IT Innovation has many facets. You can make both technical and non-technical upgrades, running the spectrum from written security policies to the latest in cloud data analytics. Upgrades to the physical IT infrastructure lie somewhere in between the two. Most of us would expect these upgrades to replace traditional desktops workstations with more robust, portable laptops, throwing an iPad in every employee’s lap, or even upgrading your operating systems from Windows 7 to Windows 10. What we tend not to consider is the wireless network. Really, more attention should be focused on the infrastructure that provides connectivity for portable devices, and modernizing the wireless infrastructure comes with two immediate, crucial benefits: speed and security.
Let’s focus for a moment on speed. When I was a student in my first wireless administration and security course many years ago, the dominant wireless standards were 802.11g and 802.11a. Wired Equivalent Privacy (WEP) was the dominant authentication and encryption method used on these sparse wireless networks. Wireless networks were simply not as integral to our lives at home and at work as they are now. They’ve become an expectation, found just about everywhere there are people.
Speed: Advertising vs. Reality
The problem is that you still find 802.11g and 802.11a networks being used in workplaces. Granted, some administrators still stick to the adage, “if it ain’t broke, don’t fix it.” If you are happy with actual data throughput rates of 20-25 megabits per second, which is about half of advertised speeds on a good day, then leave it alone. When I say a good day, I mean your wireless network isn’t contending with neighbor networks for the 2.4 GHz spectrum. How would that compare to a business class internet service that approaches gigabit speeds? That’s about 40-50 times the speed of your legacy wireless network! I mention the 2.4 GHz spectrum which is one of two unlicensed bands for wireless networks in the United States. The other band is up in the 5 GHz range. The 2.4 GHz space has a limited number of channels for wireless devices as well as non-overlapping channels that don’t interfere with other networks. This makes a legacy wireless infrastructure using contended unlicensed channels a significant bottleneck in the network.
Some might argue that their 802.11n equipment advertises 600 megabits per second. Let’s look at that for a moment: 802.11n devices can operate in either the contentious 2.4 GHz band or the less crowded 5 GHz channels. The reported 600 megabits per second is based on the maximum number of four transmit and receive radio chains, using a technology called channel bonding, at a distance from the access point or router that is limited to a few feet with everything aligned in the RF universe. And this does not address the fact that actual data throughput, with everything in alignment, is only 60-70% of what might be advertised. I challenge you to find an off-the-shelf device with four radios built in. Harder still, try finding a portable device built this way. It’s a step up from the 50% throughput of legacy 802.11g and 802.11a devices.
Since 2013, the official standard for 802.11 products has been 802.11ac. To put that into perspective, the original wireless standard was introduced in 1997, and 802.11g and 802.11a were amendments ratified in 2003. This technology is truly gigabit wireless, with more available radio chains than 802.11n, uses only less crowded 5 GHz channels, and has wider channels to push more bits and bytes. Some products are advertised at up to seven gigabits per second. At this point, I think we know the difference between what is advertised and the truth. Even with that in mind, the wireless infrastructure is no longer the bottleneck.
The other benefit for wireless IT modernization is strong security through the advanced encryption standard. Most would say this should be the number one consideration for the organizations when choosing technologies. Let’s revisit the legacy 802.11g and 802.11a devices: shortly after both amendments for 802.11g and 802.11a were ratified as standards, the same professional body introduced the 802.11i amendment in 2004, which specified mandatory security mechanisms for a robust secure wireless network. The amendment mandated of the use of Advanced Encryption Standard (AES) block ciphers to replace insecure WEP. However, it also left open the continued use of weaker stream ciphers as an optional encryption method to accommodate the backwards compatibility of hardware not capable of more intensive AES methods. Therein lies a vulnerability. With the continued use of legacy wireless equipment comes the potential inclusion of weaker encryption, a chink in your security armor. Migration and modernization to the latest 802.11ac devices and infrastructure, or even just a step up to 802.11n from 802.11g and 802.11a, closes that weak link. This is because 802.11n and 802.11ac support only AES algorithms with no optional methods. The Advanced Encryption Standard is a National Institute of Standards and Technology (NIST) Federal Information Processing Standards-approved cryptologic algorithm used by federal government organizations. So why not yours?
While I’m not an advocate for using the latest and greatest in cutting-edge technologies, I amadvocating the use of proven standards and best practices. This is achieved by modernizing out of legacy devices and equally out-of-date business models. In another 10 years, today’s legacy devices may fall into another category—classic or vintage—kind of like having an Atari 800 on your shelf in your office. Until then, find the ball and stay on it.
MEET DAN GUTIERREZ.
Dan recently retired from the US Army. His many roles during the past decade on active duty included computer network operations (CNO) operator, information assurance branch chief, and wireless cyber operations team leader. During his military career, he participated and lead countless full-spectrum CNO missions. Dan further shared his experience as a technical advisor to the standup of the Army’s first ever cyber operations focused occupational specialty. Dan is now an cybersecurity instructor for UMBC Training Centers.