Wireless Networking: A Fit for Your Firm?
By Kenneth M. McCall, MBA, Boomer Consulting, Inc.
It seems everywhere you turn someone is talking about wireless networking. Computer related magazines are saturated with advertisements featuring wireless networking gear, and people keep throwing around terms like “802.11b”. Sooner or later, your Managing Partner will ask you (or, if you’re the Managing Partner you may be asking yourself), “What are we doing about wireless? Does it have a place in our firm?” Hopefully the next few minutes of reading will leave you better equipped to answer these questions!
Like most hard questions, this one has no easy answer that will fit for everyone. The underlying decision must come down to what risks do you consider to be prudent and to what degree will you accept prudent risk in order to take advantage of the convenience wireless networking offers. We will look at the issue in terms of compatibility, security, and strategy.
Any discussion of wireless equipment and networking quickly becomes saturated with acronyms, numbered “standards” and other jargon. Here are some of the essentials you will need to understand to communicate your wishes and concerns. Take a moment to wade through the details; it’s worth your time.
IEEE: The Institute of Electrical and Electronics Engineers is the internationally recognized organization which has the responsibility of setting standards to which equipment manufacturers will comply. The “IEEE 802.11” series of standards applies to wireless networking.
802.11a; 802.11b; 802.11g: These are the three most common wireless standards that you will encounter. Each has a significant difference from the others, and those differences govern speed and compatibility.
802.11a: This is a currently approved standard and is commercially available today. Equipment built to this standard operate in the 5-GHz radio spectrum and deliver data throughput rates up to 54 Mbps.
802.11b: This is also a currently approved standard and is readily available. In fact, it is the most commonly used standard for home and small office networks. This standard uses the 2.4-GHz radio band and delivers data rates of up to 11 Mbps. It is not compatible with the 802.11a standard! While slower, it is less expensive.
802.11g: This standard is currently under discussion, and as of this writing, not yet ratified by IEEE. Full ratification is expected by this summer and may well be approved by the time you read this. It offers a “best of both worlds” scenario of sharing the 2.4-GHz band with 802.11b equipment, thus allowing backward compatibility with 802.11b, yet will approach the faster speeds of 802.11a. However, early test results suggest that the speed potential of 802.11g is often lost if it is mixed with 802.11b equipment, dropping back to the much slower ‘b’ rates. It is clearly the standard of the future but will function best when used in a pure ‘g’ network environment.
Access Point: This is the “broadcast” device which converts the data signal from a wired network to a wireless broadcast. Many access points have a router built in to allow the connection to a shared Internet connection and one or more ports for wired connections to computers.
Wireless Client: This is a PC Card, PCI card adapter, USB device, or other piece of equipment which allows a computer to receive the wireless signal from the access point or another wireless client. Many modern notebook computers have wireless capability built in and do not require an external card device.
As you will quickly gather from the definitions above, it is important to choose wireless equipment which is compatible. Mixing 802.11a and 802.11b equipment will not work. Once the 802.11g standard is approved and available in final configuration, it can be mixed with 802.11b but not with 802.11a. You will find “pre-release” 802.11g equipment available for sale now, but it is not guaranteed to be the final approved standard. If you buy 802.11g now, be prepared to update the “firmware” once the final standard is approved. So, in English, what should you do? If you are in a hurry to roll out your wireless network right now, and want the stability of an approved standard, purchase 802.11b. It is cheap, reliable, and easy to set up. If you can afford to wait a few months, you might want to wait for the final approved version of 802.11g and buy all 802.11g equipment. It will be significantly faster at a reasonable price. Although ‘g’ equipment is designed to be backward compatible with ‘b’ equipment, you will probably not get the full value of the speed increase in a mixed environment. Pick one standard and stay with it.
One of the biggest concerns among CPA firms when considering wireless is the security issue. It is a valid concern and needs addressed. By design, wireless networking uses radio waves instead of wired cables to transmit data. Just like a commercial radio broadcast can be received by any radio, so too can a wireless signal be received by any compatible client device. Prudent use of wireless networking with sensitive data requires a balanced understanding of risk versus reward.
When considering the "risk" side of this equation, there are essentially three things that you need to protect: your network bandwidth (which you are paying for); the sensitive nature of the data you are broadcasting; and access to your other network resources. Let’s consider each of these for a moment. Most firms today are sharing some form of broadband Internet access, typically DSL, although other highspeed connections are found in many firms. If an unauthorized user connects to your network and uses that connection to receive or transmit heavy volumes of data, it could result in a measurable slowdown of your Internet service, in particular to the detriment of your legitimate users. You will want to take measures to prevent the unauthorized use of your resources. Of course the greatest asset you will want to protect is the confidential nature of your client information and other data which is transmitted over your network. You will need to take prudent steps to ensure that data is not compromised while in transit across your wireless network. And finally, once someone is connected to your wireless network, it is possible for them to analyze enough network traffic to gain access to the rest of your network resources. In other words, to log on as if they were an authorized user and have access to your program and data files. This too requires that you take prudent security measures to protect your network.
On the "reward" side of the ledger is convenience, flexibility, and mobility. Within your firm’s office it may be very convenient to carry your notebook computer down the hall to a conference room or an associate’s office and never lose your network connection. Wireless connections add significant flexibility to the way you work, allowing easy connections to networks at your own office, client sites, or perhaps even at home. And of course, the whole point of wireless networking is mobility. As long as you are within range of a signal, you can remain connected as you walk about or move from location to location. It is easy to get "hooked" on the convenience wireless delivers.
So, how can you prudently balance these risks with the rewards? No single step is enough; you need to employ an array of strategies each designed to do certain things. In quick summary, you want to make your wireless network difficult for the casual observer to find; then you want to limit which computers you allow to connect to the network, and finally, you want to encrypt the data that is being transmitted. The bad news in this scenario is that most manufacturers have striven to make their equipment easy to set up, and they have succeeded. Setting up most access points is incredibly simple! However, in order to make it simple, most manufacturers have opted for default settings that offer the lowest level of security (often none!). Right out of the box, most access points will broadcast wide open and unsecure! You need to take several additional steps and change several default settings to add prudent security. The good news is - you can do it.
While each device has a somewhat different setup routine, almost all will include a user interface, often browser based, which allows custom configuration. However your device handles it, you will want to do three things:
- Disable the SSID (Service Set Identifier) broadcast beacon. By default, most access points will advertise their presence so users can find and connect to them. This broadcast can and should be disabled so that only users who already know the network is there can connect to it.
- Specify the MAC (Media Access Control) addresses allowed to connect. Every wireless network card has a unique "MAC address". Set the configuration of the access point so that only those known cards you want to connect to the network will be allowed to do so. All others not specified, will be rejected.
- Use 128 bit WEP (Wired Equivalent Privacy) encryption. By default most access points will be unencrypted and then will offer 64 bit encryption as a first level of choice. Take the extra step to configure the 128 bit level.
You should understand that none or even all of these steps guarantees absolute security. SSID’s can be "found" even if they do not broadcast their presence. MAC addresses can be "spoofed", allowing an intruder to pretend to use an authorized card. And WEP encryption can be cracked with a variety of tools. If someone really wants to get into your wireless network, they can and will. The techniques described above are enough to discourage the casual browser looking for an easy target. With so many wide-open and unprotected connections to play with, most intruders won’t take the time to get into yours. Remember you are seeking a prudent balance of risk and reward.
Many firms are adopting wireless technologies in a variety of ways. Typical uses include using wireless as an extension of the local area network within the firm’s building, connecting audit teams or other outside workers, and extending the reach of traveling workers.
The first of these involves connecting one or more access points to your existing wired LAN and using them to cover common areas, conference rooms, and other places where workers will need temporary access. It essentially avoids the need to string cables all over these shared workspaces. Each mobile computer will, of course, need a client connecting device such as a wireless PC card.
Remote work teams can benefit in two ways. Using a combination of wired and wireless connections, or a wireless access point alone, teams can create a temporary Local Area Network to share files, peripherals, and Internet connections. By contrast, two computers can communicate directly with each other in ad hoc mode using only their client PC cards, doing away with the need for an access point. Both methods rely on peer-to-peer networking which is built into Windows 2000 Professional and Windows XP Professional.
Finally, mobile workers equipped with wireless enabled notebook computers can be trained in the ways to connect to available wireless networks in hotels, airports, coffee shops and other locations. A variety of subscription plans, from pay-as-you-go to monthly fees, are available to meet most needs.
Wireless networking is clearly not for everyone. Some firms have considered the risks and rewards and decided not to use this technology. Others have embraced it. If you are considering ways to increase the mobility, flexibility and convenience of your users and are willing to take prudent steps to secure your data and your network connections, then wireless may have a place in your firm. Remember that "out of the box" most wireless devices are unacceptably insecure and will require several additional configuration steps to give you the level of security you will feel comfortable with. Fortunately, these are not hard to configure and can easily give you the level of prudent protection that many feel comfortable with. Consider the risks and the rewards; evaluate your own tolerance for prudent risk; and judge accordingly. The rewards can be substantial.
Kenneth M. McCall is a Consultant at Boomer Consulting, Inc., an organization devoted to the application of computer technology and management consulting.