Tech Industry

Commentary: What to do about Wi-Fi

Companies probably can't avoid wireless LAN installations, so they should get ahead of the problem with next-generation 802.11a and wireless switch gear that increases data speeds, hardens security and improves manageability.

Commentary: What to do about Wi-Fi
By Forrester Research
Special to CNET
September 9, 2003, 11:00AM PT

By Maribel L. Dolinov, Principal Analyst

Despite very soft return on investment, companies probably can't avoid wireless LAN installations. Smart companies will get ahead of the problem with next-generation 802.11a and wireless switch gear that increases data speeds, hardens security and improves manageability.

Wireless LANs are showing up everywhere--in the home, the office, and hot spots like Starbucks outlets and airport departure lounges. Although the technology looks promising, the alphabet soup surrounding 802.11--and real security concerns--have left IT executives confused. CIOs want to know:

Should I deploy a wireless LAN?
Yes--even considering relatively lightweight returns. Why? Because Wi-Fi is like the Web server was in 1995: cheap and easy to deploy. Already, companies without official Wi-Fi investments are overrun with Wi-Fi gear purchased and configured by employees, opening up real security and network management challenges. Instead of fighting a losing battle, companies should start IT-led wireless LAN (WLAN) deployments and encourage users to turn in small-office/home-office devices for corporate-grade gear. And companies that do won't be alone: Almost a quarter of companies are now deploying WLANs.

Which wireless LAN standard--802.11a, b or g--should I use?
Forrester believes that companies should deploy 802.11a because it bolsters capacity to 54Mbps, offers eight channels instead of three and reduces interference by using 5.8GHz instead of the 2.4GHz spectrum. Although 802.11g offers high speed with backward compatibility, using the 2.4GHz band does nothing to fix interference, and the gear isn't yet standardized. Companies with large in-place 802.11b networks should issue dual-radio cards to their users and run a mixed 802.11a/b environment until they can replace access points.

Can companies deploy a wireless LAN securely?
Absolutely. First, companies need to hunt down rogue, insecure access points using monitoring products from vendors like AirDefense or Fluke Networks. Second, administrators should turn off the beacons that

Related story

New wireless networking chips could
soon test the theory that Wi-Fi and
cellular data services can work hand
in hand rather than compete.

create security holes. Stopping the broadcast of the service set identifier (SSID) would help this point. Third, companies can sidestep Wired Equivalent Privacy security issues in the short run by implementing access points outside the firewall with virtual private networks (VPNs) to provide strong authentication and encryption. Finally, businesses with hypersensitive security needs, such as financial companies and government agencies, should work with wireless LAN security specialists like Bluesocket and Cranite Systems until next-generation security like 802.11i with Advanced Encryption Standard gets baked into products in late 2004.

How do I improve WLAN manageability?
With first-generation gear, every access point has to be implemented, monitored and managed separately. It's easy with a few access points, but management costs grow linearly when dozens or hundreds need to be updated. New WLAN switches from vendors like Aruba Wireless Networks and Trapeze Networks will improve manageability by automating calculations for access point placement and centralizing intelligence into a single--or handful--of switches. And vendors like Vivato can help radically reduce the number of access points required. Moreover, many of these next-generation solutions can enhance security by identifying and disabling rogue access points.

Should I subscribe to a monthly hot spot plan?
For most users, the answer is not yet--but soon. Today's wireless Internet service providers, such as T-Mobile and Wayport, offer spotty coverage at high prices. Within two years, prices will fall, roaming agreements will improve coverage, and operators will bundle Wi-Fi with their existing VPN and cellular offerings. Instead of paying $30 a month per user for hot spot access from T-Mobile, a company will be able to add Wi-Fi access to its AT&T remote access service for $5 per month.

© 2003, Forrester Research, Inc. All rights reserved. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.