07 Apr 2017

Wi-Fi encryption is generally used to stop unintended people snooping on your Wi-Fi traffic, however, by default all users that are legitimately connected to a Wi-Fi network may be able to see each others network traffic. Most Wi-Fi systems have a feature known as ‘client isolation’ which, once enabled, blocks users from accessing information destined for another user. Sometimes this can be controlled at a wireless access point level or network level. The more advanced configurations can in effect only allow a user access to the internet and block access to any other internal devices or services.

Although client isolation is an effective technique on a local Wi-Fi network it is not intended as a replacement for technologies such as VPN (Virtual Private Network) where an encrypted end-to-end tunnel is created. Client isolation is particularly useful for blocking peer-to-peer services on a large network.

28 Mar 2017

Because Wi-Fi is a broadcast technology that passes through the open air anyone with the right equipment can pick up the signal, for this reason it is very important that these signals are encrypted to avoid information being intercepted by the wrong people. One of the most common ways of encrypting a Wi-Fi network is by using a technology called WPA2 – Wi-Fi Protected Access.

WPA2 is commonly set-up with a Pre-Shared Key (PSK), this alphanumeric string should only be known by those who need access to the network and they enter the key when they are connecting to the network. The potential problem with this approach is that the PSK is used to generate the encryption key and if you use a weak key then the network is left open to a fairly simple attack which can gain access to the network within minutes.

The solution is simple – longer and more complex keys! For every character added the cracking process becomes considerably harder by a factor of compute years. The question is how long. There is no agreed answer on this as it depends on how random the key is. A truly random key of 10 alphanumeric characters is actually very hard to break, taking many years but a similar length key using dictionary words could be broken very quickly.

To be safe we normally recommend a minimum of 12 characters with typical password rules – upper and lower case, numeric characters, special characters and no dictionary words unless they have character replacements.

Of course a strong key only remains strong whilst it is only known by those who should know it and this is a weakness of the shared key approach as if the key is leaked, security across the network is compromised. There are additional factors that can be introduced to improve security further – for example one technique is called Dynamic Pre-Shared Key (D-PSK) which uses dynamic, unique keys for each user so there is no risk of a leaked key. Other more advanced set-ups use electronic certificates rather than passwords. With the right set-up Wi-Fi networks are perfectly secure – more so than most wired networks!

27 Mar 2017

Most Wi-Fi deployments are set-up to deal with a relatively low number of concurrent users, often only 10s or 100s of users in a fairly wide area such as a cafe or an office. This approach is straightforward requiring a small number of wireless access points. At many events the level of concurrent users may easily be in the thousands and typically in highly concentrated areas. To provide a good service to this density of users requires a much more complex approach.

The challenge is because an individual wireless access point can only support a limited number of users, even a high-end professional unit will only service around 100-200 users in an effective way depending on the type of usage. However, it is not quite as simple as just adding more wireless access points because unless careful attention is paid to the design the wireless access points will interfere with each other and lead to more problems.

Many large Wi-Fi deployments suffer from poor design leading to a bad user experience, true ‘high density’ design requires careful analysis of wireless spectrum and often uses special equipment to control the spread of wireless signals.

27 Mar 2017

If you talk to a technical person about Wi-Fi then eventually the subject of 2.4GHz comes up along with a list of issues. The root of this goes back to the early days of Wi-Fi and how wireless spectrum was allocated. Wi-Fi currently operates in two frequency bands – 2.4GHz and 5GHz – however until recently the vast majority of devices and equipment only operated in the 2.4GHz spectrum, this was due to early aspects of licencing and manufacturing which meant a rapid adoption of 2.4GHz and a much slower rate of adoption of 5GHz.

The problem is that the 2.4GHz frequency band is not just used by Wi-Fi, it shares it with Bluetooth, baby monitors, various audio & video senders and pretty much anything else that needs an unlicensed frequency band. It is also the frequency that microwave ovens use and yes that can cause problems in kitchens! The upshot is that the frequency band is overcrowded meaning that Wi-Fi is fighting amongst a lot of wireless noise, generally leading to reduced or intermittent performance.

On top of this the actual spectrum available to Wi-Fi at 2.4GHz is very limited – in theory there are 13 channels but in reality only 3 of these channels are usable without causing interference to other channels which makes it very difficult to design large scale deployments. The situation is so bad on event sites that 2.4GHz can be almost unusable. The good news is that most mobile device manufacturers have increasingly incorporated 5GHz support into their devices over the last few years.

Overall the 5GHz band has a much wider spectrum allocated meaning more channels are available and there is less interference from other devices (although RADAR does use 5GHz, as does some metrological equipment). Today 5GHz is much less crowded than 2.4GHz and provides a much better user experience, however, with the widescale adoption of 5GHz in consumer products such as Mi-Fi units the situation is changing so we may well see increasing problems at 5GHz over time.