"These weaknesses do not make wireless unreasonable to deploy in the enterprise environment but it does require careful consideration for its implementation," said Ted Sopher, head of LBLnet. "NTD has worked hard to create a standard implementation model that provides a secure environment while at the same time retains the much-touted ease of use."

Although wireless marketing claims along the lines of "Wiring will no longer be needed" and "Computers will be continuously connected" sound good, "The facts are sobering," Sopher said.

For example, wireless bandwidth is very low. The IEEE802.11b standard allows rates of about 6 megabits per second (Mbps) -- less than Ethernet (10Mbps) and wireless is shared media. Simply put, shared wireless media means that the total bandwidth available to users -- 6Mbps in this example -- is divided by the number of clients using the media. Even the faster IEEE802.11a (54Mbps) standard, is well below Fast Ethernet speeds (100Mbps) -- and the media is still shared. As for being continuously connected, there are issues of interoperability between vendor equipment.

These issues aside, a bigger problem for the Laboratory is the security of wireless connections. The current basic security mechanism used for wireless is seriously flawed, as demonstrated when members of the UC Berkeley Computer Science Department developed a program to crack the code used to protect wireless transmission from being easily "snooped." Snooping is the term used for monitoring or viewing network traffic. This cracking code runs on a desktop PC or laptop and uses statistical analysis to find the code (known as the WEP code).

"Suffice it to say that this is a major problem from a security standpoint," Sopher said.

Although a number of ad hoc solutions have been developed for this problem, until the IEEE802.11e committee rectifies this security weakness, deployment of native wireless large area networks (WLANs) may create unreasonable risks. Solutions developed by network staff at various institutions are cumbersome and detract from the "ease of use" that is driving wireless demand. Typically, these solutions prevent users from connecting to a WLAN without extensive end-system configuration.

Wireless security has one thing in common with business and real estate -- three key factors are location, location, location.

Location is important because if a hacker can't get to the radio frequency (RF) field generated by wireless systems, he/she can't snoop or connect to the associated WLAN. The corollary is, if you know the bounds of your WLAN RF field, you can then make judgments about its security. Thus, physical security becomes key to your network security. If a hacker can't get to the RF field, your WLAN is reasonably safe, according to Sopher.

How the Lab Does Wireless
"At LBNL, we enjoy a consistent and coherent network design which we extend to wireless," Sopher said. "This is accomplished by the choice of wireless equipment consistent with the needs of a large enterprise, such as LBNL, and the engineering necessary to deploy that equipment effectively. The engineering involves good planning and careful site surveys to ensure the WLANs are reasonably safe and operationally robust."

The installation of WLAN equipment is first planned by considering the coverage area. This involves estimating the radio frequency power emanating from the WLAN access point (e.g., like a cell phone transmitter/reciever) in a given area and whether multiple access points are needed to fulfill a given requirement. Once the planning is complete, the equipment can be installed. After the installation is done, a site survey measures the RF field and documents its boundaries. This aspect is critical to security.

If you enjoy physical site security, as LBNL does, then as long as the RF field is contained within the perimeter of the enterprise, complex security enhancements to wireless may not be necessary. On the other hand, a business in downtown San Francisco is unlikely to have this advantage.

"Implementing WLAN is more complex and costly than one might believe, based on marketing spin," Sopher said. "Though wireless is touted as a commodity product, the security issues and implementation complexities clearly require much more than the purchase, installation, and activation of WLAN equipment. Each site (and its individual installations) is different, having physical site characteristics and security requirements that demand a thorough evaluation of the implementation and risks to the institution."