Managing wireless networks: Check IT List

• Accounting management: Keep track of the kinds of resources used and how much is consumed. This includes asset management, cost controls and charge-backs. If IT operates as a cost center, wireless networking charge-backs help distribute costs based on usage or resource consumption.
• Configuration management: This is how a network is set up, addressed and operated. It also includes change control and management, inventories of hardware and software and configuration data.
• Fault management: Confront network problems, errors or failures. This includes event notifications, alarms and alerts, problem identification, troubleshooting, problem resolution and error or event logging.
• Performance management: This measures how networks behave at any given time. It includes network capacity planning, availability/downtime, response time measurements, error rates, throughput and utilization metrics.
• Security management: This covers network and node security. It includes security policy requirements and implementations, authorization, access controls and audit trails, security event logging and authentication failures. Keep in mind that wireless networking adds a lot more broadcast exposure.

Although accounting management may not be on the top your to-do list, the other tasks are and should be performed routinely. A bit of planning and structure goes a long way toward establishing and maintaining necessary controls. Here are some steps to ensure top-notch wireless networks:

1. Equipment placement and signal management: The placement of wireless access points (or WAPs, which bridge wireless networks to their wired counterparts) and wireless interface antennae (where applicable) is key for best results. Use signal strength measuring tools (often bundled as part of wireless interface card software and drivers, making a laptop or handheld computer a handy diagnostic tool for such use) to make sure authorized users can access and use the network. This works for troubleshooting performance problems, too. NetStumbler is an example of a free program that is useful for this.
2. Equipment set-up and configuration: Managing wireless networks involves numerous related network identification and addressing issues. Most WAPs include extensive documentation on setup and configuration, but not all of them mention that it's invariably a good idea to change defaults (and strengthen security settings when possible) as a best security practice. This is particularly true when it comes to choosing service set identifiers (SSIDs), turning off SSID broadcast and turning on any of various encryption schemes (stronger is better) that wireless networks can (and should) use.
3. Traffic monitoring and analysis: This involves the use of protocol analyzers or sniffers in tandem with wireless interfaces to permit traffic quantity and quality to be measured, types of traffic characterized and unwanted access attempts recognized and foiled. Specialized commercial tools such as AiroPeek are often used for this activity, but Open Source offerings like Ethereal also work with many wireless network interfaces to gather the same information at substantially lower cost.
4. Troubleshooting. This occurs on all networks, but is especially key when wireless networks are in use. When mobile users lug laptops around, admins quickly learn to identify "dead spots" where wireless coverage is suboptimal or unavailable (which may prompt adding more WAPs) and how to deal with typical interface and access issues.
5. Make the right wireless connections: The broadcast nature of wireless traffic argues that even though the hardware may be on your premises near local firewalls, WAPs and wireless interfaces should be treated as though they were outside the firewall when users access network resources. This means placing WAPs on a DMZ (logically, if not physically), routing wireless traffic through a firewall before allowing access to internal networks and resources, and using VPN links between wireless users and the network. It's important to prevent outsiders from accessing your networks. Because Windows logs into the first wireless network it finds by default, it's also important to configure workstations to log into the right network—namely, yours!
6. Penetration testing/vulnerability assessment: "Do unto thyself (and fix what you find) before others can do unto you." For wireless networks, this means also checking to make sure outsiders can't tap into your networks in places where you don't want or expect them to. Perform regular break-in attempts, war-driving and war-chalking exercises. Find and fix potential security problems on your networks. Regular internal audits are a must; less frequent, but equally regular full-scale penetration testing by savvy outsiders isn't a bad idea, either.
7. Apply extra authentication: Wireless 802.11 protocols and services are notoriously fragile when it comes to built-in encryption and authentication mechanisms. Most experts recommend adding to basic out-of-the-box authentication whenever possible. This might involve requiring wireless users to use multifactor authentication that involves hardware tokens in addition to typical account/password identification. It also might mean adopting technology like Cisco's Lightweight Extensible Authentication Protocol (LEAP), which strengthens authentication and adds another layer of encryption to wireless network communications (this works well with more advanced 802.1x authentication, too).
8. Use wireless management tools: Products such as AirMagnet, Chantry Beaconworks and AirWave -- among others, extend network management console capabilities to wireless networks and provide valuable traffic monitoring and characterization tools as well. If your budget allows for them, the investment is worthwhile. Such tools are particularly helpful when company guidelines call for policy-based management approaches.

Ed Tittel is a full-time freelance writer, trainer and consultant who specializes in information security, markup languages and networking technologies. He's a regular contributor to numerous TechTarget websites and technology editor for Certification Magazine. Tittel also crafts twice-monthly Web content for CramSession called "Must Know News." He's also the author of The PC Magazine Guide to Fighting Spyware, Viruses, and Malware (ISBN: 0764577697).