Wireless wise

Rolling out wireless LANs requires a new set of operational and network management skills that are in short supply. You’d be wise to familiarize your staff with the technology now so they’re ready for future deployments.

“It’s not a matter of just going out to find thousands of people who have all this wireless experience. They’re not there,” says Charlie Wehner, a senior analyst at Cerner, a healthcare software vendor in Kansas City, Mo. “You almost have to bring your network administrators up to speed on this.”

If you don’t, you face the danger of users implementing their own rogue wireless access points. What’s more, the lack of experience with radio waves, the “physical” medium for 802.11 or Wi-Fi LANs, can lead to networks that don’t have enough bandwidth, or to gaping security  holes. Fortunately, it’s relatively easy for experienced network administrators to pick up a basic knowledge of wireless LANs.

“Part of the job of being a network administrator is being able to adapt to changing technology,” Wehner says. “A few years ago, you might have said ‘VPN’ and few people would have known what you were talking about. Now everyone knows. Wireless LANs are the same way.”

The one main, and obvious, way in which wireless skills differ from traditional wireline skills is that the wire is replaced by a radio beam.

“An understanding of radio systems is quite helpful,” says Christopher Misra, a network analyst with the University of Massachusetts at Amherst. Last year, the IT group created a public access Wi-Fi network for students by installing Cisco wireless access points in five locations on campus.

To secure wired networks, administrators rely on a host of physical security features: doors with locks, walls, carded access to buildings and so on. But with a wireless network, an intruder doesn’t have to penetrate this physical perimeter. “You have to take into account things like controlling signal leakage, grounding access points properly, directing the radio signal to keep it within a building,” Misra says.

One of the most baffling radio problems for newcomers is interference. “Whenever you’re dealing with wireless, the first factor many people look at is ‘what is blocking my signal?'” says Vincent Gullotta, head network engineer with LANocracy, a New Canaan, Conn., network services company. “You need to ask questions like ‘what could possibly disrupt the flow of information?’ and ‘what is the probability that this could happen?'”

A concrete or steel construction, a metal storage closet, a temporary change in how inventory is stacked, microwave ovens or other radio signals can cause interference. Between buildings, foliage growth can even cause interference.

Like many network professionals without radio experience, Misra picked up much of his training as a kind of apprentice. “One of the key assets we had when deploying the LAN was someone with ham radio experience,” Misra says. “This was of great help in deciding on antenna design, in minimizing signal leakage and so on.”

Misra walked around the campus with his colleague, whom he remembers as “the radio guy.”

“The radio guy explained to me about things like [antenna] radiation patterns and cranking down the power of the access point radio [to limit how far the radio signal reached],” he says.

Cerner’s Wehner learned by watching a colleague who had somewhat more experience conduct site surveys to determine where and how many access points to install.

Network administrators with a will to learn quickly can pick up the more specialized knowledge about wireless LANs. “Access points are little more than a hub with an Ethernet-to-radio converter,” UMass’ Misra says. “The traditional skill sets with respect to network management, device configuration and so on is pretty similar.”

Wireless security skills straddle wireline and wireless networks, experts say. Tim Stettheimer, CIO for St. Vincent’s Hospital in Birmingham, Ala., becomes upset when he considers how easily the lack of wireless experience can lead to security blunders and holes.

“For example, you cannot – and this makes me nuts – roll out these wireless access points and adapters with the default configurations the vendors give you,” he says. “Those defaults are well-known and well-publicized on the Web. You’d be so wide open, it’s just scary.”

The good news is that solid wireline security skills are the foundation for crafting strong wireless security. “Security skills for securing wireless LANs are very similar to standard networking security skills, only you have a few more factors to consider,” LANocracy’s Gullotta says. “The security factors are the same. You just have a new point of entry that you have to keep people from using.”

Stettheimer has regular brainstorming sessions on network security, with a special emphasis on wireless issues.

“We ask ourselves why are we doing things a specific way, what threats are emerging, what biometric technologies, such as iris scanning, do we start actively researching,” he says.

Along with informal sharing of practical information and experience, there also are more systematic ways to gain wireless skills.

Vendors such as Cisco and Symbol Technologies  offer training, and there are a growing number of professional training and certification companies that specialize in wireless technology. One is Planet3 Wireless, which offers certifications in several areas including wireless LAN administration and wireless security. Cisco also offers Cisco Wireless LAN Design Specialist and Cisco Wireless LAN Support Specialist certifications.