Convincing Management to Migrate to WiFi? 43
bergeron76 asks: "My company is currently preparing to relocate to a new location out in the suburbs. We recently received a very outrageous quote to move our computers, telephony gear, and ethernet wiring to our new office. I'm trying to convince management to switch our call-center to WiFi for a fraction of the "relocation" quote cost. The problem is that they are still considering outsourcing the ethernet wiring at an exorbitant rate! Can the Slashdot crowd help me come up with more selling points for WiFi (beyond the obvious) before I make my formal proposal?"
Re:Security (Score:1)
Pros:
Do not have to run any cabling other than from the access points to the servers and out.
Secure in the way that someone can't just jack into my lan and see what I have.
Cons:
Cost . . . The cheapest wifi lan card is $89 compared to hard line $7. The cheapest 24 port hub is about $140, where as a cheap access point (with poor range) is about the same. Now you are probably going to want to run bridges instead of running lots of cables to all of your access points and bridges run about $300 for a pair.
Security. I can sit outside your office building, with a linux laptop and be in your network in about 10 minutes, this is using code your find on the web. So I don't need to even physically get into the building.
Of course there are others, but there just isn't enough positives to go that way in a corporate environment. Wait till a better wifi comes out, besides 802.11b is pretty slow.
Removal of Shackles (Score:1)
Wireless has no such relocation costs.
Re:Removal of Shackles (Score:2)
Plus, this friend originally had a Barricade, and got absolutely *awful* reception in his house. The switch to the WAP-only SMC product (wish I could remember the name) greatly improved his wireless experience.
Of course, if you *need* the other features of the Barricade, and live in a tiny area (like a 1 bedroom apartment), you might be OK.
Re:Removal of Shackles (Score:2)
Also, I've found Linksys cards suck for range. Cisco Aironet 350s can almost double their range. You get what you pay for =).
Re:Removal of Shackles (Score:2)
Geez.... (Score:5, Insightful)
Look at what happened to Best Buy - they got 0wned - do it right and include an entire security overview and recommendations in your findings. Research possible scenarios and record those down too.
If managament goes along with it, and typicaly ends up cutting your funding half-way through (like always happens), they'll skimp on security, some day the network gets compromised, and its your fault for bringing it up in wireless in the first place, that's when you whip out your documentation - stressing the importance of security. Cover your ass.
You sure about that? (Score:1, Insightful)
You can get 10/100 Ethernet cards for $15-20. The cheapest I've seen PCI 802.11 cards for is $75-100. Are you really so sure this is going to be saving that much money? Don't forget that the base station is $400 instead of the $100 for an 8-port 10/100 switch!
a couple things: (Score:1, Informative)
2. It's NEW and INNOVATIVE, its the next high tech thing, and even better, its actually in wide use. (Give Examples, e.g. school mobile laptop labs, other companies, etc)
3. It is stable (Give WOWing statistics on range, etc.)
4. Its secure (128 bit encryption)
5. It is mobile (people can bring their laptops to meetings and be networked)
6. No exhorbiant costs every time the cubicles are re-configured.
These are the main points I would hit on, if I needed to make a sell to my boss, or company. Good Luck. And remember, play to their mentality, and what they like (e.g. Dilbert)
Re:a couple things: (Score:2)
It doesn't matter if it has 10,000 bits if it has been cracked. WEP 128 bit encryption has been cracked, and furthermore you can download software to implement the crack off the internet.
I think you really need to put the wireless network outside any firewall you may have; and access corporate data via VPN software. Anything else is begging for trouble.
Being outside the firewall, the security aspects are much reduced, making it questionable whether you need WEP enabled. I would leave WEP on however, it minimises the chances of people leaching bandwidth off of you- it can be cracked but the crack takes atleast an hour to recover the encryption key, and checking your access point's logs occasionally would probably enable you to discover if anyone was keen enough to wait that long.
School (Score:2, Interesting)
While I trust some security will be used. (perhaps foolish trust, these are the people that didn't close port 80 when nimda came and flooded the network) I'm pretty sure a non trivial number of people could own that network in a hurry. We are talking somewhat sensitive data too like grades and inter-teacher corespondence.
My question is what exactly can be done to ensure that wireless networks are secure? They will never be 100% but can they be made good enough for reasonably sensitive data?
Re:School (Score:2)
My question is what exactly can be done to ensure that wireless networks are secure? They will never be 100% but can they be made good enough for reasonably sensitive data?
Not really. If you put up a wireless network you are effectively opening up your network to the public. Now if the network is already essentially public (say an intracampus network), that isn't really a problem, but if your data is at all sensitive, it shouldn't be hooked up to a public network.
Re:School (Score:2, Insightful)
User loggin on from the wireless net should use VPN.
That way you're safe.
Re:School (Score:1)
That's essentially what I said. The only hosts which should have wireless ethernet cards should be those which allow (or could allow) public access. An exception could be made for well secured machines with competent admins, but that pretty much rules out machines running a consumer version of windows.
User loggin on from the wireless net should use VPN. That way you're safe.
Safe is an overstatement. It depends on the level of security you need. VPNs from untrusted hosts are inherently unsafe because you can place a keycapture or other trojan on the untrusted host and steal the key(s). If a user's access through the VPN is limited to that user's data, then you haven't opened up too big a hole, but I've seen companies give companywide access to the entire private network from home. So now you've limited the entire network's security to the security of a home machine, probably running windows, IE, kazaa, and outlook. That's not very smart.
Re:School (Score:2)
In deploying the VPN solution, you can set the security policy so that when attached to the VPN, *ALL* traffic must utilize the VPN connection.
The effect is that once you initiate the VPN connection, you can't even ping a device on your local segment, or on the Internet.
Once connected, the home/roaming user is insulated as though he were on the network behind the corporate firewall.
Cisco's VPN concentrators (formerly Altiga) behave this way... If you choose to allow split tunnelling, they can even demand that the remote station utilize personal firewall software (Like ZoneAlarm, etc) before completing the VPN connection.
At any rate, the problem you describe has long been solved.
Re:School (Score:1)
The effect is that once you initiate the VPN connection, you can't even ping a device on your local segment, or on the Internet.
That doesn't stop a virus/trojan which was placed on your system before you initiated the VPN connection.
At any rate, the problem you describe has long been solved.
I think you misunderstood the problem I described.
Try RTFM (Score:5, Insightful)
Re:Try RTFM (Score:3, Informative)
I have no idea what the original poster considers an "exorbitant" price for wiring. I have a difficult time imagining that doing all the wiring for a bunch of call center fixed phone stations without ethernet is going to be significantly less than doing all the wiring for a bunch of call center fixed phone stations with ethernet. If it is significantly different, the submitter should suggest to the owners that they get additional quotes. If the owner refuses, well... either he's spending his own money foolishly, or there's some type of fraud going on. Time to polish up the resume, I guess.
Re:Try RTFM (Score:1)
They could be. Spectralink in one of a few companies that sell 802.11 phones. Unlike 2.4Ghz cordless phones, these wouldn't interfere with your wireless network because they _use_ it. Look here: http://www.spectralink.com/products/netlink.html [spectralink.com]
evesdropping (Score:2)
Can the Slashdot crowd help me come up with more selling points for WiFi (beyond the obvious) before I make my formal proposal?
Management can set up a single computer which monitors all traffic on the network without buying expensive chained managed switches.
Re:evesdropping (Score:2, Funny)
Re:evesdropping (Score:2)
the employees of the taco bell next door can do it too!
Only if they have the decryption key - which isn't totally out of the question.
Depends on how much security you really need. If there's nothing proprietary on the WiFi connected computers, then it might be a good idea. OTOH, if there is anything you don't want available to the public on those computers, you're probably better going with the most secure method of protection - physical security.
Re:evesdropping (Score:1)
call cisco (Score:2, Informative)
You talking to the managment *might* get you somewhere, but your much more likley to get somehwere if you get a professional marketer in there.
Doh! (Score:4, Insightful)
Cat-5 can do Gigabit nowadays, WiFi does about 20Mb if you're lucky (yeah, I know 802.11a can burst up to 74Mb, but you gotta be sitting on top of the damn AP to get that! How many sys-admins can sit on the head of an AP anyway?
If you're looking at 802.11b for range then you'll be looking at a real-world max of about 2Mb. Again, fine for browsing and the occasional download but impossible for a business with real bandwidth needs like databases and poorly designed accounting apps. Not to mention the schmuck who delights in creating 50Mb PowerPoint presentations.
Think twice, then a couple more times. Then investigate every app you're using now and every app you expect to be using in the next couple of years, then go have a beer and come back to thinking about in a day or so. Repeat as many times as it takes to update your resume'...
Re:Doh! (Score:2)
The network I'm on runs with each PC getting their own dedicated 10 baseT link to the routers. This reduces contention and fault isolation is a doddle. The servers are interconnected via 150M connections.
Seems to work fine.
Still, I don't think you'd want to use WiFi for everything- it works better as an overlay network for a few people to use- managers for example. If you do want to use it for everyone, then you'd be looking at dotting dozens of APs everywhere and worrying about how they interwork when they're on the same channels and stuff. It can be made to work, but it's hassle- 100 base T is dirt cheap...
If you're looking at 802.11b for range then you'll be looking at a real-world max of about 2Mb.
Depends on the AP and whether you have WEP switched on. I think there is a strong argument in some scenarios for switching WEP off- the security is inadequate, and a firewall & VPN(IPSEC) is needed. If you have that, setting the SSID is probably sufficient.
Why not just find a better wiring quote? (Score:2)
If no one will bid low, maybe you can hire some high school students, buy some testing equipment and do the wiring yourself. It's not exactly rocket science. It won't be so pretty if it's outside the walls but it's never pretty behind desks anyway.
Re:Why not just find a better wiring quote? (Score:2)
mount connectors for RJ-45 (like the RJ-11
telephone connectors) that don't look too bad.
Re:Why not just find a better wiring quote? (Score:1)
Ultracheap solution is to bring a high pair count cable to each row, and install a 6-25port breakout box where final connections are done with patch cables. Downside is that you would be limited to 10Mbit, but phone and data can all be done together.
With a little more money, you can go for actually bringing cat 5 cables to the breakout box...
...but going wireless to save money?
Always keep an eye to security! (Score:2, Insightful)
It sounds like to make your case, you have to show that the wireless route is 1) secure, 2) cheaper / more scalable, and 3) secure. Note the repetition there.
Unfortunately, whatever proposal you present *has* to have a security focus. You *have* to make the emphasis that wireless is secure enough, and you *have* to be unyielding on the security measures necessary. The main problem with this is the fact that you are surrendering the security of closed wired networks for an open-air, wireless one. Sure, you may have convenience in terms of setting up connections, but you're going to have significant additional headaches making sure things are secure. Some thoughts? Try to get everyone to use IPSEC. Oog, it's ugly and non-simple, but it's what you would have to do if your paranoid. Just thinking about plain-text passwords flying through the ether makes me dizzy from a security standpoint. Drive-by hacking is all too easy and cheap to do. *sigh*
Of course, you're really trying to push the proposal past a manager, right? So perhaps your focus should be on how it's keeping the company on top of cutting edge, alternative technologies to proactively seek out the most cost-effective methods for maximum deployment capacity. *heh*
Free Bandwidth, right on! (Score:1)
By the way, are there any coffee shops within WiFi range of your new office? They wouldn't mind if I hung out, drank coffee, and read slashdot would they?
Gotta ask about the phones (Score:2)
Of course, perhaps you're going to squeeze the voice over that 802.11b link, in which case the bandwidth is starting to look even more uncomfortable.
Why is your quote for cabling so high? Is it a tricky install? Decent flood wiring isn't cheap - labour intensive and so on. My company tried doing it cheap, and we have plenty of crappy floorboxes to show for it.
If wireless works out cheaper, and manangement want to stay wired, then it's probably because they are unsure of the new technology. Given the bandwidth and security implications, you must ask yourself "are they right?".
Cost is not the only factor - security, DoS, etc (Score:1)
Please read this [oreillynet.com] and consider carefully if you really want to roll out wireless networking. Think security. Think performance. Think reliability. Think about still being able to sleep at night.
Key points not made clearly in the article:
(a)Setting up a wireless LAN is like taking some cat5 from the switch and running it to plugs in your walls, on the street, and in the neighbours' houses. You lose _all_ physical security.
(b) you become vunerable to RF intererence, both intentional and accidental. DoS could be hard to trace.
(c) even with WEP, etc, your internal LAN must be treated with DMZ level security as you never know who's listening. IPSec VPN a must. WEP could be secure - but there are several well documented problems with it even in its current incarnation.
(d) Personal firewalls on all windows boxes would be strongly reccomended, there is a cost in this too.
Above all this, you've got to factor in performance. 54MBps (11MBps is a joke after overheads, not worth the bother) + WEP & MAC-layer overheads of up to 50% + IPSec VPN overheads (maybe 10-20% more again?). You'll have 20-30MBps shared between all clients on each access-point, hub style. Ever used a hub (instead of a switch?). they _suck_. Well, unless you like to find out where the guy in the next office gets his pr()n *grin*
Is shared 20MBit enough for most of your clients? is it worth a hybrid wired/wireless setup for the clients that need more throughput? Is the reduced hardware and cabling cost worth the security issues, security costs, etc?
Heck, what if an employee puts in a cool new kind of fluro light or something and fizz, down goes the LAN. Imagine debugging that!
Wireless might be more of an option in a year or so if the standards people and vendors get moving and agree on a decent, two-way-authenticating system that doesn't leak too much info and is reasonably robust. Currently, I'd never reccomend wireless LANs for anything other than a "guest access" subnet firewalled off carefully from the rest of the LAN and requiring a password for any 'net access (all forced through a proxy of course).
"Cost" isn't always the "cost" you think it is (Score:3, Informative)
If you buy all the new WiFi stuff, you have a big hit on your capital budget right up front, and you've purchased equipment that will be obsolete in a short while, which will lead to ANOTHER hit on your capital budget. Copper cables don't wear out, don't break (except for the occasional mis targeted nail), and if you need to lay fiber later, the routing and supports are all there.
It's not nearly as simple as you make it out to be.
Well... (Score:1)
Get a going wireless quote first (Score:2, Insightful)
I'll bet that you'll bet getting wired.
silly idea (Score:1)
Not only will you have a faster connection, buy also a more secure one. I like wireless, but I don't expect it to be secure. You would be surprised to find out how easy it is to sniff packets from a wireless network.
Why are you moving the wiring? (Score:2)
Leave the wiring where it is and get the building owner to pay you something for it so that he can offer the next tenant a "network ready" office as additional incentive to rent from him at the price he's asking.
If that location in the suburbs is still under construction, hold a gun to somebody's head to force them to install conduit and a decent wiring closet. That way you can install non-plenum and replace it with fiber-optic or trilithium-sleeved flux capacitance ion stream waveguide hose or whatever the next big thing is ten or twenty years down the road just by hooking it to the old stuff and using the old stuff as a pull rope.
(Yes, my assumption that he meant that they were actually moving the wire is slightly tongue in cheek. But I'm deadly serious about the virtues of conduit.)