Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Wireless Advice Needed

Status
Not open for further replies.
TDKMan

TDKMan

MIS
Jun 2, 1999
53
0
0
US
I would like to get some input from the field on setting up a Wireless Environment.

The task at hand is to provide to users a way of submitting data to a server from anywhere/anytime. I have been brainstorming our options, but would like your input as well (I am no expert at wireless technologies).

This is what I was thinking (Your options are appreciated):
Each user has a PDA Device with the software loaded on it that will be used to enter the confidential information. The information on the PDA must then be transmitted to a server for upload. Our headquartes would then retrieve that information and review it. That's it, it seems simple to managers but I feel it is going to be alot more compicated.

Here are my questions then: If I set up a server in our DMZ, how will the PDA be able to transmit the data to it? Wireless I assume, but is it similar to connecting to the internet via a pc with a cable modem? I know wireless is not secure, but what about VPN Tunneling the information through a DMZ firewall to the server in the DMZ? Would it then be safe to upload the data through our company firewall from the DMZ to an internal server?

As you can see, I am pretty much clueless on how to get this to work properly. Any help, would be greatly appreciated.

Thanks
Joe Joe


 
Sort by date Sort by votes
Joe,

You are correct, it is more complicated than that! First you will need a site survey completed by an RF Engineer or someone with qualifications to do one. Simply stated, this will determined the placements of the Access Points & antennas. From the site survey you can determine what kind of hardware you will need. For example, what type of antenna will you need? Omindirectional, semi-directional, etc. Should you go with 802.11b or 802.11a devices? You get the point.

After you determined the placement and type of hardware, then you should think about security. You're on the right track with VPN and such. I would suggest researching hardware "wireless gateways", RADIUS servers, WEP, and new standards such as AES, WEP v2.0, and 802.1x. As a Wireless Network Admin you will need to get familiar with these technologies. An excellent resource to get started would be the official studyguide of the CWNA certification. Check out You'll need to emerge yourself in the wireless world in order to get a full feel of what you are up against. I also suggest
Once you implemented the security, then you need tools to manage the wireless network. You'll need to troubleshoot low throughput, interferences, etc. Again, more research is need.

I hope that helps, good luck.

Enoch
 
Upvote 0 Downvote
The site survey is the best suggestion. But to answer your question in an short version-

PDA---RF---AP--firewall----DMZ---server---FW---LAN

The firewall between the AP and DMZ is optional but highly recommended for good security.

The link between the PDA and the AP should have at the min, 128 bit WEP enabled and ideally, a VPN tunnel between them. The short version to why is that WEP only encrypts the data, not the frame infomation(type of packet, SSID and so on) THere are issues with the keys and if there is a collision which there are but I'll save that for a later time. The VPN is as much stronger encryption for the data and can use shared keys or predetermined keys. The upshot is that some twit using Airsnort or the like will not be able to get to your data.

There are other security measures to take like mac filtering, static IPs instead of DHCP, tuning the antennas, tuning the power to keep it inside the building and not radiating outside or at least not as much.

I have a page that covers all of this and more at:


MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
 
Upvote 0 Downvote
All this sounds a very expensive option to the limited information you have provided so far. Based on the factors you have already mentioned, a VPN tunnel over a gprs connection is the most obvious route.

The fact you mention anytime/ anywhere indicates the guys with the PDA's are out and about. What PDA's are in use. What os is your application built for. GPRS will allow a 28800 vpn connection but that will triple over the next 3 months as the networks roll out EDGE. Easy and simple to set up with Pocket PC but a little bit more of a headache with Palm. Forget Psion.

If you think about it the mobile phone networks already have the largest wireless network in place and your VPN solution over this would become very cheap. Also it would cost about £18k to roll out your own GPRS network with your own servers. This obviously depends on the size of the network required and the amount of traffic to be used.

As for on site, WiFi would be the best option as bluetooth picolet lans are not really that advanced yet. Wireless guru
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

smittywes38
  • Locked
  • Question
Unable to print to wireless printer connected to VPN
Replies
0
Views
82
smittywes38
smittywes38
DenisTz
  • Locked
  • Question
Wireless Management software
Replies
0
Views
100
DenisTz
DenisTz
DrJorde
  • Locked
  • Question
No wireless receiver detected on your computer message after plugging in a USB3 1
Replies
3
Views
245
DrJorde
DrJorde
kythri
  • Locked
  • Question
Cisco 4404/WiSM (1st generation) - Guest Wireless Help
Replies
0
Views
74
kythri
kythri
scm7kag
  • Locked
  • Question
Deploying Wireless in Domain Environment
Replies
0
Views
60
scm7kag
scm7kag

Part and Inventory Search

Sponsor

Back
Top