Larger wireless network footprints can increase security risk

Find out four tips for making sure your network footprint stays secure as it grows.

A wireless network's footprint is its effective area of coverage, the physical territory in which one may access it. In most cases, growth in wireless network footprints is a good thing, even a bragging point. Bigger means greater access to the network. Metaphorically speaking, you want the network's footprint to be worthy of a tyrannosaur—absolutely huge and providing great coverage and a high degree of availability.

On the other hand, that huge footprint carries a risk of malevolent intrusion that increases with its size. A network footprint is more or less a product of the access point deployment. And the primary entry in a WLAN for an intruder is, of course, the access point (AP).

That's why the management of a network footprint requires a constant balancing act between territorial expansion and controlling the increasing security risks. Simply, network footprint expansion is synonymous with increasing security risk. As you expand and increase your network you must give corresponding diligence to security issues.

As your network grows, there are some specific initiatives you should make standard:

Curtail informal network expansion

When APs are added, they should be added according to a formal procedure that includes:

  • A request for the increase in coverage.
  • An assessment of the user load the AP will handle.
  • An evaluation of that local environment for leakage risks and potential signal interference.
  • An authorization that leaves someone accountable.
  • A detailed record of the AP's installation and testing.

Wireless expansion via AP is so simple that it is a temptation to just pop an AP in as easily as we move a lamp in our office. But the issues and risks are exactly what they would be—and then some—if we were running network cable to a new floor of our building.

Control local AP footprints

While your network has a footprint, so do individual APs. Here are some rules of thumb for providing good coverage while preventing leakage:

  • Keep the AP as far away from any windows as possible.
  • Place the AP as high in whatever room it is sitting as you reasonably can.
  • Be certain the AP is not sitting too close to another RF source. (Computers themselves can cause interference; don't place an AP next to one.)

Choose antennas carefully

Different environments call for different antenna types. The idea is to keep signals within your building, with maximum access in the proper context and minimal access beyond. Some good tips:

  • Use omnidirectional antennas for more centrally located APs.
  • Point the antenna straight up.

Consider a directional antenna in areas along the perimeter of your building to minimize signal leakage to the outside world. If you can't change the antenna of an AP near the building perimeter, point the antenna inward toward the center of the building.

Maintain a proper client/AP ratio

Another aspect of network footprint control is individual AP effectiveness in context. It's very important that you keep a proper ratio of clients to APs. A good rule of thumb is 20:1 as an upper limit. Keep in mind that your effective AP range, the geography of the room, and possible sources of interference will not likely be more than 150 feet. Plan the number and placement of APs according to these rules.

Final thoughts

Increase your wireless network's effective resolution with an eye toward security when you fine-tune AP signal strength. There's a balance between a strong signal that makes the AP effective in the area where it's placed and a signal so strong that it leaks to the highway outside. Attention to this detail can prevent an intrusion.

Remember that rogue access points essentially represent unplanned, uncontrolled footprint. An axiom of control system theory is that you can't control what you can't observe. Since rogue APs can slip into even the best planned wireless networks, resolve to keep a constant watch for them. You can detect rogue APs with a number of freely available utilities.


Scott Robinson is a 20-year IT veteran with extensive experience in business intelligence and systems integration. An enterprise architect with a background in social psychology, he frequently consults and lectures on analytics, business intelligence...


Editor's Picks