Setting Up Wi-Fi for a Small Business
July 22, 2011
We share tips on the main tasks involved with setting up a wireless network for a small business or organization. We discuss planning, hardware, security and file sharing.
Choose Personal or Enterprise Wi-Fi Security
The easiest mode to setup and use is the Personal or Pre-Shared Key (PSK) mode. However, since all the Wi-Fi devices use the same security password, it isn't designed for businesses that have employees. You'd have to change the password on all the APs, computers and other Wi-Fi devices when an employee leaves the organization or a device is lost or stolen. Plus, users on the network can intercept and snoop on the Internet activity of the other users, possibility capturing email and website passwords.
The other mode is called the Enterprise or RADIUS mode. Users log onto the wireless network with unique usernames and passwords and/or install a digital certificate. You can quickly and easily change the login credentials for users if they leave or a device is lost or stolen. Plus users can't capture and read each other's traffic.
However, the Enterprise mode requires a RADIUS server to perform the 802.1X authentication. This requires time and/or money to setup. It also makes it more difficult for users to join the network. You'll have to initially configure the network and authentication settings for them.
There are many alternatives to buying a traditional RADIUS server, which is great news for small businesses that don't have a big tech budget:
- Use a hosted service, such as AuthenticateMyWiFi, so you don't have to setup and run your own server
- Use an AP with a built-in server, such as the HP ProCurve 530 and ZyXEL NWA-3500 or NWA3166
- Create your own router/gateway with a built-in server, such as with RouterOS or Zeroshell.
- Use a freeware server, such as TekRADIUS
- Use a free and open source server, such as FreeRADIUS
A Recap and Other Considerations
We reviewed the chief concerns for setting up a Wi-Fi network for small businesses. Start by defining the coverage area and consider cabling. Then check for wireless clients and choose a wireless standard. Also consider offering public wireless access, and choose a security mode: Personal or Enterprise.
There are more general issues to address as well. For example, do you want centralized storage to simplify accessing and sharing files throughout the network? If so, consider using a single PC to host all the files, or buy a network drive, commonly called network-attached storage (NAS).
You should address general security issues too, such as:
- Physical security: Mount or place routers and APs out of reach so they can't be tampered with and so that unauthorized people can't plug into the network
- Antivirus and Firewall protection: Comodo Internet Security and Microsoft Security Essentials are two free solutions authorized for commercial or business use
- Content filtering: Consider OpenDNS to protect your entire network
Eric Geier is a freelance tech writer and the founder of NoWiresSecurity, which helps businesses easily protect their Wi-Fi networks with the Enterprise mode of WPA/WPA2 security by offering a hosted RADIUS/802.1X service. Follow him on Twitter, or use the RSS Feed to keep up with his writings.