Eric Geier at Network World has another useful article that you should check out, this time dealing with errors you should avoid when setting up a new WiFi network.
1. Not doing a site survey
Avoiding the site survey will mean you don’t know where to put the access points to ensure optimal service. A lot of optimal placing has to do with RF interference, and therefore just “eyeballing” a site is a recipe for failure, either when trying to set up a new network, or when trying to fix problems with an older one. Here are Geier’s thoughts on the subject:
A site survey includes a walkaround to capture Wi-Fi and RF spectrum data in order to get a baseline reading of signal, noise, and interference from your wireless access points, neighboring networks, and other RF sources. From that surveying work, analysis can be performed to determine the basics: optimum access point locations, channels, and power levels. These are also determined based on the desired specs of the network, such as the required wireless coverage areas, data rates, network capacity, and roaming capability.
Larger sites will also require a map-based survey, where you “load floor plan maps of a facility into a software program, walk around capturing data, and then view the results on heat maps.”
Site surveys are not one and done either. Periodic surveys may be required as things like “interference, neighboring networks, and changes in how the Wi-Fi is used can have major impacts on the network’s performance.”
2. Avoiding advanced network settings
While you don’t have a choice when it comes to selecting basic settings, some might be tempted to avoid the advanced settings. Don’t. You’d be missing a valuable opportunity to improve your network’s performance right from the get-go. Here are some advanced wireless settings selections Geier advises you to make right off the bat: “Short Preamble Length, Short Slot Time, Short Guard Interval, and Frame Aggregation.”
3. Using personal security mode for your business
It may feel easier to just set up one password for everyone to use to get onto the network, rather than set up a dedicated server and give everyone a unique password, but Geier says that just ain’t so:
“typically the personal mode of Wi-Fi security actually requires more work in the long-run to keep the network safe. Since there’s only a single global password for everyone, it would need to be changed at least every time an employee leaves the company or organization and when a user loses a Wi-Fi device in order for the network to remain secure. Without changing the password, the ex-employee or thief could simply return to the workplace—even if from the parking lot—and connect to the Wi-Fi.”
There are even solutions out there to make setting up enterprise security easier, such as Hosted RADIUS services.
So there’s no excuse.
4. Employing weak passwords
The trouble with passwords is remembering them, and often the easier to remember, the easier to crack. In addition to length, complexity, upper and lower cases, etc., Geier says that should never use words that could be found in a dictionary in your password. Hackers often use brute-force style hacks that basically run every word in the dictionary against your log in gates, so don’t make their life easier.
5. Forgetting about network passwords
Don’t forget about the passwords to things like your router, firewall, and the access points themselves. All could present gateways for malicious actors onto your network by providing them access to your network settings, so employ strong password techniques there too.
6. Hiding all SSIDs
Hiding your network name(s) may feel more secure, but it isn’t in reality, as those with the proper equipment and improper intentions can find your network fairly quickly and easily:
you can’t stop the SSID from being sent in certain network traffic, such as associations and probes. Though normal Wi-Fi devices will “ignore” SSIDs in those types of traffic, wireless analyzers (such as Kismet and AirMagnet) are listening and will display them when heard.
Disabling SSID broadcasts also slows down your network.
So don’t do it!
7. Creating too many SSIDs
On the other hand, Geier writes that if you find yourself setting up more than 3 SSIDs off of your network, then it might be time to think about other ways to segment traffic. One suggstion he has is to “leverage 802.1X authentication with the enterprise mode of Wi-Fi security to dynamically assign users to a VLAN once” connected.
8. Not updating your wireless infrastructure
This means both the access points and the devices connecting to them, as older devices with older 802.11 standards can slow down networks with newer standards, like 11ac. This is easier when devices are all company owned, of course, and may not be practical in BYOD environments. You can still disable access for older standards, though, and while that may annoy some luddites who still have 11g, everyone else will thank you as they see their wireless performance go up.