Jul 01 2006

Business-Class Connections

Testing the wireless waters with inexpensive consumer gear is one way to start, but a business network needs industrial-strength wireless access points.

Photo: Roger Mastroianni
Security is a key requirement for all wireless network equipment at DayMark Safety Solutions, notes CIO John Ross.


Many small companies start off with basic consumer-grade wireless gear, only to realize later that their data and security needs have outgrown their current setup. To buy a little wireless peace of mind, and protect your company's data, you need to understand the differences, analyze the benefits, as well as the risks, and select the right business-grade wireless hardware.


Tronair, a Holland, Ohio-based aircraft equipment maker, started out with home- grade wireless access points (APs), but quickly realized why these products were marketed to home users.


"Our wireless network would go down at 11:30 and come back up around 1:00," recalls Brian Cary, Tronair's IT manager. "At first, we didn't know the reason, but my LAN administrator had an epiphany. We had microwave ovens in the company cafeteria, and they caused interference."



Microwave ovens operate at the same 2.4GHz frequency that the wireless access points do, and the lunch shifts would take down the company's wireless network. The radios in home-network products broadcast at lower power, making them susceptible to interference from other radio sources, such as the microwave.


Tronair decided that its business — which increasingly relies on wireless data in the manufacturing plant — needed extended range, more consistent coverage, central management and heightened security. You get what you pay for. But the cost of business-class hardware is less than $450 for each access point. A full wireless solution with six access points, plus management hardware and software, is available for less than $3,000.


The Good, the Bad, the Ugly


Less expensive, consumer-grade hardware and software works fine for home use, but simply is not engineered for the heavy usage required by business. Most businesses have a greater coverage area than the average home and have more to lose from a security breach. Plus, home-network APs are more sensitive to signal disruption from microwave ovens, welders, large transformers and other power sources that create electromagnetic interference.


The basic home-network security option, known as Wired Equivalent Protocol (WEP), although better than nothing, is getting old, and its weaknesses are well documented. It basically encrypts data in chunks, and then generates a special cipher code for each chunk to allow for decryption and a second code, called an Initialization Vector (IV), to ensure each cipher code is unique. The problem is that WEP wasn't designed to provide enough of these IV codes to do a good job, and cipher codes get duplicated. When data is encrypted, the IV may create duplicate encryptions, which creates an opportunity for hackers.


A Comparison of Business-Class and Consumer-Grade Wireless Access Points
Product HP Procurve 420 Linksys WAP 54g v2
  Power Over Ethernet available n/a
SSIDs 8 1
Client Connections up to 128 up to 32
Channels Available 14 channels available 11
Security Options 64, 128, 152-bit WEP; WPA-PSK (AES & TKIP); WPA2; IEEE 802.1x; RADIUS; MAC Filtering 64, 128-bit WEP; WPA-PSK (AES & TKIP); Linksys Wireless Guard (pay service); RADIUS; MAC Filtering
Transmission Range up to 1,148 feet * ** up to 100 feet *
Transmit Power 18 dBm 15 dBm
Transmission Standard IEEE 802.11b/g IEEE 802.11b/g
Speed up to 54 MB/sec up to 54 MB/sec
Physical Size 8.6" w x 1.29" h x 5.4"d 7.32"w x 1.89" h x 6.65"d
Weight 28.16 oz 16.32 oz
Other Features SNTP time synch n/a
  Neighbor access point detection n/a
  Auto channel select n/a
  Up to 64 VLANs n/a
  Management software available n/a
  Dual flash ROM (fail-safe) n/a
* range decreases as transmission speed increases
** realistically, at 54MB/sec, your range will be closer to 100 feet


The newer alternative is WiFi Protected Access (WPA), which reuses less code and is safer because it does not duplicate the IV codes or cipher codes. WPA also uses stronger IV codes that are harder to crack, and it uses a hierarchy of keys to encrypt the data. Newer encryption standards, such as 802.11i and WPA2, are being finalized now and are better still. You can bet home-network equipment won't be supporting those anytime soon.


By contrast, security options for business-class hardware abound; you can choose from WEP if you must, or use any of the WPA flavors. You will also be able to opt for 802.11i and WPA2. And best of all, for around $1,400 to $2,500, you can purchase centralized configuration software to configure your access points quickly and easily. But don't limit yourself to centrally configuring your access points. Some brands, such as Cisco and Hewlett-Packard, for example, allow you to treat your entire network — router, switches, access points, everything — as one centrally manageable unit.


In analyzing the benefits or risks of the transition from home-network equipment to business class, security is a must. "While it is valuable to improve the connectivity of our people and our processes, security is always a key consideration when we deploy technology," notes John Ross, CIO of DayMark Safety Solutions in Bowling Green, Ohio. "Without a secure environment we cannot protect the integrity, availability and reliability of the tools that we use to service our customers and the supporting processes."


Photo: Roger Mastroianni
The consumer-grade wireless network initially installed at Tronair was brought down by microwave ovens in the company cafeteria, recalls Brian Cary, Manager of IT.

Business-Class ROI


Calculating the ROI of faster, more reliable and more secure network infrastructure can be tricky. But if the CEO is among those who need to wirelessly check e-mail or access company data from various locations around the office, an IT manager may not have to justify an upgrade for access points that cost $300 to $500, plus carry a substantial annual fee to maintain — compared to less than $100 for solid consumer models.


At Tronair, making the business case wasn't difficult, because executive management was frustrated with the existing system. "Since we had electromagnetic interference on the existing APs, we could take the time down per day and multiply by the man-hours and lost productivity and had our ROI in under two weeks," says Cary. To bolster the business case, the IT team developed a business continuity plan, which gave the company poor marks for lax security on the wireless network.


Businesses that have strict regulatory requirements for data security — an increasingly large percentage of businesses large and small — or a business continuity plan that calls for tight security measures to help ensure network uptime can justify an upgrade on security features alone. Less security-conscious businesses can calculate ROI simply by averaging downtime on the wireless system and multiplying that by the salaries of the people affected. Companies with a high concentration of high-salary employees using the wireless network and spotty performance of consumer wireless gear can see an upgrade pay for itself within two years.


The soft ROI from better performing hardware comes from greater wireless coverage around the office and faster, more reliable connections for end users, which translates into better productivity for the IT team, who in turn field fewer calls from angry users and sleep better because of enhanced security.


Making the Switch


Justifying the switch to business-class wireless hardware is often easy, but there are a few pitfalls businesses should avoid once they've decided to make the move. Among them are the annual maintenance fees, which aren't always comparable from one vendor to the next. Just because a company has chosen a primary vendor for its wired network infrastructure doesn't mean that same vendor is the best choice for wireless gear. Businesses should compare annual fees, and budget for them before making a final choice.


And don't buy what you don't need. Most makers of industrial-class gear offer a variety of add-ons and extras, such as a unified network management program, but those components can be added as needed and don't have to be part of the initial rollout.


Also, most vendors of high-end wireless gear will provide loaners for testing purposes. Always ask for a sample of the hardware under consideration to test whether or not it works in a specific environment. Do a site survey to ensure good wireless coverage. Check out all its features, and generally kick the tires before you buy.


You'll also need a floor plan of your business, marked with the dimensions and the locations of all systems that will be connecting wirelessly. Answer these questions: Do I have existing wireless access points? How many computers will connect wirelessly? Where do I need continuous coverage? Is there a power outlet and network wire at each AP location? What might interfere with the signal? You will also want to avoid using an Ethernet line and WiFi at the same time, as some applications cannot handle both.


And to make the best use of high-end security features, it's critical to have an accurate list of all the MAC addresses of the wireless cards and devices a company has in use. Even with all the new security options, MAC filtering is a fundamental first step to securing a wireless network, and without a complete and accurate list of addresses, the initial setup can be much harder than necessary. Gleaning an accurate list is a chore, and one that needs to be updated every time an end user walks in with a new PDA phone or other wireless device.


CEO takeaway
The price of a wireless upgrade is insignificant when weighed against the security vulnerabilities inexpensive consumer gear creates. Here are some key questions to ask if your IT manager wants to upgrade the wireless network:
• Why does the existing system need to be replaced?
• If the current system isn’t up to par, how vulnerable is company data now?
• What new security and data integrity features does the new system offer?
• How will older systems connect to the new network? Have we budgeted for upgrades of all the necessary connections?

More On