Wireless access controllers: Worth the trouble?
- — 15 May, 2007 14:45
Wireless networking is becoming more prevalent in our company. While the newer wireless showing up on the network is Mode G, we still have quite a bit of the Mode B. Some of the Mode B equipment may not be replaced for some type due to the cost (we have wireless bar code readers with specialized programming incorporated in them). My concern is how best to protect all of the wireless that we have on the network. Should I look at getting one of the wireless access point controllers that I have read about?
First, inventory all the wireless devices and access points that are currently in use. Record the type of wireless each device works on, what encryption each supports, the lengths of the encryption keys that can be used and if there are any characters, such as punctuation, that can't be used in the key. It might also be a good idea to start a spreadsheet of the network-card driver versions and the flash firmware in use by the access points. Upgrading the firmware used by the respective devices may help minimize the exceptions that need to be made and might just help justify the cost of upgrading to newer devices that may make your ultimate goal easier to achieve.
While most G devices can operate on mode B, some of the levels of encryptions that can be used aren't available on both modes. If this is the case in your shopt, see if your access points will let you have multiple SSID's. One could be for Mode B devices and the other could be for Mode G. Although this does mean a bit more set-up and maintenance work, it will also mean the best set up for each group of devices. Not all access points can do this; if yours can't, consider swapping in access points that can.
I would suggest turning off the broadcasting of the SSIDs. While this information can be sniffed out using readily available tools, you don't have to make it easy for the would-be intruder. Using the most challenging key is very important. You may also want to consider using either MAC address filtering, MAC address authentication (this may not work with some implementations of WPA/WPA2), and some other advanced options, such as RADIUS, where you have to enter some additional credentials in order for the wireless device to access the network.
There may not be any one best way to do accomplish your goal. While using an access-point controller may be the over best way to go when for the long term, it won't be cheap and may have a steep learning curve. This could also require that you change out some or all of your access points to ones that can be managed. This won't be quick process to go through and will need to be re-evaluated over time as new technology is available to make sure you are doing what will protect you the best while getting the best return on the investment required.
