Domain: newburynetworks.com
Stories and comments across the archive that link to newburynetworks.com.
Comments · 9
-
Go copper. Or at least go with good WiFi.
You don't say why you don't want a copper plant -- but it seems like you're giving network wiring a bad rap. Do you intend to have laptops assigned to everyone, and intend for them to roam around the office all day? (I'm picturing a scene of dogs wandering around at a dog park as I write this!) If the users are primarily sitting at their desks and are using "desktop" machine, there doesn't seem to be much of an advantage to go wireless -- in fact, I'd say that you'd have more headaches.
I'm assuming that you want to do this because the userbase is mostly laptop-based.
You definitely will spend a lot of money on getting real wifi equipment to do this roll-out. At the very least, you will want to have access points that will handle WDS correctly so that people can roam around from AP to AP. You will want to have central configuration management, performance/usage monitoring, and security management. (One product off the top of my head that might be useful: WiFi WorkPlace.)
Note that with wifi, each access point acts essentially like a shared hub -- and the throughput is less than half ot the signaling speed -- so your 10 users on the same 54-Mbps AP will be on an effetive "20 Mbps" hub... Latency is higher, too. Yuck.
In order to keep the footprint of each "hub" (AP) small to ensure reasonable performance, you will need a lots of low-powered access points. And hope that your client machines are running bug free drivers --- back when I used to play with linux wlan drivers, we sometimes had a client go crazy and pump up the transmitter to max power in order to associate with the AP on the other side of the building -- and stepping on a lot of traffic in the process.
Good luck! -
Commercial Solutions
My company recently implemented a product called "WiFi Watchdog" from Newbury Networks (http://www.newburynetworks.com/). Damned nice product, and it has the capabilities you are looking for. The latest version of their software will give you a heat map as to where a device is likely to be overlaid on top of a map of your building.
Other vendors selling a similar products include Airmagnet and AirDefense. Some of the bigger AP infrastructure guys such as Cisco even have some built in products to do similar things.
The big advantage I found with NNI is that their product helps reduce false positives by identifying APs outside our building and labeling as such - so when a Sears truck drives by with a built in AP our alarm bells don't go off. Other neat things include a cool RADIUS service that "authorizes" connections based on location. Tied together with other authentication services that would make for a really really powerful solution for securing your wireless.
Anyway, hope that helps find some good solutions for you.
-Jack Ash
PS: No, I am not an employee of NNI or anything of the sort, I'm just a guy who went through your exact problem last year and ended up finding this solution. -
Some Idealab ideas...
These are two companies I've heard of from Idealab where I used to work:
Newbury Network's Location Server products uses 802.11b signal monitoring to do location detection. They offer a virtual docent system that uses the technology to allow the virtual docents to provide location-appropriate information.
Evolution Robotic's VSLAM lets robots use odometry AND visual data to update its position information.
Depending on the size of the warehouse and the manner of "occlusion" that occurs, I'd say wiring up the warehouse with lots of cameras and triangulating to a beacon would be a pretty straightforward method... The hockey puck, indeed! -
WiFi Geolocation
Well, you can buy lots of cool products that will thell you exactly where all your wireless clients are!
plus there are lots more that do other sorts of monitoring but without the geolocation angle. But I didn't just hand in a marketing assignment about them.
-
Re:Physical perimeter security on 802.11
Good questions:
a) It's not triangulation, because as you might guess, triangulation on 802.11 is extremely problematic because of occlusion, reflection and multi-path issues. That said, thinking of it in terms of triangulation isn't way off. It is definitely reliable enough to use as a layer of authentication. Depending on the deployment, the accuracy and precision can be quite high (sub-meter). Of course, even in those cases, we always recommend the use of other authentication mechanisms as well. Security is about multiple factors. Location is only one.
b) On a wireless network, because of purely passive sniffing, you also want encryption in addition to access control. WEP is a good first step, but it is obviously reasonably easily crackable. A variety of other options are coming soon (WPA, RSN, etc.)
In addition to these two sides (access control and encryption), there's a whole bunch of other security issues you need to worry about: ad-hoc networks, accidental outside associations, AP spoofing, and a number of others. We (Newbury Networks) provide location based monitoring of all of these attacks. There are a number of other good monitoring products out there including free ones like Kismet and other commercial ones like AirMagnet, AirDefense, NetworkChemistry and a handful of others. Naturally, I think our product is the best, but our product is a bit different. -
Physical perimeter security on 802.11
My company (Newbury Networks, Inc.) makes a product that provides physical perimeter security on 802.11. It uses our location-tracking technology to identify the location of all 802.11 traffic and can then both report and classify traffic as well as deny access to devices outside your physical perimeter. While some security problems remain, this largely mitigates the "attacker in the parking lot" scenarios.
Most people assume that wireless security cannot be coupled to physical security. If you can keep people outside your building off your network, it's a whold different ball game. This essentially eliminates spoofing problems because it doesn't matter if you're spoofing if you're outside. Obivously, internal threats are still an issue and any security system should be multi-factor. Location is simply a key element that it's hard to provide for wireless.
(I hope this isn't taken as inappropriate product pushing, but I believe it is a useful and relevant solution to many wireless security problems) -
Pattern recognition can work wellI've seen demos and installations of a commercial product that does decent indoor 802.11 location tracking. It uses a clever implementation of a pattern matching algorithm and gets _better_ results in a complicated environment.
It's called WiFi Watchdog from Newbury Networks in Boston and they've installed it at the Smithsonian Institution, at Dartmouth College, and some other places. -
Give professors control of net access
There's already been one technolgy based solution to this problem described but there is a ready made solution for schools that either don't want to or don't have the resources to roll their own. http://www.newburynetworks.com has a product that can allow/disallow different levels of network access depending on your physical location. And of course it runs on Linux.
-
Re:So what use is it?