PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The reader
is available for free
download.
Wireless Local Area Network
Copyright 2019, Faulkner Information Services. All Rights Reserved.
Docid: 00021011
Publication Date: 1902
Report Type: TUTORIAL
Preview
A wireless local area network (WLAN) is one in which mobile
users can connect to a local area network (LAN) through a wireless,
i.e., radio or infrared, connection. Like its wired counterpart, a WLAN is
becoming essential to enterprise operations, enabling employee and
guest laptops, smartphones, and tablets to access enterprise
information and information systems.
Report Contents:
- Executive Summary
- WLAN Architecture
- WLAN Drivers
- WLAN Security
- Recommendations
- Web Links
- Related Reports
Executive Summary
[return to top of this report]
A wireless local area network (WLAN) is one in which mobile users can connect
to a local area network (LAN) through a wireless, i.e., radio or infrared, connection.
Related Faulkner Reports |
Cisco Systems Company Profile Vendor |
Designed to serve a limited geographic area such as an office, plant floor, or
retail setting, a WLAN enables enterprise users to access enterprise information, information systems,
and the Internet via a variety of mobile devices including laptops, smartphones,
and tablets.
A WLAN can be built using a variety of protocols, commonly Wi-Fi or
Bluetooth. Most modern WLANs implement the IEEE 802.11, or Wi-Fi, standards. "Wi-Fi is achieved with a wireless base station, called an [access point (AP)]. Its antennas transmit and receive a radio frequency [signal] within a range of
30 to 150 feet," depending on obstacles.1 A WLAN is sometimes referred to as a LAWN, or local
area wireless network.2
Wi-Fi is the wireless equivalent of the wired Ethernet networks that presently
dominate the enterprise space. Wired Ethernet is the backbone of
traditional LANs, which for twenty-plus years have allowed users to share
applications and data across a range of wired devices, principally, servers,
desktops, and printers.
While wired LANs will not disappear – the infrastructure’s in place and they
still serve the needs of deskbound knowledge workers – a new generation of
enterprise employees, more familiar with and more committed to the use of
mobile devices to conduct enterprise business, is driving the deployment of
wireless local area networks.
WLAN Environments
Relative to
deployment, WLANs may be found in the following
environments:
- Wired and
Wireless LAN in which an enterprise augments its existing wired network
with a companion wireless network. This arrangement allows the
enterprise to accommodate the "bring your own device" (BYOD) crowd, who insist
on accessing enterprise information with their own smartphone or tablet. It also allows the enterprise to issue enterprise-owned – and
enterprise-secured – mobile devices. - Wireless LAN
Only in which new or "refreshed" enterprise facilities offer only
wireless access, eliminating the expense of extensive point-to-point wiring. This approach is ideal for small or remote offices which may have a limited
life span. - "Guest" Wireless LAN Only in which an enterprise provides "hot spot" services, including "free Wi-Fi,"
for near- or on-premise patrons. This model is
common to retail venues such as coffee shops, and usually supports one to fifty guest
users. This "Wireless as a Service" (WaaS) model helps attract and
engage customers and, of course, generate revenue for the enterprise. - High-Density Wireless LAN in which an enterprise provides Wi-Fi access to a large and
highly-concentrated audience, as might exist at a stadium, concert hall, or
conference facility.
WLAN Architecture
[return to top of this report]
A wireless local area network (WLAN), as depicted in Figure 1, consists of
two classes of components or stations3:
- Client devices, normally laptops and smartphones.
- Access Points (APs), which logically connect the client devices
to a Distribution System (DS), typically the enterprise’s wired
network infrastructure. The DS offers the means by which the client
devices can communicate with the enterprise’s wired local area networks and,
of course, the Internet.
Wireless Switches act as intermediaries between the APs and the DS and
assist administrators in maintaining and managing the WLAN infrastructure.4
Figure 1. WLAN Architecture
Source: NIST5
WLAN Pros and Cons
According to
analyst Bradley Mitchell, wireless local area networks present both advantages
and disadvantages.
Among the
Pros:
-
"A large number of
devices are supported. -
"It’s easy to set up a
WLAN, especially when compared to laying cables for wired networks. -
"Accessing a WLAN is
easier than a wired LAN since cable length isn’t a factor. -
"WLANs are common even
when away from a business or home, like in public areas."
Among the
Cons:
-
"It’s easier to hack a
WLAN, which is why encryption is necessary. -
"Wireless interference
can [compromise] the speed and stability of a wireless network. -
"More wireless
devices, like repeaters, are needed to expand a wireless network."6
Site Survey
The first and most critical step in provisioning and configuring a
wireless local area network is performing a site survey. According
to HP,7 the site survey should yield a network design document that describes the location of each access point
and its coverage area.
Among the important considerations in creating a site survey are:
- How many wireless users will be served?
- What types of traffic will these users
generate? Will they be doing light-weight tasks like responding to e-mails,
or heavier work, such as streaming Youtube videos, or
both? - How many users will occupy a given space?
- If densely populated, what percentage of users
will be invoking wireless services concurrently? - What obstacles might potentially block or
degrade Wi-Fi signals? Concrete walls? Metal ceiling tiles? Metal furniture? Outdoor (or indoor) foliage? Coated glass? - What type of security is required?
- How will the enterprise wireless and wired infrastructure interface?
Importantly, the site survey should be conducted by a wireless communications
professional.
In addition, to avoid expensive mistakes, enterprise officials should
pursue an incremental approach to WLAN deployment. This provides an
opportunity to:
- Validate usage assumptions
- Verify equipment capacity and performance
- Minimize possible damage to existing network systems and services
WLAN Drivers
[return to top of this report]
The present popularity of wireless local area networks can be attributed to several
factors.
Bring Your Own Device (BYOD)
Bring your own device (BYOD), in which enterprise employees first requested
(and later demanded) the ability to attach their personal information devices (smartphones
and tablets) to the enterprise network, is becoming a standard practice. As
a consequence, enterprise planners are establishing new wireless local area
networks or expanding existing
ones to satisfy their growing mobile communities.
New Mobile and Smart Devices
In addition to supporting smartphones and tablets, new mobile and smart
devices are fueling the demand for WLANs, including:
- Wearables (smart watches, smart bands, and smart glasses)
- Media players (smart set-top boxes and smart TVs)
- Smart home appliances8
Flexible Deployment
Wireless offers a more flexible and less costly means of
provisioning network access. This is ideal for new or temporary facilities
since wireless infrastructure can be readily assembled and broken down
based on business needs. Many schools, for example, turned to
wireless to increase their PARCC testing capacity. (PARCC, or the
Partnership for Assessment of
Readiness for College and Careers, is a multi-state program that mandates computer-based K-12
assessments in mathematics and English language arts and literacy.)
Performance Acceleration
Historically, wireless has been plagued by inconsistent service
including dropped connections and slow performance. The wireless
industry is reacting by producing better equipment and instituting
better standards.
Notably, in December 2013, the IEEE ratified Wi-Fi standard,
802.11ac, essentially a faster and more scalable version of 802.11n. According to Cisco, the
802.11ac standard "couples
the freedom of wireless with the capabilities of Gigabit Ethernet.
"Wireless LAN sites will see significant improvements in the
number of clients supported by an access point (AP), a better experience for
each client, and more available bandwidth for a higher number of parallel video
streams. Even when the network is not fully loaded, users [will] see a benefit: their
file downloads and email sync [will] happen at low‑lag gigabit speeds. Also, device battery life [will be] extended, since the device’s Wi-Fi interface can wake up,
exchange data with its AP, and then revert to dozing that much more quickly."9
According to Infonetics, 11ac, also known as Wi-Fi 5, will enjoy an
approximately 90 percent market
share for enterprise APs by 2019.10
Wi-Fi 6
A new Wi-Fi standard, 802.11ax, or Wi-Fi 6, should be finalized in
December 2019. According to analyst Mark Turner, "Wi-Fi 6 will have a
single-user data rate that is 37 percent faster than 802.11ac, but what’s more
significant is that the updated specification will offer four times the
throughput per user in crowded environments, as well as better power efficiency
which should translate to a boost in device battery life."11
Wi-Fi 6 should further accelerate the adoption and performance of wireless
local area networks.
In the Near Future, WLAN Resources Could Be Overwhelmed by IoT Devices
The coming Internet of Things (IoT)
could cause wireless disruptions as billions of IoT devices are attached to
wireless networks.
ABI Research predicts that as
many as 30 billion devices will be wirelessly connected to the IoT by 2020. Analyst Neil McRae warns that "Many Wi-Fi networks have not been (and continue not to be) designed to deliver on the
capacity requirement the enterprise will face with the explosion of IoT."12
Wireless as a Service
In addition to providing employees with multi-device access to enterprise
information assets, wireless local area networks can provide value-added
services to enterprise customers. For example, Extreme Networks has
deployed wireless networks at a number of National Football League (NFL) stadiums:
- Improving the experience for "the fans in the seats" by furnishing fresh
digital content to their smartphones and laptops. - Providing teams and the league with valuable intelligence on fans’
digital behavior.
In evaluating the results, Anne Gordon, a Philadelphia Eagles vice president,
said that "Every game is an opportunity for us to gather data, listen to
feedback, and make changes."13
WLAN Security
[return to top of this report]
Wireless networks, including WLANs, present numerous security exposures. To effectively secure an enterprise-class wireless local area network, the US
National Institute of Standards and Technology (NIST) has established a set of
WLAN security guidelines.
Security Configurations
Have standardized security
configurations for common WLAN components, such as client devices and APs.
A standardized configuration
provides a base level of security, reducing vulnerabilities and lessening the
impact of successful attacks. Standardized configurations can also significantly
reduce the time and effort needed to secure WLAN components and verify their
security, particularly if the configuration can be deployed and verified through
automated means.
Inter-Network Security
When planning WLAN
security, consider the security not only of the WLAN itself, but also how it may
affect the security of other networks.
A WLAN is usually connected to
an enterprise’s wired networks, and WLANs may also be connected to each other. For WLANs
that need wired network access, their client devices should be allowed access
only to the necessary hosts on the wired network using only the required
protocols. Devices on one WLAN should not be able to connect to devices on a logically
separated WLAN.
Dual Connections
Have policies that clearly
state which forms of dual connections are permitted or prohibited for WLAN
client devices, and enforce these policies through the appropriate security
controls. The term “dual connected”
generally refers to a client device that is connected to both a wired network
and a WLAN at the same time. If an attacker gains unauthorized wireless
access to a dual-connected client device, the attacker could then use it to
access or attack resources on the wired network.
Policy Compliance
Ensure that the
enterprise’s WLAN client devices and APs have configurations at all times that
are compliant with the enterprise’s WLAN policies.
After designing WLAN security
configurations for client devices and APs, an enterprise should
- Determine how the configurations will be implemented.
- Evaluate the effectiveness of the implementations.
- Deploy the implementations to the appropriate devices.
- Maintain the configurations and their implementations throughout the devices’ lifecycles.
Enterprises should standardize, automate, and centralize as much
of their WLAN security configuration implementation and maintenance as
practical.
Operational Monitoring
Perform both attack
monitoring and vulnerability monitoring to support WLAN security.
Security monitoring is
important for all systems and networks, but it is generally even more important
for WLANs because of the increased risks that they face. Enterprises should
continuously monitor their WLANs for both WLAN-specific and general (wired
network) attacks. Enterprises should do largely the same vulnerability
monitoring for WLAN components that they do for any other software: identifying
patches and applying them, and verifying security configuration settings and
adjusting them as needed.
Technical Assessments
Conduct regular periodic
technical security assessments for the enterprise’s WLANs.
These assessments should be
performed at least annually to evaluate the overall security of the WLAN. In
addition, enterprises should perform periodic assessments at least quarterly
unless continuous monitoring of WLAN security is already collecting all of the
necessary information about WLAN attacks and vulnerabilities needed for
assessment purposes.14
Recommendations
[return to top of this report]
Procure, as Prudent, a Unified Wired/WLAN Solution
When selecting a wireless local area network solution, Gartner suggests
buying, as appropriate, from the enterprise’s wired infrastructure provider. "Consider a unified wired/WLAN access
solution from a single vendor if you desire a
consistent wired/WLAN user-centric access policy
with improved provisioning times and reduced administrative costs."15
Avoid Overbuying and Synchronize, as Possible, Refresh Cycles
Gartner further observes that enterprises "must balance adequately
sizing their access networking solution versus
overbuilding it and consequently overspending. For planning purposes, [enterprises] can plan for
refresh cycles of four to seven years for WLAN and
seven to 10 for wired edge [networks]. Since WLAN refresh cycles are substantially shorter than
those for wired, synchronization of wired/WLAN
refresh cycles will be economically feasible
approximately half the time."16
Plan to Invest Heavily in Wireless Local Area Networks
Wireless networks, which were once an adjunct to wired networks, will
gradually, but relentlessly, takeover the telecommunications sector. Just
as consumers are not going to relinquish their smartphones and return to the
landline universe, enterprises will continue to embrace a mobility movement that
has proved productive and profitable. While existing wired networks will
remain viable and valuable – like legacy business applications – enterprise
officials should fashion their network infrastructure expansion plans around
wireless local area networks.
References
- 1 PC Magazine.
- 2 Margaret Rouse. "wireless LAN (WLAN or Wireless Local Area
Network)." TechTarget. - 3
Mustafa Ali. "What is Wireless LAN?" Field Engineer. November 8, 2017. - 4 Murugiah
Souppaya and Karen Scarfone. NIST SP800-153: "Guidelines for Securing Wireless
Local Area Networks (WLANs)." US National Institute of Standards and Technology.
February 2012:3. - 5 Ibid.
- 6 Bradley Mitchell. "Wireless Local Area Networking Explained." Lifewire.
June 27, 2017. - 7 "Planning a Wireless Network." HP Development Company, L.P.
2006. - 8 "Wireless Local Area Network (WLAN) Market 2018 Global
Industry Analysis By Share, Key Company, Trends, Size, Emerging
Technologies, Growth Factors, And Regional Forecast To 2023." Market
Research Future. November 14, 2018. - 9 "802.11ac: The Fifth Generation of Wi-Fi Technical White
Paper." Cisco. March 27, 2014. - 10 "White Paper: IEEE 802.11ac Migration Guide." Fluke Corporation. May 28,
2015. - 11 Mark Turner. "Wi-Fi 6 Explained: The Next Generation
of Wi-Fi." TechSpot, Inc. December 24, 2018. - 12 Neil McRae. "How to Design Your WLAN for IoT
in Eight Smart Steps." Aerohive. January 8, 2016. - 13 Joseph N. DiStefano. "PhillyDeals: Reaching Fans by WiFi at Linc,
Other NFL Venues." Interstate General Media, LLC. December 7, 2014. - 14 Murugiah
Souppaya and Karen Scarfone. NIST SP800-153: "Guidelines for Securing Wireless
Local Area Networks (WLANs)." US National Institute of Standards and Technology.
February 2012:vi-vii. - 15 Andrew Lerner, Tim Zimmerman, Bill Menezes. "Critical Capabilities for Wired and Wireless LAN
Access Infrastructure." Gartner, Inc. August 26, 2014. - 16 Ibid.
Web Links
[return to top of this report]
- Aerohive: http://www.aerohive.com/
- Aruba Networks: http://www.arubanetworks.com/
- Cisco: http://www.cisco.com/
- Extreme Networks: http://www.extremenetworks.com/
- US National Institute of Standards and Technology: http://www.nist.gov/
About the Author
[return to top of this report]
James G. Barr is a leading business continuity analyst
and business writer with more than 30 years’ IT experience. A member of
"Who’s Who in Finance and Industry," Mr. Barr has designed,
developed, and deployed business continuity plans for a number of Fortune 500
firms. He is the author of several books, including How to Succeed in
Business BY Really Trying, a member of Faulkner’s Advisory Panel, and a
senior editor for Faulkner’s Security Management Practices. Mr.
Barr can be reached via e-mail at jgbarr@faulkner.com.
[return to top of this report]