Help me convince my company to install a wifi network
April 1, 2004 4:38 AM Subscribe
The company I work for is setting up a new office. Our external IT people are advising against installing a wireless computer network, but I have the distinct impression this is because they don't have the expertise to install one themselves. I need help to build a convincing case to the contrary (assuming I'm right about this).
Any general advice, or any experiences here would be much appreciated, as I know little about networking. The (new) management here are on the brink of ditching our IT people (who came about via a case of nepotism) in any case, as they seem, in general, to be piss poor. Only internal politics has prevented them from doing so.
So far the case against wireless networks is "I don't trust them". I'd really like to be able to debunk this. In the interests of people being able to use laptops from any point in the office, and not have computers bound to specific locations (handy where design is involved) I'm keen to push the idea. I'd hate for the IT people to win out and end up with the same sorry situation that exists in our present office (nothing works for very long).
P.S. no disrespect intended to IT people in general.
Any general advice, or any experiences here would be much appreciated, as I know little about networking. The (new) management here are on the brink of ditching our IT people (who came about via a case of nepotism) in any case, as they seem, in general, to be piss poor. Only internal politics has prevented them from doing so.
So far the case against wireless networks is "I don't trust them". I'd really like to be able to debunk this. In the interests of people being able to use laptops from any point in the office, and not have computers bound to specific locations (handy where design is involved) I'm keen to push the idea. I'd hate for the IT people to win out and end up with the same sorry situation that exists in our present office (nothing works for very long).
P.S. no disrespect intended to IT people in general.
DOn't make the mistake of thinking that what you use at home for wireless is going to cut it in the business environment. Apples and Oranges. Will it work? Yes. Would I use it at work? No. All depends on how much risk you want to open yourself up to.
Also think about how you use your network. Any large file transfers going on between workstations and servers, or other workstations? Wired connections will be better for that.
What is the proximity of other companies? Wireless broadcasts indiscriminatly, so you have to think of that. WEP and Mac filtering can stop the casual users, but if there is a diligent propeller head within reach of your WAP...
Cisco and others make business grade wireless equipment. Do some homework and show it to management.
posted by a3matrix at 5:30 AM on April 1, 2004
Also think about how you use your network. Any large file transfers going on between workstations and servers, or other workstations? Wired connections will be better for that.
What is the proximity of other companies? Wireless broadcasts indiscriminatly, so you have to think of that. WEP and Mac filtering can stop the casual users, but if there is a diligent propeller head within reach of your WAP...
Cisco and others make business grade wireless equipment. Do some homework and show it to management.
posted by a3matrix at 5:30 AM on April 1, 2004
Response by poster: Ace. I should stress that the ditching of the IT company is separate, and not entirely tied to this issue. Obviously the main goal is to have a suitable network in place. CAD drawings are frequently used so large files are definitely an issue. The open-plan vibe, and nature of design work I think would make wirless a definite plus.
posted by nthdegx at 5:45 AM on April 1, 2004
posted by nthdegx at 5:45 AM on April 1, 2004
i'd just present whatever convinced you wireless was the right way to go. if you did some cost-benefit analysis on the back of an envelope then you might tidy it up a bit (and include a sketch of how you're going to divide it up, manage security etc). if it's based on your experience with other companies then describe that experience.
posted by andrew cooke at 6:18 AM on April 1, 2004
posted by andrew cooke at 6:18 AM on April 1, 2004
look up the security features of some wireless equipment. stick with big names like cisco and 3com, who'll have a lot of security features and lots of documentation.
do your work on 802.11g, of course, noting how it's a little over half as fast as wired networking, but so much more convenient. also mention how much wiring costs in labor, ($300 a drop isn't unheard of), etc.
posted by taumeson at 6:37 AM on April 1, 2004
do your work on 802.11g, of course, noting how it's a little over half as fast as wired networking, but so much more convenient. also mention how much wiring costs in labor, ($300 a drop isn't unheard of), etc.
posted by taumeson at 6:37 AM on April 1, 2004
We have extensive wireless (and wired) networking here at my advertising agency. As long as you do encryption and an authenticated network, your security should be fine- it discourages "casual" intrusion, and minimal monitoring would catch anyone who made a point of hacking in.
Our bigger issue was coverage, which required a lot of fiddling with placement of base stations. But, once our guys got it running, it's been awesome.
posted by mkultra at 7:40 AM on April 1, 2004
Our bigger issue was coverage, which required a lot of fiddling with placement of base stations. But, once our guys got it running, it's been awesome.
posted by mkultra at 7:40 AM on April 1, 2004
Best answer: I wouldn't go with just wireless. Wire the workstations, and put a few WAPs around for laptops, temporary workstations, etc. It's just not as fast. A 100mb switch gives you a theoretical max of 100 megabites/second to each workstation, and you can get very close to that theoretical max in practice. 802.11g gives you 54mb, half duplex, shared, to everyone using the access point. You'll never get close to that in practice. I'm still using 802.11b, which is 11mb/s, half duplex. With only one device, I get a max throughput of around 600KB/s, or slightly more than half of the rated 11mb/s. That drops significantly when I turn WEP on.
Speaking of WEP - unless you have no data worth stealing, wep isn't good enough.
As long as you do encryption and an authenticated network, your security should be fine- it discourages "casual" intrusion, and minimal monitoring would catch anyone who made a point of hacking in.
If you rely on WEP, someone can sit in a car outside, or a park nearby or office or whatever with a laptop, and transmit NOTHING to you (so you'll never know they're there) and crack your WEP in a day or two, then start copying any data that goes back and forth. If thats not good enough, some of that data will likely be passwords. If there's data worth stealing, they can come back some evening when everyone's gone home for the night, and clean house.
I'd turn off WEP, gain some speed, and use another layer of encryption, something more secure.
That said, I love my wifi, and we use it at work too. But not instead of wired.
posted by duckstab at 9:31 AM on April 1, 2004
Speaking of WEP - unless you have no data worth stealing, wep isn't good enough.
As long as you do encryption and an authenticated network, your security should be fine- it discourages "casual" intrusion, and minimal monitoring would catch anyone who made a point of hacking in.
If you rely on WEP, someone can sit in a car outside, or a park nearby or office or whatever with a laptop, and transmit NOTHING to you (so you'll never know they're there) and crack your WEP in a day or two, then start copying any data that goes back and forth. If thats not good enough, some of that data will likely be passwords. If there's data worth stealing, they can come back some evening when everyone's gone home for the night, and clean house.
I'd turn off WEP, gain some speed, and use another layer of encryption, something more secure.
That said, I love my wifi, and we use it at work too. But not instead of wired.
posted by duckstab at 9:31 AM on April 1, 2004
are there any wireless systems that use a hardware key for encryption?
posted by th3ph17 at 10:58 AM on April 1, 2004
posted by th3ph17 at 10:58 AM on April 1, 2004
It is possible to place your WAP(s) on an untrusted segment of your network outside your firewall/border router (a segment like this is sometimes called a "DMZ"), and then require wireless users to use a VPN to get on the network. At this point you needn't bother with WEP. Don't allow wireless clients to access anything besides the VPN gateway.
Assuming your VPN of choice is reasonably secure, this approach will give you a good level of security on your WLAN at a slight expense of convenience.
posted by hashashin at 2:01 PM on April 1, 2004
Assuming your VPN of choice is reasonably secure, this approach will give you a good level of security on your WLAN at a slight expense of convenience.
posted by hashashin at 2:01 PM on April 1, 2004
Best answer: Properly securing a wireless network for a corporate environment is a hard problem. Not insoluble, but difficult, and certainly expensive. A year or so ago, my (huge, very security conscious, Fortune 500) company spent several months looking into and prototyping wireless networks that might offer security roughly equivalent to our wired network, with the close involvement of a couple of big name equipment vendors eager to land a sale.
Absolutely no combination of product, configuration, and administrative policy came anywhere close. Several smart network engineers and highly competent security guys wrote an excellent paper -- which unfortunately I'm not permitted to share -- that I find very convincing. Hooking up a wireless network device to any portion of our network, no matter how well "bubbled" or isolated from the important stuff, is punishable by immediate termination. After reading the paper, I agree with this policy.
If you're willing to implement a wireless network, you absolutely have to assume that all traffic is visible to strangers at a distance, and treat it as a completely untrusted medium. For an installation less sensitive to security than that at where I work, a wireless network with, say, all hosts required to be running a properly configured IPSEC stack with trusted certificates might be good enough.
posted by majick at 2:10 PM on April 1, 2004
Absolutely no combination of product, configuration, and administrative policy came anywhere close. Several smart network engineers and highly competent security guys wrote an excellent paper -- which unfortunately I'm not permitted to share -- that I find very convincing. Hooking up a wireless network device to any portion of our network, no matter how well "bubbled" or isolated from the important stuff, is punishable by immediate termination. After reading the paper, I agree with this policy.
If you're willing to implement a wireless network, you absolutely have to assume that all traffic is visible to strangers at a distance, and treat it as a completely untrusted medium. For an installation less sensitive to security than that at where I work, a wireless network with, say, all hosts required to be running a properly configured IPSEC stack with trusted certificates might be good enough.
posted by majick at 2:10 PM on April 1, 2004
Best answer: If you rely on WEP, someone can sit in a car outside, or a park nearby or office or whatever with a laptop, and transmit NOTHING to you (so you'll never know they're there) and crack your WEP in a day or two.
I've read this many times, but I've also tried it. In the dozens of cases I've tried it (as a professional IT worker working in multiple client situatioons, not as a wannabe data cracker), the data gathering has been so slow that it would take *weeks* to crack WEP. This is in environments with dozens of computers attached to the network. None of this, of course, is really an issue with 11g (which you should get if you do go wireless, as stated by others). Also, cracking results depend on the type of WEP used, the kind of equipment used, the amount of data being passed, and the number of computers requesting authentication. In a large company with a lot of wireless nodes, a WEP password could be cracked in less than 24 hours.
A 100mb switch gives you a theoretical max of 100 megabites/second to each workstation, and you can get very close to that theoretical max in practice.
In real-world situations working for data-intensive companies, such as advertising agencies passing huge graphics back and forth over the network, I have found a 100MB switch to be perfectly adequate for an office of 15 to 20 people, in which half were large data users and half were not. nthdegx doesn't say how many people will be in his office.
However, I generally concur with the other advice offered here--not to do wireless--but for different reasons.
First, would installing a wireless network meaning buying all-new network equipment? Routers, switches, hubs, firewalls, whatever? If there's nothing wrong with your current equipment, wireless is a waste of money.
Second, are you planning to replace your current desktop CPUs? If not, do they all accept wireless cards? Meaning, do they have slots? Does the OS accept WiFi drivers? They all already have NICs, so WiFi needs to be justified in order to explain away the installation of a redundant network interface.
Third, what about your printers? Do you have any big plotters or Fiery-type network printers? Do they accept a wireless card? Or do they have to be hooked up to a dedicated PC which is has a wireless card, or to a relay AP? Or will they have to be hard-wired? If so, that will defeat some of the point of doing wireless, unless you're lucky enough to have all of your network printers next to your network switch.
Fourth, in researching this for my clients last year, I found I could install a CAT5 computer network and CAT3 telephone network with full redundancy--that is, twice as many ports at each workstation as were needed (in order to allow for computers brought from home, office growth which might require doubling up, a second phone being installed)--for less than half of what it would cost to do wireless. This was largely due to having to lay out for WiFi cards and APs, though labor was cheaper. Prices surely have changed, but given the points outlined above, I would be very surprised if you could do wireless for cheaper.
Fifth, what will be gained from wireless? You mention you want it so that your users can use their laptops anywhere in the office. This, I have found, is a motivation which does not hold up for most laptop users. Time and time again, people claim they are going to take their laptop somewhere, anywhere, but their desk. And they don't. The laptops sit in the same place consistently. Remember Chiat-Day's open office, with the temporary work areas, and floating work spaces? It failed because people are consistent. It also failed because people *think* they will be mobile, they *want* to be mobile, but the charm wears off, they realize how much of a hassle it is (the weight, the worry about dropping it, the worry about it getting stolen, forgetting the cords, not quite knowing how to dial-in, not knowing how to change between remote and office settings, feeling like a goober using the machine public), and most people who don't have to, don't take the laptop anywhere. A better solution is to have one or two loaners (which is more cost-effective, anyway, than giving all users laptops), or better, just to wire more network jacks in common spaces. Mobility problem solved (unless they wanna WiFi in the loo). So, after that: Do you have any hard-to-reach spaces? Is it a multi-floor setup? Is there a reason you can't run cable (like brick walls everywhere or very high ceilings in an open plan space)? If your only reason to do wireless other than occasional in-office mobility is because it's new or cool, then it's almost impossible to justify.
That's my fiddy cents.
posted by Mo Nickels at 2:28 PM on April 1, 2004
I've read this many times, but I've also tried it. In the dozens of cases I've tried it (as a professional IT worker working in multiple client situatioons, not as a wannabe data cracker), the data gathering has been so slow that it would take *weeks* to crack WEP. This is in environments with dozens of computers attached to the network. None of this, of course, is really an issue with 11g (which you should get if you do go wireless, as stated by others). Also, cracking results depend on the type of WEP used, the kind of equipment used, the amount of data being passed, and the number of computers requesting authentication. In a large company with a lot of wireless nodes, a WEP password could be cracked in less than 24 hours.
A 100mb switch gives you a theoretical max of 100 megabites/second to each workstation, and you can get very close to that theoretical max in practice.
In real-world situations working for data-intensive companies, such as advertising agencies passing huge graphics back and forth over the network, I have found a 100MB switch to be perfectly adequate for an office of 15 to 20 people, in which half were large data users and half were not. nthdegx doesn't say how many people will be in his office.
However, I generally concur with the other advice offered here--not to do wireless--but for different reasons.
First, would installing a wireless network meaning buying all-new network equipment? Routers, switches, hubs, firewalls, whatever? If there's nothing wrong with your current equipment, wireless is a waste of money.
Second, are you planning to replace your current desktop CPUs? If not, do they all accept wireless cards? Meaning, do they have slots? Does the OS accept WiFi drivers? They all already have NICs, so WiFi needs to be justified in order to explain away the installation of a redundant network interface.
Third, what about your printers? Do you have any big plotters or Fiery-type network printers? Do they accept a wireless card? Or do they have to be hooked up to a dedicated PC which is has a wireless card, or to a relay AP? Or will they have to be hard-wired? If so, that will defeat some of the point of doing wireless, unless you're lucky enough to have all of your network printers next to your network switch.
Fourth, in researching this for my clients last year, I found I could install a CAT5 computer network and CAT3 telephone network with full redundancy--that is, twice as many ports at each workstation as were needed (in order to allow for computers brought from home, office growth which might require doubling up, a second phone being installed)--for less than half of what it would cost to do wireless. This was largely due to having to lay out for WiFi cards and APs, though labor was cheaper. Prices surely have changed, but given the points outlined above, I would be very surprised if you could do wireless for cheaper.
Fifth, what will be gained from wireless? You mention you want it so that your users can use their laptops anywhere in the office. This, I have found, is a motivation which does not hold up for most laptop users. Time and time again, people claim they are going to take their laptop somewhere, anywhere, but their desk. And they don't. The laptops sit in the same place consistently. Remember Chiat-Day's open office, with the temporary work areas, and floating work spaces? It failed because people are consistent. It also failed because people *think* they will be mobile, they *want* to be mobile, but the charm wears off, they realize how much of a hassle it is (the weight, the worry about dropping it, the worry about it getting stolen, forgetting the cords, not quite knowing how to dial-in, not knowing how to change between remote and office settings, feeling like a goober using the machine public), and most people who don't have to, don't take the laptop anywhere. A better solution is to have one or two loaners (which is more cost-effective, anyway, than giving all users laptops), or better, just to wire more network jacks in common spaces. Mobility problem solved (unless they wanna WiFi in the loo). So, after that: Do you have any hard-to-reach spaces? Is it a multi-floor setup? Is there a reason you can't run cable (like brick walls everywhere or very high ceilings in an open plan space)? If your only reason to do wireless other than occasional in-office mobility is because it's new or cool, then it's almost impossible to justify.
That's my fiddy cents.
posted by Mo Nickels at 2:28 PM on April 1, 2004
Mo Nickles, re: wep, I've tried it too. I haven't been successful, but in about 8 hours I gathered enough weak packets to guestimate that it'd take about two days, in my situation.
In real-world situations working for data-intensive companies, such as advertising agencies passing huge graphics back and forth over the network, I have found a 100MB switch to be perfectly adequate for an office of 15 to 20 people, in which half were large data users and half were not.
Er, I obviously wasn't clear. I meant with switched 100, you actually can get rates very close to 100mb (as opposed to wifi). I didn't mean to imply that 100mb wouldn't be adequate. We have around 600 pcs and a couple hundred VOIP phones on our 100mb lan, and rarely see sustained utilization of over 10%.
posted by duckstab at 5:26 PM on April 1, 2004
In real-world situations working for data-intensive companies, such as advertising agencies passing huge graphics back and forth over the network, I have found a 100MB switch to be perfectly adequate for an office of 15 to 20 people, in which half were large data users and half were not.
Er, I obviously wasn't clear. I meant with switched 100, you actually can get rates very close to 100mb (as opposed to wifi). I didn't mean to imply that 100mb wouldn't be adequate. We have around 600 pcs and a couple hundred VOIP phones on our 100mb lan, and rarely see sustained utilization of over 10%.
posted by duckstab at 5:26 PM on April 1, 2004
This thread is closed to new comments.
posted by banished at 5:25 AM on April 1, 2004