The Basics of Setting Up a Secure, Successful Wireless Network at Your Laundry Business
[This is the third in a series of articles written to offer helpful suggestions about where to begin and how to better manage an existing or planned Wi-Fi network. Among the topics to be covered are service providers, network options, security and the implementation of Wi-Fi to better serve you and your customers.]
Welcome to the third article in this series on Wi-Fi networks, in which we will dive right into the world of network types and configuration options.
By now, you have a solid base of understanding as to where to begin with:
• Internet connections
• Quality cabling
• Wireless Access Point types
• Wireless Access Point placement
• 2.4 ghz vs. 5 ghz
• Installation consideration
• RF/signal limitations
• WAP power options
• Service providers
• Service types
• Controller/Controller-less APs
Part Three of this series will enable you to expand your knowledge even further by covering:
• RF noise discovery
• Wireless signal/channel testing
• Securing your network
• Technical requirements/options
Earlier in this series, I discussed the limitations of an RF signal (the wireless signal itself), and how everything from florescent light sources to metal objects can negatively affect your experience with wireless technologies. You have already drawn out your desired placement of your Wireless Access Points (APs). Perhaps you already have Wireless Access Points in place and wish to increase their signal or dependability. Think about who your wireless is for. In other words, are you installing just to support your business, or are you installing to support your customers?
Perhaps you wish to have a wireless network for you (Private) and a wireless network for your customers (Public). We will go over all of those scenarios soon. The first step was to draw out your AP locations; the second step was to be mindful of the objects and materials surrounding those locations; and the third step is to survey the desired locations. Using a quality smartphone or tablet, download the following applications:
• A wireless analyzer
• An EMF/EMI detector
A popular (free) choice on Android is WiFi Analyzer, created by Kevin Yuan. A wireless analyzer finds and analyzes wireless signals, channels and neighboring Wireless Access Points. WiFi Analyzer offers a window into how many devices surround your laundry, the channels they are using and how congested those channels are. You will be amazed at how many signals pass through our brains every second of the day. Using this information will help you configure and place (or replace) your Wireless Access Points.
Open WiFi Analyzer and swipe back and forth on the screen to see the various views. Don’t feel overwhelmed – the presentations may look intimidating, but they are fairly straight forward. If you have used or seen a stereo equalizer before, you already have an understanding of what some of the screens depict. The needle to the right indicates a strong signal; the needle to the left means weak signal. Graph near the top means the strongest Access Points, while the graph near the bottom signals the weakest. Many stars – less congested channels; few stars – more congested.
However, strong signal strength doesn’t always equal capacity. Just because the signal is strong doesn’t mean you will have the best quality. Essentially, you can have a strong signal, but the noise around your device may interfere with the data to and from your device. Since all wireless devices contend for their time to “speak,” paying attention to the channel congestion (the stars) is important. Think back to our example earlier in this series, with cars passing through a tunnel – the more cars on the road (the channel), the more cars that need to wait to get through that tunnel. If you’ve got a one-lane road, that means one car at a time. We’ll come back to using the WiFi Analyzer later.
On the other hand, an EMF/EMI (Electromagnetic Field and Electromagnetic Interference) detector doesn’t search or analyze wireless signals per se, but it allows you to “see” the electrical fields around you. The importance of this traces back to my first article, regarding the example of the drycleaning business and its extremely poor network experience. All of the slowness, drops and overall issues were related to EMI. An EMF/EMI detector allows you to visually see the electromagnetic fields/electromagnetic interference (by way of onscreen numbers and graphs) that may cause troubles. High EMF/EMI is bad for your cable runs, as well as your wireless signals.
Once you’ve downloaded and opened an EMF detector, you can move your phone or tablet around the area in question. Taking note of how high interference is adjacent to where you want your wireless devices and access is important. Expecting a quality signal around heavy noise devices is like expecting your car’s clean, newly changed oil to flow perfectly through a dirty oil filter. Use both apps to better install or rearrange your WAPs.
The Wi-Fi analyzer detector also will come in handy to test your signal as you move around a space. The analyzer, along with an EMF/EMI detector, can be used prior to actually mounting your hardware. Taking the time to walk your space and validate your ideas will save you from accidentally mounting hardware in the wrong places.
OK, you’ve got the internet. You’ve run your cabling. You’ve mounted your WAPs. You’re excited and ready to go. Let’s do this!
Not so fast.
You’ve only done the front-end work. What was your decision on why you wanted wireless? Are you installing everything to support your business itself, or was your end game to support the public? Perhaps you wanted both.
Securing Your Network: Technical Requirements and Options
When it comes to IT, just like medical advice, always seek the assistance of a professional to ensure you are properly installing, configuring and securing your network. All of these options are provided for informational purposes and to help guide you toward your goals. Using this information will assist in enhancing your knowledge and providing your IT firm a good roadmap as to what you’re looking to achieve. Many devices come with easy-to-install wizard-based installations; however, it’s always a good idea to have an IT professional install or validate the installations to ensure security, protection and confidence.
We will stick to the four most common scenarios/options. Which option resonates with you will depend on what type of wireless network you desire – private, public or both. If you plan on having both a private (secure) and public (guest/unsecure) network, always have a firewall in place to protect your assets. Options One and Two include a firewall and are the more advanced options of the four. Redundancy here is intentional. If you plan on having a secure private network, a firewall is a must. A business firewall, such as Sonicwall, is suggested.
Sonicwall has a line of security appliances designed for small businesses, which include the Sonicwall SOHO and TZ series. They are excellent devices and help secure your network even further when coupled with the Comprehensive Gateway Security Suite.
When installing any piece of hardware or having hardware installed, always ensure that the default password is changed. Default passwords are readily available and should absolutely be changed on every device. Difficult passwords are your best choice, and the longer the better. The same holds true for wireless network passwords.
The more you care about your data – the more you should protect it. Easy passwords are almost as bad as default passwords. Never use personal information in any of your passwords, as personal information is easy to come by. This includes – but is not limited to – your company name, family member names, family birthdays, family pets, etc.
Also, be certain that the latest firmware is installed on your hardware devices. Firmware is the software that not only tells your device how to do what it does but also keeps the devices secure with the latest security patches. Hardware is only as secure as the security patches/upgrades that you keep up with. Again, an IT group is recommended to make sure you’re up to date and continue to stay up to date.
NOTE: Options One and Two should be the first choices for laundry operations that have their business entities attached to their laundromat, drycleaning facility, etc. In other words, if you run your business from a single location (accounting, etc.), the first two options are a must; hence, the more advanced configurations. These entities typically will have multiple PCs, documents and spreadsheets, as well as management and accounting software to run your business. You may only have one single computer that handles all of this – but even that one computer may be your business’ lifeblood. (As a side note, backing up your data is a completely separate topic, but it must be mentioned – back up your data and then back it up again! Securing your business, including the digital assets, is of utmost importance.)
Options One and Two are also highly suggested if you are taking digital payments, as firewalls help to further secure those devices.
Option One Highlights
• Private and public networks
• Managed switch
• Access Point with both private and public SSIDs
With Option One, your ISPs hardware is connected directly to a firewall, and the modem is used strictly as a gateway to access the public internet. The firewall manages connections to and from your network and secures it as such. The firewall connects to a managed switch, which has two VLANs. VLANs (Virtual LANs) allow you to have multiple networks (subnets). In this case, one network is your private secured network and the other is the guest network. Each VLAN will be connected to its own port on the firewall, which would be configured to communicate with each network (private and public) completely independent of each other. When configured properly, traffic (data) from the guest network will not be able to access any part of your private network. The same is true for your private network – when configured properly, your private data on VLAN 1 should not pass over to the guest network on VLAN 2.
With this option, we are taking advantage of a Wireless Access Point’s ability to have two completely separate networks and two completely separate network names (SSIDs). You and your employees will connect to SSID 1 (“Laundry-Private”) and your guests will connect to SSID 2 (“Laundry-Guest”). Although the networks are separate, you may not want to make your private network name obvious.
Option Two Highlights
• Private and public networks
• Dedicated guest WAP direct to ISP
• Firewall dedicated to private network
• Unmanaged switch
• Dedicated private WAP
Option Two physically separates your private network from the guest network. This allows you to provide wireless to your customers without having to think about whether or not a separate firewall port or VLAN is configured properly. Due to the fact that the guest wireless access point is connected directly to the ISP modem and not directly to your firewall, you don’t need to configure a separate port or VLAN on your firewall. Also, with this configuration, there is no need to configure and secure a managed switch to support two separate networks. This is obviously much simpler than Option One and may be a good choice for many laundries that have a private network and still want to offer guests internet access. Since the guest wireless network will not be plugged into your firewall, the firewall will see guest traffic the same way it sees internet (WAN) traffic – as unsecured public data. WAN should always be blocked from passing through to your private network (LAN). Firewalls generally block WAN to LAN by default.
Option Three Highlights
• Private and public networks
• No separate firewall
• Access Point with both private and public SSIDs
Option Three offers a simpler possibility and is designed for use where you don’t necessarily conduct business in your space, but you do occasionally wish to connect your laptop or you have hardware such as cameras installed. The Wireless Access Point should have a built-in firewall and should be designed to keep private and public traffic separated.
Option Four Highlights
• ISP modem only
• ISP built-in public hotspot
• Private network
Option Four is actually more secure than Option Three. You’re relying on the firewall capabilities within your ISP’s modem to protect your private network. The hardware that is provided is often very similar to the hardware you would have at home. All of your devices plug into the ISP modem – you may even take advantage of the wireless capabilities of the modem.
In this scenario, your guests never actually connect to your network directly. How do they connect? They will connect to the “hotspot” feature provided by the ISP.
What’s a hotspot? I will use Chicagoland as an example and – depending on your location – you may see the same. Here in Chicagoland, Comcast/Xfinity has public hotspots nearly everywhere you go. When you search for Wi-Fi, they show up as “xfinitywifi.” If you have an Xfinity account, you can use all of these hotspots for free. If you don’t, you have the option to pay for blocks of time. This is made possible by all of the modems that are installed throughout the city (including homes). Many of their devices that have built-in wireless have separate hotspots that are always broadcasting for people to connect to. According to Comcast, “the Xfinity Wi-Fi service is designed to work on a separate network so that your home (insert business) network remains entirely secure.”
This option is very convenient for many customers and often the simplest, as many people have Xfinity. Your ISP may also provide you with stickers promoting your laundry as a hotspot. However, keep in mind that allowing this will not enable you to capture any statistical usage data or present your patrons with a landing page or sales materials.
This is a great place to stop, as once again you have been presented with a lot of information. In the upcoming and final article in this series, I will explain more about security, WAP configuration and basic marketing options.