Chapter 1. Wireless Fundamentals

What is it that makes a wireless medium so unique? What are the problems of operating in the wireless medium and how are they overcome? What are the different types of wireless networks in use today? How does each one of them work and how do they differ from each other? The aim of this chapter is to answer these questions so as to establish a context in which wireless security can be studied in the following chapters.

The first successful commercial use of wireless telecommunication was the deployment of cellular phones (mobile phones). In this book, we refer to these networks as traditional wireless networks (TWNs). These networks were designed with the aim of extending the existing wired public switched telephone network (PSTN) to include a large number of mobile nodes. The deployment of TWNs allowed users to be mobile and still make voice calls to any (fixed or mobile) phone in the world. In other words, TWNs were designed as a wide area network (WAN) technology enabling voice communication. These networks have evolved over time to support both voice and data communication but the underlying feature of the TWNs being a WAN technology is still true.

For a long time, TWNs were the predominant example of wireless telecommunication. In the late 1990s, another wireless technology emerged: wireless local area networks (WLANs). Unlike TWNs, WLANs were designed primarily with the aim of enabling data communication in a limited geographical area (local area network). Though this aim may seem counterintuitive at first (why limit the geographical coverage of a network?), this principle becomes easier to understand when we think of WLANs as a wireless Ethernet technology. Just as Ethernet (IEEE 802.3) provides the backbone of wired local area networks (LANs) today, IEEE 802.11 provides the backbone of wireless LANs.

Just as TWNs were initially designed for voice and over time evolved to support data, WLANs were initially designed for data and are now evolving to support voice.

Probably the most prominent difference between the two standards is that the former is a WAN technology and the latter is a LAN technology. TWNs and WLANs are today the two most dominant wireless telecommunication technologies in the world. Analysts are predicting the convergence (and co-existence) of the two networks in the near future.

Finally, we are today seeing the emergence of wireless mobile ad-hoc networks (MANETs). Even though this technology is still in an early phase, it promises to have significant commercial applications. As the name suggests, MANETs are designed with the aim of providing ad hoc communication. Such networks are characterized by the absence of any infrastructure and are formed on an as-needed (ad hoc) basis when wireless nodes come together within each others’ radio transmission range.

We begin by looking at some of the challenges of the wireless medium.

1.1. The Wireless Medium

1.1.1. Radio Propagation Effects

The wireless medium is a harsh medium for signal propagation. Signals undergo a variety of alterations as they traverse the wireless medium. Some of these changes are due to the distance between the transmitter and the receiver, others are due to the physical environment of the propagation path and yet others are due to the relative movement between the transmitter and the receiver. We look at some of the most important effects in this section.

Attenuation refers to the drop in signal strength as the signal propagates in any medium. All electromagnetic waves suffer from attenuation. For radio waves, if r is the distance of the receiver from the transmitter, the signal attenuation is typically modeled as 1/r² at short distances and 1/r⁴ at longer distances; in other words, the strength of the signal decreases as the square of the distance from the transmitter when the receiver is “near” the transmitter and as the fourth power when the receiver is “far away” from the transmitter. The threshold value of r where distances go from being “near” to being “far away” is referred to as the reference distance. It is important to emphasize that this is radio modeling we are talking about. Such models are used for simulation and analysis. Real-life radio propagation is much harsher and the signal strength and quality at any given point depends on a lot of other factors too.

Attenuation of signal strength predicts the average signal strength at a given distance from the transmitter. However, the instantaneous signal strength at a given distance has to take into account many other effects. One of the most important considerations that determine the instantaneous signal strength is, not surprisingly, the operating environment. For example, rural areas with smooth and uniform terrain are much more conductive to radio waves than the much more uneven (think tall buildings) and varying (moving automobiles, people and so on) urban environment. The effect of the operating environment on radio propagation is referred to as shadow fading (slow fading). The term refers to changes in the signal strength occurring due to changes in the operating environment. As an example, consider a receiver operating in an urban environment. The path from the transmitter to the sender may change drastically as the receiver moves over a range of tens of meters. This can happen if, for example, the receiver’s movement resulted in the removal (or introduction) of an obstruction (a tall building perhaps) in the path between the transmitter and the receiver. Shadow fading causes the instantaneous received signal strength to be lesser than (or greater than) the average received signal strength.

Another propagation effect that strongly affects radio propagation is Raleigh fading (fast fading). Unlike slow fading which effects radio propagation when the distance between the transmitter and the receiver changes of the order of tens of meters, fast fading describes the changes in signal strength due to the relative motion of the order of a few centimeters. To understand how such a small change in the relative distance may affect the quality of the signal, realize that radio waves (like other waves) undergo wave phenomena like diffraction and interference. In an urban environment like the one shown in Figure 1.1a, these phenomena lead to multipath effects; in other words, a signal from the transmitter may reach the receiver from multiple paths. These multiple signals then interfere with each other at the receiver. Since this interference can be either constructive or destructive, these signals may either reinforce each other or cancel each other out. Whether the interference is constructive or destructive depends on the path length (length the signal has traveled) and a small change in the path length can change the interference from a constructive to a destructive one (or vice versa). Thus, if either of the transmitter or the receiver move even a few centimeters, relative to each other, this changes the interference pattern of the various waves arriving at the receiver from different paths. This means that a constructive interference pattern may be replaced by a destructive one (or vice versa) if the receiver moves by as much as a few centimeters. This fading is a severe challenge in the wireless medium since it implies that even when the average signal strength at the receiver is high there are instances when the signal strength may drop dramatically.

Figure 1.1a. Signal propagation in wireless environment

Another effect of multipath is inter-symbol interference. Since the multiple paths that the signal takes between the transmitter and the receiver have different path lengths, this means that the arrival times between the multiple signals traveling on the multiple paths can be of the order of tens of microseconds. If the path difference exceeds 1-bit (symbol) period, symbols may interfere with each other and this can result in severe distortion of the received signal.

1.1.2. Hidden Terminal Problem

Wireless is a medium that must be shared by all terminals that wish to use it in a given geographical region. Also, wireless is inherently a broadcast medium since radio transmission cannot be “contained.” These two factors create what is famously known as the hidden terminal problem in the wireless medium. Figure 1.1b demonstrates this problem.

Figure 1.1b. Hidden node problem

Figure 1.1b shows three wireless terminals: A, B and C. The radio transmission range of each terminal is shown by a circle around the terminal. As is clear, terminal B lies within the radio transmission range of both terminals A and C. Consider now what happens if both A and C want to communicate with B. Most media access rules for a shared medium require that before starting transmission, a terminal “senses” the medium to ensure that the medium is idle and therefore available for transmission. In our case, assume that A is already transmitting data to B. Now, C also wishes to send data to B. Before beginning transmission, it senses the medium and finds it idle since it is beyond the transmission range of A. It therefore begins transmission to B, thus leading to collision with A’s transmission when the signals reach B. This problem is known as the hidden terminal problem since, in effect, A and C are hidden from each other in terms of radio detection range.

1.1.3. Exposed Terminal Problem

The exposed terminal problem is at the opposite end of the spectrum from the hidden terminal problem. To understand this problem, consider the four nodes in Figure 1.1c.

Figure 1.1c. Exposed node problem

In this example, consider what happens when B wants to send data to A and C wants to send data to D. As is obvious, both communications can go on simultaneously since they do not interfere with each other. However, the carrier sensing mechanism raises a false alarm in this case. Suppose B is already sending data to A. If C wishes to start sending data to D, before beginning it senses the medium and finds it busy (due to B’s ongoing transmission). Therefore C delays its transmission unnecessarily. This is the exposed terminal problem.

1.1.4. Bandwidth

“The Queen is dead.

Long Live the Queen.”

Bandwidth is one of the most important and one of the most confusing topics in telecommunications today. If you keep up to date with the telecommunication news, you would have come across conflicting reports regarding bandwidth. There are a lot of people claiming “bandwidth is cheap” and probably as many people claiming “it is extremely important to conserve bandwidth.” So, what’s the deal? Do networks today have enough bandwidth or not?

The problem is there is no single correct answer to that. The answer depends on where you are in the network. Consider the core of the IP and the PSTN networks: the two most widely deployed networks today. The bandwidth available at the core of these networks is much more than required: bandwidth therefore is cheap at the core of the network. Similarly the dawn of 100 Mbps and Gigabit Ethernet has made bandwidth cheap even in the access network (the part of the network that connects the end-user to the core). The wireless medium, however, is a little different and follows a simple rule: bandwidth is always expensive. This stems from the fact that in almost all countries the wireless spectrum is controlled by the government. Only certain bands of this spectrum are allowed for commercial use, thus making bandwidth costly in the wireless world. All protocols designed for the wireless medium therefore revolve around this central constraint.

1.1.5. Other Constraints

Bandwidth is not the only constraint for wireless networks. One of the prominent “features” of wireless networks is that they allow the end user (and hence the end node or terminal) to be mobile. This usually means that the wireless nodes which are being used need to be small enough to be mobile. This in turn means additional constraints: small devices mean limited processing power and limited battery life. Also using small nodes means that they are easy to lose or steal, thus having security implications.

1.2. Wireless Networking Basics

Organizations are adopting wireless networking technologies to address networking requirements in ever-increasing numbers. The phenomenal rate of change in wireless standards and technology complicates the decision of how to implement or update the technology. In this section, we delve into the inner workings of the wireless LAN (WLAN) environment of today. We start by concentrating on the specific topic areas related to wireless networking technology. We explain how LANs and WLANs work, coexist, and interoperate. We discuss the varying wireless standards that exist today and look at some future standards. Mobile workforces drive the need for strong understanding of the issues surrounding mobile security, and we cover those issues in fairly extensive detail. Because mobile security requires encryption to work, we cover the various encryption standards in use today and explain the strengths and weaknesses of each. At the end of this chapter, you should have a fundamental grasp of the essentials of wireless networking. Now, let’s begin by taking a look at WLANs.

1.2.1. Wireless Local Area Networks

In 1997, the IEEE ratified the 802.11 WLAN standards, establishing a global standard for implementing and deploying WLANs. The throughput for 802.11 is 2 Mbps, which was well below the IEEE 802.3 Ethernet counterpart. Late in 1999, the IEEE ratified the 802.11b standard extension, which raised the throughput to 11 Mbps, making this extension more comparable to the wired equivalent. The 802.11b standard also supports the 2-Mbps data rate and operates on the 2.4-GHz band in radio frequency for high-speed data communications.

Figure 1.2. How 802.11 works in the OSI model(see Chapter 2 for more detail on the OSI model)

WLANs are typically found within a small client node-dense locale (e.g., a campus or office building), or anywhere a traditional network cannot be deployed for logistical reasons. Benefits include user mobility in the coverage area, speed and simplicity of physical setup, and scalability. Being a military spinoff, WLANs also provide security features such as encryption, frequency hopping, and firewalls. Some of these features are intrinsic to the protocol, making some aspects of WLANs at least as secure as wired networks and usually more so. The drawbacks are high initial cost (mostly hardware), limited range, possibility of mutual interference, and the need to security-enable clients.

1.2.1.1. LANs and WLANs Explained

A LAN physically links computers in an organization together via network cabling, often specified as Ethernet CAT 5 cabling. With a wired LAN, computers are connected by a fixed network of wires that can be difficult to move and expensive to change. These wires run throughout the walls, ceilings, and floors of the organization’s buildings. LANs allow data and applications to be shared on multiple computers. A LAN provides a means for applications and files to be accessed on a central server via wired (or wireless) connections.

A WLAN enables a local network of computers to exchange data or other information without the use of cables. It can either replace or extend a wired LAN. The data can be transmitted as radio signals through the air, walls, ceilings, and so on without wired cabling. Using WLANs, mobile computing devices may be carried from place to place in an organization while remaining continuously connected. Any device that is within the range of an access point can potentially connect to the WLAN. This provides greatly increased freedom and flexibility compared to a wired network. WLANs are typically built using two key components:

1. An access point, or base station, that is usually physically connected to a LAN.
2. A wireless card that is either built into or added to a handheld, laptop, or desktop computer.

Using WLANs, it is easy to provide access to additional users. Access points can be added as necessary to manage the capacity and growth of an organization. The most common wireless standard, 802.11b, has a data transfer rate of 11 Mbps—much slower than current wired LANs, which operate at 100 Mbps. Newly installed wired networks now operate at up to 1,000 Mbps (1Gb). 802.11b devices are often branded with a wireless fidelity (Wi-Fi) mark to indicate interoperability. A WLAN has sufficient bandwidth to handle a wide range of applications and services; however, it has a limited ability to deliver multimedia applications at sufficient quality, and a wired LAN is probably needed to access these. Ongoing advances in wireless standards continue to increase the data rate achievable with new equipment.

1.2.1.2. How WLANs Work

In a typical WLAN, a transmitter/receiver (transceiver) device, called an access point, is normally physically connected to the wired network using standard cabling. At a minimum, the access point receives, buffers, and transmits data between the WLAN and the wired network infrastructure, using radio frequencies to transmit data to each user. A single access point can support a small group of users, normally within a range of up to 100 meters depending on the local environment.

To access a WLAN via the access point, users need a computer with a wireless network interface card (NIC) either built in or installed. A wireless NIC can be inserted into the PCMCIA slot of a computer, laptop, or handheld device. Wireless NIC cards can also be installed into the PCI expansion slot of a desktop computer. In either case, the necessary software drivers should also be installed. It is also possible to create a peer-to-peer network—joining two or more computers together simply by installing a wireless NIC in each machine. Equally, it is possible for one of the computers in the peer-to-peer network to be joined to a LAN and to provide Internet access for the other computers in the network.

1.2.1.3. Advantages and Disadvantages of WLANs

WLANs have advantages and disadvantages when compared with wired LANs. A WLAN will make it simple to add or move workstations and to install access points to provide connectivity in areas where it is difficult to lay cable. Temporary or semipermanent buildings that are in range of an access point can be wirelessly connected to a LAN to give these buildings connectivity. Where computer labs are used in schools, the computers (laptops) could be put on a mobile cart and wheeled from classroom to classroom, provided they are in range of access points. Wired network points would be needed for each of the access points. A WLAN has some specific advantages:

• It is easier to add or move workstations.
• It is easier to provide connectivity in areas where it is difficult to lay cable.
• Installation is fast and easy, and it can eliminate the need to pull cable through walls and ceilings.
• Access to the network can be from anywhere within range of an access point.
• Portable or semipermanent buildings can be connected using a WLAN.
• Although the initial investment required for WLAN hardware can be similar to the cost of wired LAN hardware, installation expenses can be significantly lower.
• When a facility is located on more than one site (such as on two sides of a road), a directional antenna can be used to avoid digging trenches under roads to connect the sites.
• In historic buildings where traditional cabling would compromise the façade, a WLAN can avoid the need to drill holes in walls.
• Long-term cost benefits can be found in dynamic environments requiring frequent moves and changes.

WLANs also have some disadvantages:

• As the number of computers using the network increases, the data transfer rate to each computer will decrease accordingly.
• As standards change, it may be necessary to replace wireless cards and/or access points.
• Lower wireless bandwidth means some applications such as video streaming will be more effective on a wired LAN.
• Security is more difficult to guarantee and requires configuration.
• Devices will only operate at a limited distance from an access point, with the distance determined by the standard used and buildings and other obstacles between the access point and the user.
• A wired LAN is most likely to be required to provide a backbone to the WLAN; a WLAN should be a supplement to a wired LAN and not a complete solution.
• Long-term cost benefits are harder to achieve in static environments that require few moves and changes.

1.2.1.4. Current WLAN Standards

The Institute of Electrical and Electronics Engineers (IEEE) 802.11b specification is the most common standard for WLANs. 802.11a has recently been cleared to operate without a license in the 5-GHz frequency range. Several other standards are still under development, including 802.11g, 802.11h, and Ultra Wideband (UWB).

IEEE 802.11a

802.11a operates in the 5-GHz waveband. Because they operate in different frequencies, 802.11b and 802.11a are incompatible. This means organizations that have already deployed 802.11b networks, but want the faster speeds available through 802.11a, will either have to build a new WLAN alongside the existing one or purchase hardware that allows for both types of wireless cards to coexist. Several manufacturers currently provide, or are planning to release, dual-mode access points, which can hold both 802.11a and 802.11b cards. The power output of 802.11a is restricted, and the range tapers off more quickly than in 802.11b.

At present, 802.11a experiences few of the signal interference and congestion problems occasionally experienced by 802.11b users, although this may change now that license restrictions on the 5-GHz frequency band have been lifted and use increases. We can expect to see an increase in dual-platform access points to ensure compatibility between equipment.

IEEE 802.11b

This type of equipment is most common for establishing a WLAN in business. Not all 802.11b equipment is compatible, so the Wi-Fi compatibility mark has been developed. A Wi-Fi mark indicates compatibility between 802.11b products from different manufacturers. 802.11b equipment that is not Wi-Fi branded should be treated with caution. The 802.11b standard operates in the 2.4-GHz spectrum and has a nominal data transfer rate of 11 Mbps; however, in practice, the data transmission rate is approximately 4 to 7 Mbps, around one-tenth the speed of a current wired LAN. This is still adequate for accessing most data or applications, including Internet access, but would be insufficient for multimedia applications or for instances when a large number of simultaneous users want to access data in a single WLAN. Some manufacturers are producing 802.11b solutions with additional functionality that offers throughput at 22 Mbps speed. It is unclear if this type of equipment will be compatible across vendors.

1.2.1.5. Future WLAN Standards

Several standards are in development, all of which have a nominal data transfer rate of 54 Mbps, with actual data throughput probably in the vicinity of 27 to 30 Mbps. These standards, briefly discussed as follows, are known as IEEE 802.11g and IEEE 802.11h.

IEEE 802.11g

The IEEE is in the process of developing the 802.11g standard. Products have been launched by manufacturers such as Apple, D-link, and Buffalo, which are based on the draft 802.11g specification. The standard was expected to be finalized by IEEE around mid to late 2003. 802.11g operates in the 2.4-GHz waveband, the same as the 802.11b standard. If 802.11g becomes available, its advantage is that it offers some degree of backward compatibility with the existing 802.11b standard.

Potential users must be aware that any equipment installed before a final standard is ratified may not conform to the final standard. Organizations are advised to gain the necessary assurances from their supplier or a technical authority, and it is recommended that they seek up-to-date advice on the current licensing situation before making any financial commitment.

IEEE 802.11h

This is a modification of 802.11a being developed to comply with European regulations governing the 5-GHz frequency. 802.11h includes transmit power control (TPC) to limit transmission power and dynamic frequency selection (DFS) to protect sensitive frequencies. These changes protect the security of military and satellite radar networks sharing some of this waveband. It is likely that if 802.11h equipment meets with approval, current regulations will be reviewed, and 802.11h may supersede 802.11a. This may mean that no new 802.11a equipment could be installed and used, and existing equipment could be used only if no changes are made to the network.

1.2.1.6. Bluetooth and Wireless Personal Area Networks

Bluetooth-enabled devices allow creation of point-to-point or multipoint wireless personal area networks (WPANs) or “piconets” on an ad hoc or as-needed basis. Bluetooth is intended to provide a flexible network topology, low energy consumption, robust data capacity, and high-quality voice transmission. Bluetooth is a low-cost radio solution that can provide links between devices at distances of up to 10 meters. Bluetooth has access speeds of 1 Mbps, considerably slower than the various 802.11 standards; however, the Bluetooth chips required to connect to the WLAN are considerably cheaper and have lower power requirements. Bluetooth technology is embedded in a wide range of devices. The Bluetooth wireless transport specification is meant to be used for bridging mobile computing devices, fixed telecom, tethered LAN computing, and consumer equipment together using low-cost, miniaturized RF components. Transport of both data and voice is supported in Bluetooth. Originally, Bluetooth was envisioned as a methodology to connect cellular or PCS telephones to other devices without wires. Examples of these other applications include USB “dongles,” peripheral device connections, and PDA extensions.

Bluetooth, as a WPAN, should not be confused with a WLAN because it is not intended to do the same job. Bluetooth is primarily used as a wireless replacement for a cable to connect a handheld, mobile phone, MP3 player, printer, or digital camera to a PC or to each other, assuming the various devices are configured to share data. The Bluetooth standard is relatively complex; therefore, it is not always easy to determine if any two devices will communicate. Any device should be successfully tested before a purchase is made. Bluetooth is an open specification made available to Bluetooth SIG members on a royalty-free basis. More than 2,000 companies worldwide have declared interest in Bluetooth-enabled devices (for more information about the Bluetooth SIG, see http://www.bluetooth.org).

According to a New Scientist article about Bluetooth gadgetry written by Will Knight (August 11, 2003), Ollie Whitehouse, a researcher based in the United Kingdom and employed by the computer security company @Stake, created an eavesdropping tool to demonstrate just how vulnerable Bluetooth-enabled devices such as laptops, mobile phones, and handheld computers are to someone attempting to pilfer data from them. Whitehouse claimed his “Red Fang” program can be used in any setting where it is common to see users with mobile devices, such as while riding airplanes or trains or sitting in coffee shops. The Red Fang system can be used to scan these devices and determine if they are unprotected. Whitehouse sees his program as being similar to those used for “war-driving” activities (where people seek out poorly secured 802.11 wireless networks.) Ollie claims many people do not even know Bluetooth wireless technology is installed on their mobile devices, let alone the fact that the corresponding Bluetooth security settings are often turned off by default.

A report issued by research firm Gartner in September 2002 indicated that many people do not activate Bluetooth security features, and this inaction potentially exposes their devices to exploitation by hackers. Red Fang was unveiled in August 2003 at the Defcon computer security conference held in Las Vegas, Nevada. Bruce Potter, a security expert with U.S. think tank the Shmoo Group, improved the tool by making it more user friendly, according to Knight in his aforementioned article, which went on to state that “Potter expects Bluetooth security to become a growing concern, considering the high penetration of Bluetooth-enabled devices and the lack of knowledge about Bluetooth security in corporate security departments.”

1.2.1.7. Ultra Wideband

UWB is a high-bandwidth (100 Mbps and up), short-range (less than 10 meters) specification for wireless connection designed to connect computers, or computers and consumer-electronics devices such as handheld and digital cameras, with the potential to become a high-bandwidth connection. There are some doubts that UWB equipment will become commercially available.

1.2.1.8. Security for WLANs

The IEEE has issued a new security standard for incorporation into 802.11a, 802.11b, and any new 802.11 standards that are approved for use, such as 802.11g. These enhancements, known as 802.11i, replace wired equivalent privacy (WEP) encryption with a new, more secure security encryption protocol called temporal key integrity protocol (TKIP), Advanced Encryption Standard (AES), and 802.1 x authentication. 802.11i was incorporated into the IEEE 802.11-2007 standard. While waiting for this standard to be completed, the Wi-Fi Alliance created an interim standard called Wi-Fi protected access (WPA), to allow the introduction of secure wireless products prior to finalization of 802.11i.

Anyone with a compatible wireless device can detect the presence of a WLAN. If appropriate security mechanisms are put in place, this does not mean that the data can be accessed, however. The WLAN should be configured so that anyone trying to access the WLAN has at least the same access restrictions as they would if they sat down at a wired network workstation. All of the following suggestions are practical steps that can be put in place to improve WLAN security. A combination of methods can be selected to meet company needs.

Wired Equivalent Privacy (WEP)

WLANs that adhere to the WiFi standard have a built-in security mechanism called WEP, an encryption protocol. When WLAN equipment is bought, WEP encryption is often turned off by default. In order to be effective, this security mechanism should be turned on. Originally, WEP encryption used a 40-bit or 64-bit encryption key and later a 128-bit key to increase security. All access devices must, however, be set to use the same encryption key in order to communicate. Using encryption will slow down the data transfer rate by up to 30 percent because it takes up some of the available bandwidth.

SSID

SSID is a method wireless networks use to identify or name an individual WLAN. Short for Service Set Identifier, the SSID is a 32-character unique identifier attached to the header of packets sent over a WLAN. This identifier acts as a device-level password when a mobile device tries to connect to the basic service set (BSS). The SSID enables a differentiation from one WLAN to another. All access points and all devices attempting to connect to a specific WLAN must use the same SSID. A device is not permitted to join the BSS unless it can provide the unique SSID. Because an SSID can be sniffed in plain text from a packet, it does not supply any security to the network. Sometimes, the SSID is referred to as a network name. It is a good practice to change the default SSID (network name) and passwords when setting up an access point. Access points may be factory-set to broadcast SSID data to allow users to configure access. This feature should be turned off. Here are some other tips to secure your WLAN:

• Install personal firewall software on all connected PCs and laptops.
• Utilize the Access Control List (ACL) that is standard in WLAN equipment. All devices have a unique MAC address; the ACL can deny access to any device not authorized to access the network.
• Remove rogue unauthorized access points from the network.
• Use password protection on all sensitive folders and files.
• Avoid wireless accessibility outside buildings where it is not required; directional aerials can be obtained to restrict the signal to 180 or 90 degrees from the access point.
• Switching off the power to the access point during off hours makes the WLAN unavailable at those times.

All WLAN systems should run on their own LAN segment, and a firewall should isolate them from the corporate LAN. Users wishing to access company databases through the wireless network should use a Virtual Private Network (VPN), encrypting all WLAN traffic and, thereby, protecting the system from hacking.

1.2.1.9. WLAN Performance

It is important to note that transmission speeds for all WLANs vary with file size, number of users, and distance from the access point. The performance of each standard varies considerably. 802.11b has a nominal data transfer of 11 Mbps, but in practice, the data rate is approximately 4 to 7 Mbps, depending on the equipment used. Performance figures vary depending on the number of users, the local environment, and any obstructions that are in the way. Buildings with many girders, thick walls, and concrete will often shorten the effective range, and there may be areas that are “dead zones.” For that reason, it is always wise to try out a few different products to see how well they perform in your environment.

1.2.1.10. WLAN Implementation Concerns

Planning

To determine the location of access points, it is essential that a site survey be undertaken by a specialist in this area. A site survey will also determine the number of access points required to give the desired coverage, the range of each access point, and its channel designation. The access point, or the antenna that is attached to the access point, will usually be mounted high in a room; however, an access point may be mounted anywhere that is practical as long as the desired radio coverage is obtained. Larger spaces generally require more access points. Before a site survey is undertaken, it is advisable to prepare a floor plan to show where coverage is required. It is also essential that technical staff assist with the site survey. There may be a charge for the site survey, but the supplier will often refund the charge for the site survey if the equipment is subsequently purchased from them.

Capacity

Planning a wireless LAN should take into account the maximum number of people who will be using wireless devices in the range of any access point. The recommended number of devices accessing each access point is 15 to 20. Where light usage of the network occurs, such as with Web browsing or accessing applications that require little exchange of data, this could rise to around 30 users. It is relatively easy to scale wireless LANs by adding more access points, but for an 802.11b network, no more than three access points may operate in any one coverage area because of frequency congestion. An 802.11a network can operate up to eight access points in one area, each using a different channel.

With single-story facilities, the access points will usually be spread far apart, making channel assignment relatively straightforward. You can easily use a drawing to identify the position of your access points in relation to each other and assign each access point to a channel. The key with a larger 802.11b network is to make sure channels are assigned in a way that minimizes the overlap of signals. If access points will be located on multiple floors, then the task is slightly more difficult because planning will need to be done three-dimensionally.

Performance

Each 802.11b access point can potentially be accessed from up to 350 meters away outdoors. This distance is very much reduced indoors, the maximum distance attainable in ideal conditions being 100 meters. The range depends on the extent to which the radio signal is dissipated by transmission through walls and other obstructions and interference from reflection. The amount of data carried by a WLAN also falls as the distance increases; as signal strength becomes reduced, data rate reductions from 11 Mbps to 5.5, 2, or 1 Mbps will automatically occur in order to maintain the connection. It is possible that there may be issues of interference when using a 802.11b WLAN and where there are devices with Bluetooth connectivity, such as handheld devices and mobile phones, in the same area.

Post-installation coverage and performance may also vary as a result of building work, metal storage cabinets introduced into the coverage area, or other obstructions or reflectors that are moved or introduced. Microwave ovens and fish tanks have also been known to affect the performance of 802.11b networks. In the case of microwave ovens, they use the same frequency band as WLANs. If a different standard is implemented after installation of an existing 802.11b wireless network, a further site survey may be required because the coverage is likely to be different when compared to 802.11b. More access points may be required to maintain or improve data rates.

Power Consumption

The power output of 802.11a access points is limited, and the range from each access point may vary depending on the specific frequency used within the 5-GHz spectrum. Wireless cards typically have several different settings related to their power usage. For example, standby mode, where the transmission of data occurs only when required, uses relatively little power and leads to improved battery performance. This works similarly to a mobile phone that only connects to a network when making or receiving a call. Wireless cards that have recently come to market tend to consume less power. This trend is expected to continue as newer generations of cards become available.

Power over Ethernet

Access points require a power supply in addition to a wired network connection. Access points are often sited high on walls and away from existing power outlets. Some products on the market will supply power to the access point via the network cable, removing the need to install additional power cabling.