Think you are safe from the management problems posed by wireless networks, because your organisation doesn't have any wireless? Think again: the advent of cheap wireless access points (APs) and the integration of Wi-Fi within laptops means that the chance of an organisation having no wireless is heading for zero.

And the addition of wireless makes network management harder in a range of ways. The main one is security of course, but you also need the ability to monitor different levels within the network traffic, plus applications may perform quite differently over wired and wireless networks.

Fortunately, new tools and techniques are emerging which address many of these areas. We are going to look at some of these, and in particular at the problems you need to anticipate and some tactics for dealing with them.

Wireless & security

The big issue with security is the fact that there are no physical barriers to wireless except distance, and even that can be overcome with bigger aerials and more powerful receivers. The ability to connect to the email system from the car park may please your mobile colleagues, but not your security administrator.

A common response has been to situate wireless access points (APs) away from the walls to limit their extramural coverage, adding features such as access control to limit unauthorised use. In order to achieve satisfactory intramural coverage, site surveys are needed to find the best positions for the APs.

However, there are now techniques which can locate wireless devices to within a few metres by taking signal strength as an analogy for distance and applying triangulation algorithms. Used with a scanned floorplan it becomes possible to erect virtual walls, limiting network access to those within a designated zone.

Nicholas Miller, president and CEO of Cirond, whose AirPatrol software can locate both APs and wireless devices, says that this turns conventional Wi-Fi wisdom on its head.

"We say don't bother with a site survey - it's a complete waste of time. Spend your money on more access points instead, and put them around the periphery, on an 80 to 100-foot grid and where the users are," he says.

"That's completely the opposite of what most people tell you, but with a properly set up network we can triangulate to two or three feet and limit network access to within the building's walls. It doesn't completely solve the problem, but it greatly mitigates it."

Rogue APs

The same software can also be used to locate rogue APs. "I think most of our business this year will be rogue detection," he says, adding though that it is not just a matter of employees buying themselves APs and plugging them in illicitly - even an individual PC can accidentally go rogue.

He gives the example of using connection sharing software to create an ad-hoc WLAN so that several colleagues, perhaps in adjacent rooms, can share a single hotel broadband Internet connection. If sharing is still turned on when the host PC gets back onto the office network, it has just become a rogue AP.

Wireless location can use sensors permanently installed around the building, or for less frequent use you could walk around with a wireless-equipped tablet PC taking scans in different places, marking the location of each on a digitised floorplan.

Peter Mackenzie of network management software supplier WildPackets, says that although 50% of wireless worries are security related, there are several other management issues too.

Wireless specifics

For example, a normal LAN analysis tool will not pick up WEP traffic layers and will not be able to analyse Wi-Fi traffic by channel or signal strength. Peer-to-peer networks can also go unnoticed.

"Specific applications are different on wireless too, such as VoIP and OSPF," he warns. "It's a challenge for the network management platform vendors because the networks are converging. You need the ability to identify traffic by application and to track peer-to-peer, as our AiroPeek software does."

The nature of wireless makes a whole new group of attacks possible too, he says. For example, "At exhibitions you often get people setting their APs to de-authenticate and take down other people's APs."

One last factor to be aware of is that Wi-Fi contains no network optimisation features as standard, says Nicholas Miller. "Users simply associate with the strongest signal," he adds, so if an AP becomes overloaded, there is no easy way to add capacity in that area beyond overlaying a second AP on a different channel.

Even then, clients may need to be specifically tied to one or the other. Miller says that the solution is to use software such as Cirond's Winc Manager, which enables clients to load balance across APs.