A wireless network’s footprint
is its effective area of coverage, the physical territory in which one may
access it. In most cases, growth in wireless network footprints is a good
thing, even a bragging point. Bigger means greater access to the network. Metaphorically
speaking, you want the network’s footprint to be worthy of a
tyrannosaur—absolutely huge and providing great coverage and a high degree of
availability.

On the other hand, that huge footprint carries a risk of
malevolent intrusion that increases with its size. A network footprint is more
or less a product of the access point deployment. And the primary entry in a
WLAN for an intruder is, of course, the access point (AP).

That’s why the management of a network footprint requires a
constant balancing act between territorial expansion and controlling the
increasing security risks. Simply, network footprint expansion is synonymous
with increasing security risk. As you expand and increase your network you must
give corresponding diligence to security issues.

As your network grows, there are some specific initiatives
you should make standard:

Curtail informal network expansion

When APs are added, they should be added according to a formal
procedure that includes:

  • A request for the increase in coverage.
  • An assessment of the user load the AP will
    handle.
  • An evaluation of that local environment for
    leakage risks and potential signal interference.
  • An authorization that leaves someone accountable.
  • A detailed record of the AP’s installation and
    testing.

Wireless expansion via AP is so simple that it is a
temptation to just pop an AP in as easily as we move a lamp in our office. But
the issues and risks are exactly what they would be—and then some—if we were
running network cable to a new floor of our building.

Control local AP footprints

While your network has a footprint, so do individual APs.
Here are some rules of thumb for providing good coverage while preventing
leakage:

  • Keep
    the AP as far away from any windows as possible.
  • Place
    the AP as high in whatever room it is sitting as you reasonably can.
  • Be
    certain the AP is not sitting too close to another RF source. (Computers
    themselves can cause interference; don’t place an AP next to one.)

Choose antennas carefully

Different environments call for different antenna types. The
idea is to keep signals within your building, with maximum access in the proper
context and minimal access beyond. Some good tips:

  • Use
    omnidirectional antennas for more centrally located APs.
  • Point
    the antenna straight up.

Consider a directional antenna in areas along the perimeter
of your building to minimize signal leakage to the outside world. If you can’t
change the antenna of an AP near the building perimeter, point the antenna
inward toward the center of the building.

Maintain a proper client/AP ratio

Another aspect of network footprint control is individual AP
effectiveness in context. It’s very important that you keep a proper ratio of
clients to APs. A good rule of thumb is 20:1 as an upper limit. Keep in mind
that your effective AP range, the geography of the room, and possible sources
of interference will not likely be more than 150 feet. Plan the number and
placement of APs according to these rules.

Final thoughts

Increase your wireless network’s effective resolution with
an eye toward security when you fine-tune AP signal strength. There’s a balance
between a strong signal that makes the AP effective in the area where it’s
placed and a signal so strong that it leaks to the highway outside. Attention
to this detail can prevent an intrusion.

Remember that rogue access points essentially represent
unplanned, uncontrolled footprint. An axiom of control system theory is that
you can’t control what you can’t observe. Since rogue APs can slip into even
the best planned wireless networks, resolve to keep a constant watch for them.
You can detect rogue APs with a number of freely available utilities.