Ensuring Robust, Secure Voice Over Wi-Fi Networks

Voice over Wi-Fi (VoWi-Fi) is the hottest new application for WLAN networks since its introduction. Multiple VoWi-Fi phones are available now and a recent survey by research firm In-Stat shows that over 30 percent of enterprises are looking to add this application in the short term. However, it is also the most challenging application to be deployed over a WLAN due to its latency sensitive nature. Critical to good performance is proper upfront deployment planning, ongoing monitoring for network changes and proper security measures.

The requirements of voice applications over a Wi-Fi network are much more demanding than data. First and foremost is complete RF coverage. Today's Wi-Fi deployments focus on data applications and often are limited to conference rooms, the lobby or other selected areas. However, voice applications change that deployment model dramatically.

With the ubiquity of cordless and cell phones, we are used to being mobile while talking. This means an effective VoWi-Fi deployment in the enterprise will require pervasive coverage throughout all meeting areas, workspaces and even stairwells and hallways. Unlike data applications, which may not be affected by small gaps in coverage, a voice call must maintain continuous connectivity or the users will experience dropouts or even lost connections.

Capacity planning is the next key requirement. Today's WLAN technology typically allows a maximum of seven to eight simultaneous voice calls per access point. More than this will result in poor call quality or dropped calls. Assessing the number of callers in a specific area and then determining the appropriate number of access points is a key part of ensuring proper VoWi-Fi network performance.

Given these requirements, comprehensive RF planning is critical to help ensure proper performance of the VoWi-Fi network. RF planning tools allow for floor plans or building maps to be scanned in, the building properties to be modeled and an RF model created automatically in either the 2.4GHz or 5GHz band. Use of these tools before WLAN deployment not only saves time over traditional site surveys, but also eliminates coverage gaps which could cause voice calls to be dropped.

More importantly, RF planning tools can optimize channel planning to avoid excessive co-channel interference which causes congestion and latency problems for the voice clients. And capacity planning can be completed ahead of time, allowing the designer to see how many access points are needed for the expected number of VoWi-Fi clients.

Once the WLAN is installed, ongoing monitoring is critical to ensure the continued quality of VoWi-Fi calls. Several factors may cause VoWi-Fi quality to degrade over time. For example, new neighboring Wi-Fi networks may introduce channel interference, the increase in Wi-Fi clients may contribute to higher densities in certain areas of the building that were not planned for in the original deployment, or an access point might experience a failure.

All of these incidents can lead to complaints from end users about voice quality. A wireless performance monitoring system, preferably using dedicated sensors and not relying on manual walkarounds, can ensure that changes like these do not go unnoticed and the necessary remedies can be put in place.

Over-the-air eavesdropping is a problem for any Wi-Fi client that does not have security enabled. This can be remedied for VoWi-Fi clients by using the appropriate encryption. The latest threats to enterprise security come from Wi-Fi technology itself. Conventional network firewalls, VPNs and 802.11 security standards do not prevent everyday Wi-Fi threats such as rogue access points, unauthorized client connections and ad hoc networks or more malicious hacking threats like honeypot APs, MAC spoofing and DoS attacks.

Client misassociations or honeypot APs can cause a single user to experience a call drop as the client connects to the wrong network and simply cease to work. DoS attacks can cause complete disruption of multiple calls, preventing all communication until the attack is stopped. While there are various forms of wireless DoS attacks, they all are characterized by flooding a channel or channels with de-authentication or similar packets that terminate all current and attempted client associations to access points.

A wireless intrusion prevention system delivers protection by providing 24x7 continuous monitoring of the corporate air space, classifying all Wi-Fi devices with high accuracy and automatically preventing threats based on policies set up by the administrator. Products that also incorporate an RF planning tool provide additional benefits as they are able to model precisely where security sensors should be placed for adequate detection and prevention of threats. In addition, accurate modeling allows for the most precise location tracking, so that once a threat is identified it can be permanently eliminated by physically removing it.

VoWi-Fi applications promise to further increase the usefulness of Wi-Fi networks in enterprises around the world. To deploy them, though, requires more advanced planning than just supporting data applications. Continuous RF coverage, latency issues and client density all affect the performance of a voice application much more significantly than they affect data.

And new threats to the network such as DoS attacks can render a VoWi-Fi solution useless unless they are detected and prevented immediately. A new solution, the Wi-Fi IPS Firewall, combines RF planning, 24x7 performance monitoring and automatic intrusion prevention to enable deployment of robust, reliable VoWi-Fi applications.

Jai Rawat is vice president of business development at AirTight Networks. He can be reached at jai.rawat@airtightnetworks.net.

AirTight Networks Inc. www.airtightnetworks.net

Share this article: Email, Slashdot, Digg, Del.icio.us, Yahoo!MyWeb, Windows Live Favorites, Furl
Add this article feed to: RSS, My Yahoo, Newsgator, Bloglines