Setting up a Wi-Fi network may look straightforward enough but there’s lots of opportunity to make mistakes, according to network expert Eric Geier
Make the most of your Wi-Fi network
As more and more people adopt computing and multimedia-capable devices such as tablets, smart phones and even smart watches, carriers and other organizations will be faced with a giant wave of mobile data within the next five years.
As this happens, Wi-Fi networks will become increasingly important, according to Cisco. The network gear maker predicts that more than half of the global network traffic will be transferred from conventional cellular systems to Wi-Fi and small cell networks as carriers rush to avoid network congestion.
An estimated 29 exabytes of mobile data per month will be handled by Wi-Fi networks by 2019 compared to only 24.3 exabytes a month for cellular networks.
In order to succeed, wireless networks require careful planning, analyses, design and maintenance, says Eric Geier, founder of cloud-based Wi-Fi security service, NoWiresSecurity.
In a recent post on Networkworld.com, Geier, outlined several Wi-Fi mistakes that even the pros overlook:
All images from Shutterstock.com
Site survey – A site survey is crucial in order to gather Wi-FI and radio frequency spectrum data which will be used to set baseline readings for signal noise and interferences that come from wireless access points, neighbouring networks and other RF sources.
These surveys range from a simple walk-around for small buildings to map-based surveys involving loading data into specific software programs for larger facilities.
However, one big mistake according to Geier, is neglecting to perform periodic site surveys. Over time interference from neighbouring networks may change or your organization might alter the way it uses the Wi-Fi network.
Periodic site surveys are important because they help determine what network adjustments are needed.
Security– For some organizations the personal or Pre-Shared Key (PSK) mode of Wi-Fi Protection Access (WPA) security is often preferred because it just takes a few seconds to set the Wi-Fi password which is a global password for all users.
By contrast the enterprise mode of Wi-Fi security is a bit more complicated as a RADIUS server needs to be configured for the 802.11X authentication and then unique login credentials need to be created and distributed to each user.
The personal mode may be easier to setup but it could mean more work in the long run to secure, said Geier. For example, because a global password is used, the password needs to be changed each time an employee leaves the organizations.
He also said deploying an enterprise mode Wi-Fi security doesn’t necessarily need to be harder because there are many hosted RADIUS services that can help organization save time and money.
Weak passwords– Whether your organization is using personal or enterprise mode Wi-Fi security, strong passwords are essential. Even is AES encryption is used by WPA2 security, all passwords are susceptible to brute-force dictionary attacks, said Geier. But it is a bit harder to crack 802.1X passwords even with brute-force attacks.
Geier also recommends changing the default passwords on network components such as routers, firewalls and access points.
SSID– Hiding the SSID (Secure Service Identifier) or network names might look like a good idea someone attempting to connect to the network would need it. However, hiding the SSID will not deter someone who is really intent on finding it.
Disabling the constant broadcast of your SSID beacon is possible but you can stop the SSID from being sent out in certain network traffic such as associations and probes, said Geier. Wireless analyzers will also display SSIDs when they are detected.
Disabling SSID also impacts wireless performance as they require more management and take up airtime that could be used for data transfer.
One solution is to use business-class wireless access points that can support multiple virtual wireless networks with their own basic settings for SSID, security, broadcasting, band preferences and others. This way you can segregate the network and set varying levels of network access.
Don’t get carried away though. Each SSID is a network in itself and will require management traffic.
Geier said, if you have more than three SSIDs, consider other ways to segregate wireless access such as using 802.1X authentication with enterprise mode Wi-Fi security to assign users to a VLAN once connection.