The Athletes Shack Wireless Upgrade Proposal | | | Proposal with recommendations for installing a wireless network to the existing wire LAN. | | | 6/17/2012 | |

Executive Summary 3 Site Survey 4 WLAN Security 5 Beta Testing 7 Equipment 8 Budget 12 Conclusion 12 Bibliography 14 Appendix A: TECHNICAL TERMS 15

Executive Summary

The Athletes Shack (TAS) is a chain of sporting goods stores that is looking into adding a wireless network (WLAN) to their current network. TAS has 10 retail distribution stores in the area and would like all the stores to be able to see live inventory suing mobile devices. The management team at Athletes Shack has realized that their success depends on exceptional customer service and efficiency on the floors of the store. To take the next step the company is looking to go wireless and use that technology to separate themselves from other sporting good chains. To continue to have an edge over Foot Locker, Champs Sports and other Athletes Shack feel this is a necessary step. Once the WLAN is installed in each of the 10 locations this will allow remote log in via the internet and VPN connection. The expectation is to have a major improvement on customer service. Added technological benefits to sales associates while on the floor will include real time sales pricing quotes, inventory product availability and to check the company website. In store operations will see additional business value through addition of wireless tracking for inventory, merchandise receiving, item ordering and price checking. A solid WLAN solution will interconnect all 10 stores, providing an in store communication that will allow cross checking of inventory between various locations. With the wireless devices in hand associates will be able to send instant messages (IM) to other associates at other locations to inquire about a certain piece of inventory and quantities. This added retail tracking will allow stores to leverage supply chain capabilities by providing merchandise to other regions where inventory is needed to meet a specific request that the local store might not otherwise be able to provide. The Investment in wireless technology will not only enable Athletes Shack to experience the greater benefits today, but can also benefit from a flexible, scalable design to move into the future.

Site Survey

A radio frequency (RF) site survey is the first step in the deployment of a Wireless network and the most important step to ensure desired operation. A site survey is a task-by-task process by which the surveyor studies the facility to understand the RF behavior, discovers RF coverage areas, checks for RF interference and determines the appropriate placement of Wireless devices. (Geier, 2008) One of the issues that will be a point of interest will be WIFI coverage for all 10 stores. We are under the assumption that all 10 WLAN will be different design because all 10 stores have different layout designs. One of the keys to the site survey is making an assessment of outside interference that may at some point calls problems for the WLAN. As well there are some structures within each location that we must be able to maneuver around to install the desired equipment for the WLAN. Another step in the process for the Athletes Shack chain of stores is to analyze and understand the environment of each individual store to see how the current network is designed. The assessment will be to take a look at the design and determine if we will stick with what the current layout or what changes will be made if any. If the networks from any of the stores are to be taken down it will be done after hours to prevent minimal downtown for the network. (Geier, 2008)
WLAN Security

Before we even start the design of the WLAN there must be a blueprint to how we are going to protect the company’s data and internal information. There are multiple WLAN implementations and all the designs are varied depending on the client and depending on the network functionality required. Still certain areas in the process should never be over looked or taking lightly. Listed below are some security concerns that must be part of the design: (Anil Khatod, 2004)
•Security and attack mitigation
•Controlled access of users to wired network resources
•Wireless data confidentiality
• Authentication of users to network resources
•Access point management
•Authentication of users to network resources
•Security Policies
First and foremost security policies for the WLAN are key because we are putting the existing network at risk to outside exposure. WLAN access must be confined to the Athletes Shack security policy very close. In addition, it must provide this access as securely as possible. Even though we are adding a new WLAN to the existing network we still want the same characteristics of the wired LAN. The Athletes Shack will have a few security options and we will cover a few and the pros and cons of each. (Stallings, 2005)
The 802.11 standards define WEP as a simple mechanism to protect the over-the-air transmission between WLAN access points and network interface cards (NICs). Working at the data link layer, WEP requires that all communicating parties share the same secret key. To avoid conflicting with U.S. export controls that were in effect at the time the standard was developed, 40-bit encryption keys were required by IEEE 802.11b, though many vendors now support the optional 128-bit standard. WEP can be easily cracked in both 40- and 128-bit variants by using off-the-shelf tools readily available on the Internet. On a network with a lot of traffic, 128-bit static WEP keys can be obtained by a season hackers. WEP alone would not and should not be the only defense for protecting the WLAN. The IEEE 802.11 standard describes the use of the algorithm and key in WEP but it is not specific on the methods for key distribution. Without an automated method for key distribution, any encryption protocol will have implementation problems because of the potential for human error in key input. (Ciampa, 2006) * The security afforded by the algorithm relies on the difficulty of discovering the secret key through a brute-force attack. * WEP is self-synchronizing for each message. This property is critical for a data-link level encryption algorithm, where “best effort” delivery is assumed and packet loss rates may be high. * The WEP algorithm is efficient and may be implemented in either hardware or software.
WLAN access points can identify every wireless card ever manufactured by its unique Media Access Control (MAC) address that is burned into and printed on the card. Some WLANs require that the cards be registered before the wireless services can be used. The access point then identifies the card by the user. Even if it were implemented, it cannot account for hackers who use WLAN cards that can be loaded with firmware that does not use the built-in MAC address, but a randomly chosen, or deliberately spoofed, address. Using this spoofed address, a hacker can attempt to inject network traffic or spoof legitimate users.
VPN technology provides the means to securely transmit data between two network devices over an insecure data transport medium. The most likely way of connecting via VPN is over the internet. VPN in a wired network has some security limitations and they are even more in wireless networks. Wireless networks are even less secure than a wired network. VPN technologies implement restricted-access networks that utilize the same cabling and routers as a public network, and they do so without sacrificing features or basic security. VPN can be supported at least three different modes of use: (Stallings, 2005) * Remote access client connections * LAN-to-LAN internetworking * Controlled access within an intranet
Beta Testing

Another critical portion of the project is to find high quality equipment at affordable prices to make the project worth implementing. This can be a very tedious process of calling vendors and resellers for price quotes. The positive side is that we are looking to purchase similar amounts of equipment to cover all 10 locations. We are only recommending the equipment to the Athletes Shack. It will be up to the upper management and the IT team to decide what equipment is best suited for them across all 10 locations. Should be able to narrow down and decide on the equipment over the course of a couple of months.

Upon completion of this stage the team will focus on running a series of tests, both at the individual locations as well as at the designated headquarters or centralized location. The purpose is to ensure that the installation process was performed to specifications and is operational to eliminate any potential problems that may arise when the network goes live. This stage is also important because problem areas can be easily detected, isolated and resolved efficiently. One of the steps we took was to come up with a testing sample environment to make sure the Athletes Shack point of sales and other applications would work with the new WLAN. The picture below is what our test lab looked like.
(design)
The testing will run at a minimum of 3-4 months to assure the client that we have thoroughly run through all of systems. We will work together with both our engineers and the Athletes Shack IT teams. This is a valuable part of the upgrade to be able to communicate between the two groups. Being able to run simulations on running a sale of an item, doing inventory checks as well as a power outage simulation can only aid in the implementation of the new WLAN for the customer.
Equipment

The list of WLAN equipment we felt would work best for the current design as well as for the Athletes Shack were the following items.
Access Points (Cisco Aironet 1200 Series) The Aironet 1200 was the AP we feel would be a solid AP to go with and would perform well at just about any environment. Each Athletes Shack location will have at a minimum of eight Aironet Series access points. From the site survey we fill this would cover all the dimensions for each store. All Cisco Aironet 1200 Series platforms, support IEEE 802.11a/b/g access points deliver the versatility. The Aironet is a high capacity, security, and enterprise-class features required in more challenging RF environments like factories, warehouses, and retailers, and when installing above suspended ceilings. WPA2 is the Enterprise version of the IEEE 802.1X standard and uses the extensible authentication protocol (EAP) for authentication. * Strong cryptography support from the Temporal Key Integrity Protocol (TKIP) * WPA-Enterprise, a mechanism for network authentication using IEEE 802.1x and a supported EAP type, one of EAP/TLS, TTLS or PEAP * WPA-Personal, a mechanism for using TKIP without IEEE 802.1x authentication by using a shared passphrase, intended for consumer networks

Firewall
(Cisco PIX 515E Firewall) The Cisco PIX 515E was selected as the Firewall solution for the each store location will have single PIX installed to provide the security and protection of the company’s data and integrated services communications. The Cisco PIX 515E is a security appliance that delivers both user and application policy enforcement, in addition it also provides multiple integrated security and networking services. As we have stated throughout the proposal security is the backbone of the network and feel the PIX 515E provided what we needed to secure the network.
• Advanced Application-Aware Firewall Services
• Market-Leading Voice-Over-IP and Multimedia Security
• Robust Site-to-Site and Remote Access IPSec VPN Connectivity
• Award-Winning Resiliency
• Intelligent Networking Services
• Flexible Management Solutions
Wireless Controller (Cisco ASA 5500 Series Adaptive Security Appliances) We could have used many different brands of wireless controllers. We decided to go with the Cisco5500 controller for many reasons. One we wanted to stay uniformed and primarily the rest of the equipment is all Cisco so there was no need to change. The idea was keeping it all Cisco from a communication stand point but as well from a troubleshooting view as well. If we were to mix and match you tend to run into compatibility problems as well as some vendors not supporting certain type of configurations. The 5500 can Supports 12, 25, 50,100, 250, or 500 access points for business-critical wireless services at locations of all sizes. Since we are talking a medium to large enterprise this is a must. The 5500 Series supports a greater density of customers and delivers much more effective roaming, with at the throughput of current IEEE 802.11a/g networks. After all of the equipment and wiring is completed the next phase of the project is to setup a single store as a pilot and resolve any issues rather than rolling out all stores simultaneously and trying to deal with the same issues at ten different sites. The team will also look over the feedback collected and determine how the system can be tweaked to be both more efficient and user friendly. Once all issues and concerns have been addressed the remainder of the stores will then be rolled out. The team will also use the feedback information to establish and conduct a training program for all employees of the Athletes Shack chain of stores. The goal here is to provide each location, and its employees, with the tools necessary for conducting business in the new network environment.
Budget

Conclusion

The growth and innovation of wireless technology have provided a powerful opportunity for Athletes Shack to implement the latest cutting edge internetworking solution available to the enterprise. Given the proposed wireless enterprise solution, Athletes Shack will have the ability to leverage its ROI for this technology by taking advantage of the many opportunities it provides. The cross-inventory checking capability available via the mobility solution is a key strategic advantage that will keep Athletes Shack ahead of its competition. This remote access capability will allow Athletes Shack to provide equipment that other local suppliers may not have due to regional shortages, and may also foster the opportunity for partnerships with smaller suppliers, thus providing additional revenue channels. The second key strategic benefit is the WLAN implementation. Each store will have the capability for its employees to utilize wireless equipped laptops to quickly check inventory inside the existing store, and across the entire chain of 10 stores to determine product availability for its customers. Finally, the WWAN solution will provide the critical link between all stores to maintain a cross inventory capability and wireless communication capability between all 10 stores. This powerful competitive advantage will set Athletes Shack apart from its competitors. The enterprise wireless solution holds scalability advantage, so that additional stores may be added to the chain using the same technology implementation model to quickly interconnect these new stores with the existing enterprise. This scalability will allow Athletes Shack to ultimately increase its supply chain and revenue stream capabilities as the business continues to grow. We feel that we did all the research and have presented the Athletes Shack with some viable options for the WLAN and look forward to their decision on whether or not they will go through with the addition.

Bibliography

Anil Khatod, A. I. (2004, November 4). Five Steps To WLAN Security -- A Layered Approach. Retrieved June 1, 2012, from www.computerworld.com: http://www.computerworld.com/s/article/97178/Five_Steps_To_WLAN_Security_A_Layered_Approach
Ciampa, M. (2006). CWNA Guide to Wireless LANs. Thomson Course Technology.
Cisco Aironet 1200 Series. (n.d.). Retrieved June 2012, from http://www.cisco.com: http://www.cisco.com/en/US/products/hw/wireless/ps430/index.html
Cisco ASA 5500 Series Adaptive Security Appliances. (n.d.). Retrieved May 23, 2012, from http://www.cisco.com: http://www.cisco.com/en/US/products/ps6120/index.html
Cisco PIX 515E Firewall. (n.d.). Retrieved June 2012, from http://www.cisco.com: http://www.cisco.com/en/US/docs/security/pix/pix63/quick/guide/63_515qk.html design, W. L. (n.d.). Retrieved from http://www.edrawsoft.com/: http://www.edrawsoft.com/
Geier, J. (2008, June 25). How to: Conduct a Wireless Site Survey. Retrieved May 23, 2012, from www.wi-fiplanet.com: http://www.wi-fiplanet.com/tutorials/article.php/3761356
Stallings, W. (2005). Wireless Communications & Networks. Upper Saddle River,: Pearson Prentice Hall.

Appendix A: TECHNICAL TERMS * Port: A port in this context is a single point of attachment to the LAN infrastructure. Note that in the 802.11 LAN case, an access point manages “logical” ports. Each of these logical ports communicates one-to-one with a station’s port. * Authenticator: The authenticator enforces authentication before allowing access to services that are accessible via that port. The authenticator is responsible for communication with the supplicant and for submitting the information received from the supplicant to a suitable authentication server. It only acts as a pass through for the authentication exchange. * EAP: The Extensible Authentication Protocol (EAP) is a method of conducting an authentication conversation between a user and an authentication server. Intermediate devices such as access points and proxy servers do not take part in the conversation. * Extensible Authentication Protocol over LAN (EAPOL): 802.1X defines a standard for encapsulating the Extensible Authentication Protocol (EAP) messages so that they can be handled directly by a LAN MAC service. This encapsulated form of EAP frame is known as EAPOL. EAPOL (EAP over LANs) in case of WLANs is also termed as EAPOW (EAP over Wireless). * RADIUS: is the standard way of providing Authentication, Authorization, and Accounting services to a network. * WEP: Wired Equivalent Privacy * MAC: Media Access Control