buffalo Technology and put it in a common area, such as a conference room. Just like that, potentially for less than $100, you have a wireless network that is convenient for your employees and guests to use. You saved a bundle, but it's a big mistake.

Let's assume you have enough technical savvy to deploy the WAP (wireless access point) properly and transmit on a channel in which there is limited interference. If not, you could create a self-inflicted denial of service by choosing a frequency currently being used by your secretary's cordless phone. Because cordless phones often transmit on the same 2.4GHz or 5GHz frequencies need for Wi-Fi, your browser may time out or your email stop every time someone calls the secretary -- and now you know why.

[ Also on InfoWorld: Meraki Enterprise Cloud Controller is a fantastic, cloud-managed wireless LAN solution. | Netgear ProSafe wireless LAN system is also a first-rate solution for small and midsized networks, as long as you don't need first-rate technical support. ]

But let's assume you were smart enough to avoid that. Let's assume you also know to enable best security practices such as using WPA2 (Wi-Fi Protected Access 2), because if you botch the security you may have an even bigger problem on your hands. Choosing weak encryption/authentication, or none whatsoever, is an open invitation to the bad guys and a security breach.

If you've passed the deployment and security configuration tests, congratulations, but you're far from home free. These are just the beginning of the issues a business will trip over if it chooses to rely on consumer-grade gear.

Wireless LANs: Consuming questions
What happens when you have a guest or customer who needs to check his email and asks to use your Wi-Fi? Will your consumer-grade access point have the capability to run a simultaneous SSID (service set identifier) and 802.1q to isolate the guest traffic from your business traffic? Will your consumer-grade solution have a guest Web portal that supports a variety of operating systems -- and devices such as Android, Apple iOS, and BlackBerry smartphones and tablets? Even if it does, who at your organization will know how to set this up properly?

Who at your organization will know what to do when your neighbor installs his WLAN on the same frequency, or when a cordless phone, Bluetooth device, or security camera interferes with your network? Will your consumer-grade WAP vendor provide firmware upgrades to fix the latest security issues? Will your consumer-grade WAP need to be rebooted three times a day, because it crashes whenever more than five people try to use it at the same time? What happens when the wireless network grows to five or ten access points? How will they all be managed? How will you manage network accounts? Will they be integrated into your wired network?

These are the types of questions that any business needs to think about as they grow a wireless network. The consumer-grade solution is like eating a Pop-Tart for dinner. You get an immediate sugar high, but the lack of sustenance will eventually catch up with you. Weeks and months down the road, your company will be less fit because you have installed a solution that is lacking the management, security, usability, reliability, and scalability features found in business-grade equipment. But all is not lost. We have a couple of affordable solutions to recommend.

We recently tested two good WLAN systems that would allow a small business to move into an enterprise-grade solution without paying an enterprise price. The Meraki Enterprise Cloud Controller combines a full-featured WAP ($649) with a pay-as-you-go, Web-hosted management system (starting at $150 per WAP per year) that effectively outsources the most painful aspects of WLAN deployment and maintenance. The Netgear ProSafe WLAN system is more traditional, combining a WAP ($300) and an on-premises controller ($600) that have the features businesses need at a bargain-basement price.

Wireless LANs: Controller in the cloud
As with any cloud service, the idea behind the Meraki Enterprise Cloud Controller is to allow you to focus on your core business mission and treat your IT functionality as something that can be farmed out and paid for by subscription. Economies of scale are in full force: Meraki spreads the infrastructure costs across the entire customer base while delivering instant upgrades (features and security patches) to all users at once. Extremely polished, easy to use, and (from the customer standpoint) maintenance-free, the Meraki solution would allow a one-man IT team to handle all of the administration duties for multiple wireless LANs across multiple locations, with time to spare for other duties.

Meraki has a superb feature set, and with the controller residing in the cloud, it allows you to scale out your wireless network simply by plugging in additional access points -- no extra controllers and infrastructure costs required. WAPs can be deployed and configured within minutes, and network administrators can check a variety of metrics that include connectivity, gateway usage, latency, and channel utilization. The Google-inspired Web interface is a pleasure to use, and the number of sites and WAPs that can be managed is virtually limitless.

Meraki allows for several simultaneous wireless networks, including a guest network with Web port authentication. It has smart spectrum management capabilities that can resolve frequency conflicts on the fly, avoiding interference from other access points and devices operating in the 2.4GHz and 5GHz bands. It provides great visibility into the activity on the WLAN and allows you to throttle the bandwidth consumed by YouTube or Pandora or other noncritical traffic.

Of course, many organizations will be concerned with putting the ultimate control of an important asset into the hands of a third party. Meraki may not be a good fit for a three-letter federal agency or a bank that requires maximum security and control. Meraki is a clearer win for organizations such as small businesses and educational institutions where security requirements are less stringent, and ease of deployment, low cost, and manageability are top concerns. Regardless of the nature of the business, any organization considering Meraki (or any cloud solution) should weigh the cost savings of outsourcing against the loss of direct control.

Wireless LANs: Beyond the home network
Another good option is the Netgear ProSafe wireless LAN system. Combining the ProSafe WNDAP350 wireless access points and the ProSafe WMS5316 wireless LAN controller, the Netgear solution should appeal to cost-conscious businesses that prefer to maintain their own infrastructure because of security priorities. The Netgear WAPs support simultaneous 802.11a and 80211b/g/n networking, and the controller can handle a maximum of 16 WAPs. The system will automatically reassign channels to minimize radio interference and will provide fair load balancing of wireless users. It supports multiple VLANs and multiple SSIDs, so you can configure separate networks for guests, the sales department, and so on.

The Netgear ProSafe wireless LAN system is a great fit for a small business, providing reliable performance at a reasonable cost. A small IT team with average skills could easily install and maintain this device, though initial setup may present a significant hurdle. Infrastructure, maintenance, and support costs will be higher than with the Meraki solution, due to Netgear's less elegant design and its weak technical support. If you have moderately experienced IT staff, the Netgear solution can be extremely cost-effective, particularly when security restrictions outweigh ease of use. Netgear has a well-engineered, business-grade solution, but (at least in our experience) has not yet backed it with business-grade technical support.

The Netgear and Meraki solutions are worthy of consideration for any small to medium-size deployment. They are several orders of magnitude more capable and reliable than their consumer-grade counterparts, and at the same time significantly less expensive than traditional enterprise solutions. Depending on the nature of your business and the time and skills you have available, you could offload the management infrastructure to the cloud or keep everything in-house. Either way, you get great manageability and room for growth.

This article, "How to sabotage your wireless network," was originally published at InfoWorld.com. Follow the latest developments in networking at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies