Radio Frequency (RF) waves travel well through most solid objects. This creates a complicated scenario when dealing with physical security on your network. The placement of access points and their antennas requires some careful planning and site surveys. Moving Target The industry standard for wireless security is a moving target at this time. The target standard is IEEE (Institute of Electrical and Electronics Engineers) 802.11i. As of the writing of this book this standard is still in draft. It outlines wireless security guidelines for hardware manufacturers and software developers. Common Mistakes When Planning Access Point PlacementWhen considering coverage and number of access points, physical placement is very important in a wireless network. Taking into account the surrounding building architecture, distances and possible sources of interference become critical. RF propagation patterns can be affected in many ways. You're going to look at some of the points to take into consideration while creating your WLAN layout. Considering Signal AttenuationRF attenuation refers to the reduction of signal strength between the wireless AP and the client station. Attenuation is represented in decibels (dB). Decibels are 10 times the logarithm of the signal power at a particular input divided by the signal power at an output of a specified medium. An application of this formula is listed in Table 2.1. Table 2.1. Sample Attenuation Results
Inside a building structure attenuation is caused by common construction materials such as wood, metal, and concrete. Additional items that come into play when considering loss are metal storage shelves , partitions, and people. Examples of some common objects that cause signal attenuation are listed in Table 2.2. Table 2.2. Common Attenuation Causes and the Resulting Loss
Outside the building structure attenuation is based on free space loss formulas. These formulas take into account the power of the transmitting station, distance, and the receiving station sensitivity. Other factors might be objects that might obstruct a portion of the RF propagation pattern. Administrators need to take into account that RF signals between the client and the AP can be attenuated by various metal objects. These objects act like antennas and drown out the usable signal. When designing a WLAN layout make sure to be aware of building materials such as the following:
WLAN administrators can reduce the ease of the "man in the middle" attacks by placing access points near the middle of the building structure. Window coverings that contain metal coatings can reduce the signal emitted into the parking lot or surrounding areas. Grounding metal studded walls can also help create a barrier to signal propagation into unwanted areas. Planning Signal CoverageOmni-directional antennas transmit the RF signals in all directions at basically the same level. Think of the shape of a doughnut surrounding the center of the antenna. 802.11b access points generally have greater transmission range than 802.11a. This is because of the wavelength of the RF signal. The 2.4GHz of 802.11b has a longer wavelength and loses less power over distance. Access points available from enterprise class vendors enable users to set the radio transmission power level. The maximum transmit power level allowed by the Federal Communications Commission in the Unite States for an 802.11b transmitter is 1 watt (1,000 milliwatts). Directional antennas transmit the RF signals in a single direction. This type of antenna is best used for narrow coverage requirements such as hallways. Another application of this type of device is for long distance point-to-point transmission. Coverage of the desired areas can be increased by deploying multiple overlapping access points. By knowing the requirements of the network you can either give the end users constant signal levels, such as 11MB/sec or allow throughput down to 1MB/sec. The SSIDs, power output, and overlapping channels are important. By mapping out your network application requirements you can place the appropriate antennas and number of access points in the correct areas. Reducing InterferenceYour wireless network signals are susceptible to multiple sources of interference. By keeping your access points higher in your room layout, such as above false ceilings and mounted to beams in warehouse structures, you should avoid most common sources of interference. Rogue access points can create havoc on your wireless LAN design. You can avoid the rogue access point from hijacking your clients by removing the rogue from the desired connections within your client's wireless network interface card (NIC). Avoiding WLAN Conflicts Knowing the frequencies of the WLAN can help avoid conflicts. IEEE 802.11 is the standard for WLANs. The frequency, or band , that 802.11b uses from 2.4 to 2.5GHz. 802.11a operates in the range of 5.725 through 5.875 GHz. Appliances such as microwaves and portable phones operate at the same frequencies as 802.11b and 802.11g networks. By avoiding placing your access points too near these appliances you can reduce your likelihood of interference with such devices. Considering DistanceIndoor distances can be affected by physical obstructions and RF-producing appliances. The average maximum distances are about 300 feet, but can differ greatly depending on access point power and antenna placement. As mentioned previously, signal strength, and therefore distance, can be decreased due to interference and attenuation. Outside applications can be much greater due to the lack of interference. The use of directional antennas and amplifiers can extend the distance to kilometers in range. Turning Down the VolumeAlthough using the highest possible signal level gives the longest range, this might not always be desirable. By testing signal level tests and checking for overlapping channels, it might be necessary to lower the transmit power to reduce overlapping coverage. Using the wireless AP configuration utilities, it might be prudent to lower the radio output. This approach would be best applied where access points are near the exterior of buildings or on the edge of desired WLAN RF coverage. Connecting to PowerOne of the last things people often think about when deciding where to place their access points is power. An important item to consider is how to get the proper power to any access points up above false ceilings or mounted to beams high above the warehouse floors. The saving grace in scenarios where power isn't readily accessible via an AC receptacle is called power over Ethernet (POE) . POE is supported by most enterprise level access point vendors. Some are as simple as an in-line power injector. Other vendors have special network switches that support POE. Bridging Versus BroadcastingWireless bridging devices can be used for temporary network links or where wiring is impractical . Bridging between two wireless devices lowers the ability of attackers from being able to associate with your wireless network. Using wireless bridges also allows for point-to-point or point-to-multipoint connections. A popular use of wireless bridges is from building to building using directional antennas. This can either be a temporary or permanent installation. Using RF signal amplifiers and high gain antennas can transmit the signal for several miles. |