Wi-Fi and Data Security on Events
Wi-Fi and Data Security on Events
by Simon Byrne
Wi-Fi is real handy at gigs. It means less cables need to be run, and it gives you the ability to easily transport media, control devices remotely such as mixing desks, lighting control and so on. However, it is a long way from perfect and needs to be deployed carefully.
There are three broad use cases on events for Wi-Fi. Real time media transport (video and audio wirelessly), control, and communications.
For real time media transport, there needs to be a compelling reason to do it wirelessly. Wi-Fi devices are literally radio transceivers which are prone to all the issues that come with radio devices. They operate in unlicensed spectrum so there is no legal protection from interference, and on a practical level, all the punters bring Wi-Fi devices in their phones so interference is going to be high.
We are all familiar with Ethernet cable, which has four twisted pairs of copper wires in one cable. This allows for bi-directional or full-duplex communication. Network devices on either end of the cable can talk at the same time, much like a two-lane highway.
Wi-Fi is half-duplex, which means that on any channel, only one device can talk at a time. If two devices try to talk at the same time, they interrupt each other. Wi-Fi is more like a single lane road; traffic can only flow in one direction at a time.
Since Wi-Fi is half-duplex, only a single Wi-Fi device can transmit on a channel at a time. The more Wi-Fi devices we add to that single channel, the more we restrict the available time for each device to talk.
For example, if eight devices are trying to talk on a wireless network, it will take twice as long as one with only four devices. This is known as co-channel interference. Since only one device can talk on a channel at a time, we need to limit the amount of devices on each channel. By ensuring our channel isn’t too crowded, we reduce co-channel interference.
Half-duplex, combined with RF and co-channel interference makes the reliable transfer of real time media difficult because the stream is regularly interrupted by other network traffic. You can get around this by buffering the content but that adds time delay.
Useless for live and time sensitive material.
A solution is to have multiple transmitters and receivers for a link and bond them into a single stream. The concept is that at least one of the links is stable at any one time which should ensure reliable delivery. Brands like Teradek do this, but there is still some small latency which is usually acceptable, but they still sometimes fail due to interference.
I would never put a program stream on a Wi-Fi link unless I could afford to lose it, and there was no other option. The most reliable real time transport method for media is via a cable!
2.4 and 5 GHz Wi-Fi Comparison
2.4GHz is the older and most dominant frequency range that emerged in 1999 upon which several standards are built (b/g/n). It has the advantage of a good range (about 100 metres line of sight), but the huge disadvantage in that lots of other devices operate in the 2.4GHz range, and therefore generate interference.
For example, cordless phones and even microwave ovens operate in this range! In Australia there are eleven channels to select from in the 2.4GHz range.
5GHz is the other main range and it has much less congestion, but because of the higher frequency, is more prone to obstructions and suffers less range (about 30 metres). 5Ghz has close to two hundred channels. However, unlike television channels, most Wi-Fi channels overlap with each other.
802.11 a, b, g, n or ac? The letter refers to which version of the 802.11 standard. a and b being the oldest, dating back to 1999 and ac in 2012.
Allowing any device to talk at the slower, legacy versions means data rates can increase Wi-Fi overhead by as much as 40%. Therefore, on your wireless access point, turn off the legacy 802.11b data mode (11 mbps).
Disabling the slower data rates will force all devices to either talk faster, or disassociate from the network, which will increase network performance.
A live venue is the equivalent of a crowded Wi-Fi battlefield. Literally hundreds of Wi-Fi radios arrive with the audience so strategies need to be put in place.
Height, people, height! Get your access point up high. You want line of sight from it to any of your clients. This is crucially important once the audience enters the room.
Antennas – Your antenna options are limited by law. That is, generally you are not allowed to change the antennas on a wireless access point for something more efficient or directional. It is for this reason that if they can be removed, they usually have non-standard connections.
Change channels on the access point – 2.4 GHz Wi-Fi equipment often ships with its default Wi-Fi channel set to 6. Change the channel up or down to avoid it. However, all Wi-Fi devices on a network must use the same channel.
Channel 1 uses the lowest frequency band and each subsequent channel increases the frequency slightly. Therefore, the further apart two channel numbers are, the less the degree of overlap and likelihood of interference.
If you encounter interference from a nearby wireless LAN, change to a more distant channel. The three Wi-Fi channels 1, 6, and 11 have no frequency overlap with each other. Use one of these three channels for best results, but like I said earlier, channel 6 is usually a poor choice.
On 5GHz Wi-Fi, which channel is best? The newer 802.11n and 802.11ac Wi-Fi networks support 5 GHz wireless connections and you should go there if you can. These frequencies are much less likely to encounter wireless interference issues the way 2.4 GHz does.
Also, the 5 GHz Wi-Fi channel choices available in most network equipment have been selected to choose only non-overlapping channels. In Australia, the non-overlapping 5 GHz channels are most recommended: 36, 40, 44, 48, 149, 153, 157 and 161.
How do you know which channels are unused ? Get yourself a Wi-Fi analyser. These are apps which can be downloaded for your phone or PC and they give you a visual indication of what is already being used.
The 5GHz access points also feature Dynamic Frequency Selection (DFS) which is a Wi-Fi channel hopping function that enables WLANs to use 5 GHz frequencies that are generally reserved for radar.
The main benefit of using DFS channels is to use under-used frequencies to increase the number of available Wi-Fi channels, and potentially with more power!
While this Dynamic Frequency Selection feature avoids interference issues, many network administrators avoid using this feature to minimise complications. The main reason being that the clients need to support DFS well and that often is not the case. I wouldn’t use it.
Channel Width – The channel width option controls how wide the pipe is for transferring data. Think of it like a highway. The wider the road, the more traffic (data) can pass through. On the other hand, the more cars (routers) you have on the road, the more congested the traffic becomes.
By increasing the channel width, we can increase the speed and throughput of a wireless broadcast. By default, the 2.4 GHz range uses a 20 MHz channel width. A 40 MHz channel width effectively bonds two 20 MHz channels together, forming the larger pipe; therefore, it allows for greater speed and faster transfer rates.
Obviously, two channels are better than one, right? Not if those channels are crowded with noise and interference.
In crowded areas with a lot of frequency noise and interference, a single 20MHz channel will probably be more stable. 40MHz channel width allows for greater speed and faster transfer rates but it doesn’t perform as well in crowded areas because there is twice as much chance of interference.
VLANs – Segmenting your networks into VLANs (Virtual Local Area Networks) makes a lot of sense. A VLAN uses the same network hardware, but is isolated by software. A different “virtual network”. For example, you might have some wireless comms on one VLAN, and a mixing desk iPad
controller on a separate VLAN.
This way, the operation of the iPad cannot conflict with the wireless comms because they are isolated from each other.
Hide the SSID – A Wi-Fi network’s SSID is the fancy term for its network name which is broadcast over the air. It is the way a user sees and connects to a Wi-Fi network.
In wireless access points you can hide the SSID from being broadcast which means the average users simply don’t know that it exists. This single step of hiding the network dramatically reduces the likelihood of others trying to get into your network.
To be clear, hiding the network SSID will not stop a dedicated hacker in the slightest. It is still dead easy to find, but it takes planned effort.
Change your password! The first thing a hacker is going to do is try the default password that came with the access point. Change it. If it is a critical link, use a cable if possible! Copper is point to point with very low risk of interference. It is always going to be safer.
Wi-Fi is great! But accept that it may not perform properly during the gig and plan accordingly.