ZDNet UK / News and Analysis / Infrastructure / Networking

Tightly shod footprints toughen security

By Scott Robinson, TechRepublic, 24 August, 2004 10:50

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

Footprint, wireless networking, Network security, intruders

COMMENT
A wireless network's footprint is its effective area of coverage, the physical territory in which one may access it. In most cases, growth in wireless network footprints is a good thing, even a bragging point. Bigger means greater access to the network. Metaphorically speaking, you want the network's footprint to be worthy of a tyrannosaur -- absolutely huge and providing great coverage and a high degree of availability.

On the other hand, that huge footprint carries a risk of malevolent intrusion that increases with its size. A network footprint is more or less a product of the access point deployment. And the primary entry in a WLAN for an intruder is, of course, the access point (AP).

That's why the management of a network footprint requires a constant balancing act between territorial expansion and controlling the increasing security risks. Simply, network footprint expansion is synonymous with increasing security risk. As you expand and increase your network, you must give corresponding diligence to security issues.

As your network grows, there are some specific initiatives you should make standard:

Curtail informal network expansion
When APs are added, they should be added according to a formal procedure that includes:

  • A request for the increase in coverage.
  • An assessment of the user load the AP will handle.
  • An evaluation of that local environment for leakage risks and potential signal interference.
  • An authorisation that leaves someone accountable.
  • A detailed record of the AP's installation and testing.

    • Wireless expansion via AP is so simple that it is a temptation to just pop an AP in as easily as we move a lamp in our office. But the issues and risks are exactly what they would be -- and then some -- if we were running network cable to a new floor of our building.

    Control local AP footprints
    While your network has a footprint, so do individual APs. Here are some rules of thumb for providing good coverage while preventing leakage:

  • Keep the AP as far away from any windows as possible.
  • Place the AP as high in whatever room it is sitting as you reasonably can.
  • Be certain the AP is not sitting too close to another RF source. (Computers themselves can cause interference; don't place an AP next to one.)
  • Choose antennas carefully. Different environments call for different antenna types. The idea is to keep signals within your building, with maximum access in the proper context and minimal access beyond.
    • Some good tips:
  • Use omnidirectional antennas for more centrally located APs.
  • Point the antenna straight up.
  • Consider a directional antenna in areas along the perimeter of your building to minimise signal leakage to the outside world. If you can't change the antenna of an AP near the building perimeter, point the antenna inward toward the centre of the building.

    • Maintain a proper client/AP ratio
    Another aspect of network footprint control is individual AP effectiveness in context. It's very important that you keep a proper ratio of clients to APs. A good rule of thumb is 20:1 as an upper limit. Keep in mind that your effective AP range, the geography of the room, and possible sources of interference will not likely be more than 150 feet. Plan the number and placement of APs according to these rules.

    Final thoughts
    Increase your wireless network's effective resolution with an eye toward security when you fine-tune AP signal strength. There's a balance between a strong signal that makes the AP effective in the area where it's placed and a signal so strong that it leaks to the highway outside. Attention to this detail can prevent an intrusion.

    Remember that rogue access points essentially represent unplanned, uncontrolled footprints. An axiom of control system theory is that you can't control what you can't observe. Since rogue APs can slip into even the best-planned wireless networks, resolve to keep a constant watch for them. You can detect rogue APs with a number of freely available utilities.

    Related stories

    Parliament to get wireless network

    Broadband fulfilling its promise

    SonicWall zones in secure Wi-Fi access

    Deployment guidelines for WLANs

    Ofcom to make it easier to change broadband service

    Post your comment

    In order to post a comment you need to be registered and logged in.

    You can also log in with Facebook. Log in or create your ZDNet UK account below

    • Login

    Will not be displayed with your comment

    By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

    Get ZDNet UK's daily newsletter

    Enter your email address to sign up

    ZDNet UK Live

    Moley

    @kevinmchapman. OK, I acknowledge that 'most' was a gratuitous throwaway comment as an afterthought and too presumptuous. As to proof, as you...

    34 minutes ago by Moley on A tale of two distros: Ubuntu and Linux Mint
    Jack Schofield

    @BrownieBoy > Works really well for thieves.... >> Nice attempt to deflect the argument by tossing in a point that's totally >> irrelevant, even...

    2 hours ago by Jack Schofield on AMD Ultrathins to challenge Intel Ultrabooks
    raskolnikof

    fantastic that the so called piracy bills have been withdrawn. however, these anti-democracy supporters are still in the shadows so lets be alert...

    2 hours ago by raskolnikof on SOPA, Protect IP support wavers in face of online protest
    Tony Douglas

    Please God no; teach them anything you like - thinking rationally, the uses and misuses of data, what data is and what it's not - but leave the...

    5 hours ago by Tony Douglas via Facebook on Kids are the future. Teach ’em to code.
    BrownieBoy

    @Jack, > Works really well for thieves.... Nice attempt to deflect the argument by tossing in a point that's totally irrelevant, even it were...

    19 hours ago by BrownieBoy on AMD Ultrathins to challenge Intel Ultrabooks
    bootlegger

    Make that 13 people now - I got refused today at Manchester airport. I thought I was up to date on this legislation - I knew of the EU ruling from...

    22 hours ago by bootlegger on UK airport body scans will not be opt out
    tinycg

    Don't forget to check out apps like GoodReader or SlideShark either, they're indispensible for people on the go in presentation situations. Best...

    1 day ago by tinycg on Four top iPad apps for people on the move
    TerryRK

    Well it seems there is something a number of us agree on. Why is the Ubuntu Unity launcher so ugly? I thought perhaps it was something to do with...

    1 day ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
    Freebies202

    Duplicate comments are not made intentionally. Its very good to know that now you are keeping check on this problem because sometimes a commenter...

    2 days ago by Freebies202 on Microsoft fixes blog comments, speeds up blogs with open source
    kevinmchapman

    "the very significant number of users" and "many (most) of us" - you have no evidence for these statements. It is a fact that most users are saying...

    2 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
    Marg Menzies Harrison

    Another grammar faux pas is the improper use of "you". When sitting down down in a restaurant, for example, I get cringe when the waitress...

    2 days ago by Marg Menzies Harrison via Facebook on 10 flagrant grammar mistakes that make you look stupid
    zdnetukuser

    And NOW, folks, for Canonical's next trick... Kubuntu is late. Here's a pencil. Draw your own conclusions. cf.:...

    2 days ago by zdnetukuser on Linux Minterface
    Moley

    @kevinmchapman. The discussion here reflects the very significant number of users who really do like the traditional menu system and who wish to...

    2 days ago by Moley on A tale of two distros: Ubuntu and Linux Mint
    kevinmchapman

    Er, no... It is an efficient means of finding the application/file/setting you need in one place. The icons are a simply a fallback for when you...

    2 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
    TerryRK

    Isn't the provision of a text based search an admission by the developers that the mass of icons approach does not work? I don't need to use a...

    2 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
    kevinmchapman

    "Unity and GNOME 3 both abandon the old text-based cascading menus in favour of a graphical icon-driven system." Point truly missed. Both use a...

    2 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
    TerryRK

    whs001 - Thank you, I'm glad you liked the article. I absolutely agree with you on your first point. I should perhaps have made it clearer that...

    2 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
    Dennis Nilsson

    If we allow corporate interest to dictate the way our government circumvents due process against foreign entities then we should accept the same...

    2 days ago by Dennis Nilsson via Facebook on ACTA stumbles in Germany
    GHar123

    I totally dislike pirating of works, I fear that artists will be deterred from creating works if they think that they are going to get ripped off....

    2 days ago by GHar123 on ACTA stumbles in Germany
    JCB33

    How dare film makers, artists or anybody that invests in creativity stop us pirating their works for free. I want to be able to walk into my local...

    3 days ago by JCB33 on ACTA stumbles in Germany

    Latest in Networking

    Ofcom to make it easier to change broadband service

    Google set to build backbone of its 1Gbps fibre network

    Nicira reveals network virtualisation details

    Featured white papers

    Manage Projects More Efficiently Using Online Meetings

    Citrix Online

    Manage Projects More Efficiently Using Online Meetings

    Whether your business is a medium-sized organisation or a large conglomerate, projects are a part of your everyday... Read more

    Using cloud-based solutions to fight DDoS attacks

    VeriSign

    Using cloud-based solutions to fight DDoS attacks

    As distributed-denial-of-service attacks grow in size, complexity and frequency, security organisations are discovering that in-house solutions are no longer... Read more

    How to prime your WLAN for employee devices

    Aruba Networks

    How to prime your WLAN for employee devices

    Companies are finding the wireless LAN is under pressure as employees are bringing their own devices to... Read more

    Inside ZDNet UK

    NASA switches off last mainframe

    NASA switches off last mainframe

    Getting to the enterprise with WOA

    Getting to the enterprise with WOA

    HP Slate 2

    HP Slate 2

    How to handle data replication

    How to handle data replication

    Ten flawed products that derail productivity

    Ten flawed products that derail productivity

    NASA video shows dark side of the moon

    NASA video shows dark side of the moon

    HTC Explorer: First Take

    HTC Explorer: First Take