WiFi or Wireless

Given the prevalence of smart phones, tablets and devices such as the Microsoft Surface Pro, MacBook Air and many other laptops that don’t have built in Ethernet ports WiFi (or wireless networking) is essential in many businesses.

Before deploying (or if you have already deployed WiFi) in your business there are three things you should consider:

Security, Coverage, Speed

Security

Can anyone connect to your WiFi network?

All networks should be protected by a WPA2 pre-shared key (PSK) or username and password (802.1X/RADIUS). WPA2 encrypts data transmitted while PSK or RADIUS limits access to users who know the correct credentials.

Can anyone intercept data transmitted on your WiFi network?

WPA2 encrypts data transmitted across your wireless network so that it can’t be intercepted by eavesdroppers.

Once connected to your WiFi network what services can a user access?

Depending on how your network is setup, a device connected to your WiFi network could have access to any other device on your network.

Some services on your network (i.e. file shares) may require a username and password before a user can access any data irrespective of whether they have network connectivity to the device.

Alternatively if wireless devices on your network only require internet access and access to printers then the relevant devices on your network can be segregated in virtual networks (VLANs) so that only connect to selected devices.

In the example below workstations can connect to printers, servers and the internet. WiFi devices can only connect to printers and internet. Servers and printers have no access to internet.

An example of network segregation utilising a VLAN
An example of network segregation utilising a VLAN

How do you restrict access to your WiFi network once an employee exists the business?

For business utilising a pre-shared key (PSK) known by all users this can be a problem. The only way to prevent someone who knows the current PSK is to change it, this requires reconnecting all devices back to the wireless network.

A better way is to utilise 802.1X or RADIUS. Utilising RADIUS means that each user has a separate username and password for the network, if an employee leaves you can simply disable their user account and they will no longer have access to the WiFi network. If your business utilises Windows Server and Active Directory then RADIUS is simple to setup. If your network doesn’t have a Windows Server then many routers include an internal RADIUS server.

Coverage

Wireless networks generally operate in two frequency bands, 2.4GHz and 5GHz.

2.4GHz provides better coverage than 5GHz but is subject to increased interference and slower speeds.

5GHz has less interference, faster speeds but reduced coverage and is not supported by older devices.

In a small office a single access point may be sufficient but in a larger environment multiple access points may be required to provide the coverage your business requires. The optimal solution is for each deployed access point to be cabled/wired in to your network. Mesh networks are also available where one wireless access point communicates wireless with another to extend coverage but doing this reduces speed.

Speed

For optimal speed 5GHz and sufficient coverage is required. Many older wireless networks are slower than the internet speeds provided by NBN. For a business on a 100/40 NBN internet speed utilising an older 2.4GHz 802.11g wireless access point (WAP) means that the bottleneck on the network would not be the internet connection but the WAP itself.

Also keep in mind that the speed is shared between all active users. The more users actively using your wireless network the slower it gets for everyone. For this reason wireless is not a replacement for professionally installed network cabling in your office but it is appropriate for certain applications.