End to network cables?

Unleashing the organisation from the clinging grip of network cabling could free up the IT department to make more effective use...

Unleashing the organisation from the clinging grip of network cabling could free up the IT department to make more effective use of its skills. Antony Adshead reports

Imagine an office without its myriad of cables. IT departments would no longer have to spend valuable time and staff resources getting tangled in wires when they could be using their skills to make a more effective contribution to the business. Breaking the link between cables and the desktop brings a new flexibility in the provision of IT to the business.

On top of this is the benefit that detecting and dealing with cabling errors can become a thing of the past. There is no need to dig out the cable and go through lengthy testing procedures when network traffic is beamed through the air.

Add to this the ability to give unprecedented employee flexibility and you've got a winner.

The cableless office has been the dream of IT managers for a long time, but it could become a reality in the not too distant future. Whether UK businesses can achieve this wireless paradise will depend on how the introduction of a number of wireless standards is managed.

Satellite communications company Inmarsat is one company testing the alternatives and has been looking at a dual-band set-up where 802.11b and 802.11a are used side by side to provide wireless voice and data channels.

Amrish Kacker, senior consultant with telecommunications strategy consultant Analysys, says, "We're still some distance from the cableless office as a widespread phenomenon but for those beginning at greenfield sites or at the right stage in the upgrade cycle it is a definite option. Nobody is likely to be ripping out cable to replace it with wireless in the near future without good reason in this economic climate, however."

This raises the question of which standard is going to win. Most commentators favour the various iterations of 802.11.

It is clear that 802.11b has been everybody's favourite horse to back so far, having beaten off rivals such as Hyperlan and HomeRF. However, it is less clear which standard to back in the future.

Across the Atlantic the next move is obvious. There the 54 megabits per second (mbps) 802.11a standard has left the stalls and is rounding the first bend. Over here, it is yet to come under starter's orders.

According to Kacker the natural path to follow is from the 11mbps 802.11b to the higher bandwidth 802.11a with dual band cards being the way to go as organisations make the transition from one to the other.

But according to Geoff Davies, managing director of security consultancy I-sec, 802.11a will not be coming to the UK in standard form as it interferes with police speed cameras and other devices. He says it will only be allowed with the addition of the supplementary 802.11h which operates at the device level and determines whether those speed cameras or similar devices are operating before going ahead with transmission. As Davies puts it, "802.11a shoots first and asks questions later. 802.11h asks first."

Earlier this summer it was rumoured that 11a would be ratified but this has not happened. Following enquiries made at the Department of Trade & Industry it was found that consultations were taking place and that, "a version of 802.11a will be available in the UK".

If 802.11a is ratified for UK use it should become avaiable on the market fairly quickly as it is already widely available in the US.

Further down the line 802.11g promises to sidestep many of these problems. 11g is a 2.4ghz frequency band standard (the same as 11b) which will carry 54mbps - the same as 11a. It is also backward-compatible with 802.11b so this should mean no dual-band cards are necessary and costs will be kept down.

Gartner analyst Ian Keene sums up, "Users should consider 802.11a and dual band set-ups from the second half of 2003 onwards. I also expect improved standards-based security to emerge and for enterprises to start to develop Wlan policies."

So having decided on a roadmap for the standards you want to implement, what next?

Security rates highest. Despite their popularity WLans have been dogged by stories of poor security. This has not been helped by the fact that out-of-the-box security features are switched off by default and that one of the basic security standards - wired equivalent privacy (Wep) - contained portions of its algorithm that could be predicted with relative ease. All of this hit the headlines in May when security specialists drove around high network dense areas such as the City using a tube-shaped container from a popular brand of crisp to enter corporate WLans with ease.

Wireless security specialist Phil Cracknell believes security has not kept up with the take-up of 802.11b. "Things have not progressed security-wise as fast as the uptake of WLans because everyone knows that there will be a new 802.11 standard along any minute. Suppliers are cautious about adding too much 'non-standard' security to a standard that had very little in the first place."

According to Davies, the rise of the WLan has opened up new problems IT departments are unused to dealing with. "The WLan is not bound by four brick walls and we find people open up test environments without securing them - so making a big hole right into their existing networks. Wireless adds another page to the book when it comes to security," he says.

Davies says the first task is to go through a risk assessment exercise. Determine what level of security you need, then weigh that against its cost, the ability to support it and the ongoing cost of ownership.

For those 802.11b users that require real security they need to go further than box-standard methods. Davies recommends overlaying the WLan with a virtual private network, getting 802.1x-equipped kit or using a wireless gateway. The choice you make, he says, really does depend on the individual requirements of your business.

Wireless take-up in 2002

  • Eight million WLan cards implemented in laptops globally
  • Two to three million access points sold
  • Number of public hotspots 15,000-20,000

"The real momentum is on private rather than public wireless networks" - Amrish Kacker, Analysys.

Technical briefing for wireless networks
This is the leading standard for wireless networking in Europe and the rest of the world. Known as Wi-fi, it has been adopted by a number of businesses for internal use and is currently available in public "hotspots" being rolled out by retailers such as Starbucks and by providers such as BT, which has plans for about 4,000 around the UK.

802.11b, with a data rate of 11 megabits per second, runs on the unregulated industrial, scientific and medical 2.4GHz frequency, which it shares with cordless phones, microwaves and Bluetooth products. Issues have arisen concerning possible conflicts with other devices in "crowded" areas and with Bluetooth, because that standard's method of modulation can "hop" in and out of 802.11b wavebands. 802.11b works at ranges up to 100m from access points.

This is the 54mbps successor to 802.11b. It runs on 12 channels in the 5GHz frequency range so is immune to the type of conflict and interference problems inherent in 802.11b. Sounds like a good thing? The drawback is that it has not been ratified for European use because of potential conflicts with such devices as police speed cameras. Having said that, some UK businesses have tested 11a equipment with its increased bandwidth offering the promise of voice and data out to the desktop in many corporate environments. To make use of it, European business will have to use kit that has 802.11h added. This is a supplement to the message authentication code (Mac) layer which looks to see if other devices (ie speed cameras, etc) are transmitting before going ahead, whereas vanilla 11a just shoots. With 11a/h not being compatible with 802.11b users will have to have dual chip cards and access points if they want to run both systems - these are in production from companies such as Intersil but shipping products are few so far.

One to watch out for in 2003. It runs on the same 2.4GHz frequency as 802.11b but at speeds up to 54mbps, like 11a/h. Being backward-compatible with 802.11b it may solve the problem of having to support a number of chips and cards. The major network manufacturers have said they will be shipping kit in 2003.

The four layers of security in 802.11 wireless standards are:

  • Change default settings - the message here is: turn on those default security methods. They're not perfect but they will delay an attacker. One of the fundamental methods of securing wireless networks - wired equivalent privacy (Wep) - is relatively easy to crack by someone with the correct means of sniffing transmissions and discovering patterns in the encryption key because the standard contains repetitions that are far more predictable than they ought to be
  • The second built-in security method is the non-broadcasting of the Service Set Identifier (SSID) which is the unique code allowing devices to access specific WLans. Turning off the broadcasting of these is a basic measure that should be taken though they can eventually be sniffed out by a cracker with the right kit
  • The third box-standard method of securing 802.11b is to turn on its Mac address filtering which regulates the physical devices which can access the WLan according to a unique identifier on their network card. Again, this is a basic measure that can be taken to slow up an intruder though a skillful cracker can discover Mac addresses and spoof them when the legitimate device has ended its session
  • These out-of-the-box security features should be turned on despite their shortcomings. If you can live with the general vulnerabilities they possess but are concerned about defaults resetting in case of, say, a power failure, or indeed if you need better security than they offer, you need to implement one of the methods below.

Suppliers are beginning to ship WLan access points which are equipped with 802.1x security built in. This method of security authenticates the user against a table of permitted devices held on a Radius or Kerberos server elsewhere on the IT network.

Virtual Private Network
A VPN is a VPN whether it is implemented in a wired or wireless infrastructure. A secure "tunnel" is created between the remote computer and server using encryption. VPNs are commonly used in the corporate environment to give remote access and it is companies which use them already that may be most suited to leveraging them for use in wireless.

Wireless Gateway
Part firewall, part VPN, part router, gateways offer a number of features not found on simple access points. These include the ability to support a number of standards, roaming, and, usefully, bandwidth management which "shares out" bandwidth between wireless users more fairly than the nearest-gets-the-bandwidth that often is the case with access points.

Read more on Wireless networking