Convincing Management to Migrate to WiFi?

bergeron76 asks: "My company is currently preparing to relocate to a new location out in the suburbs. We recently received a very outrageous quote to move our computers, telephony gear, and ethernet wiring to our new office. I'm trying to convince management to switch our call-center to WiFi for a fraction of the "relocation" quote cost. The problem is that they are still considering outsourcing the ethernet wiring at an exorbitant rate! Can the Slashdot crowd help me come up with more selling points for WiFi (beyond the obvious) before I make my formal proposal?"

Geez....

[reaper20]

And here I am trying to convince my management to NOT rollout wireless until they at least look into possible security risks associated with Wi-Fi. Seems like all the PHBs are busy trying to fill in as many buzzwords as possible.

Look at what happened to Best Buy - they got 0wned - do it right and include an entire security overview and recommendations in your findings. Research possible scenarios and record those down too.

If managament goes along with it, and typicaly ends up cutting your funding half-way through (like always happens), they'll skimp on security, some day the network gets compromised, and its your fault for bringing it up in wireless in the first place, that's when you whip out your documentation - stressing the importance of security. Cover your ass.

School

[darthBear]

Apparantly my High School is adding wifi coverage next year becuase there are a lot of places in the school that haven't been wired up as the number of computers grows. Its reached the point where its impossible / majorly expensive to wire them so they are putting in a wifi network to cover them.

While I trust some security will be used. (perhaps foolish trust, these are the people that didn't close port 80 when nimda came and flooded the network) I'm pretty sure a non trivial number of people could own that network in a hurry. We are talking somewhat sensitive data too like grades and inter-teacher corespondence.

My question is what exactly can be done to ensure that wireless networks are secure? They will never be 100% but can they be made good enough for reasonably sensitive data?

Re:School

[anthony_dipierro]

My question is what exactly can be done to ensure that wireless networks are secure? They will never be 100% but can they be made good enough for reasonably sensitive data?

Not really. If you put up a wireless network you are effectively opening up your network to the public. Now if the network is already essentially public (say an intracampus network), that isn't really a problem, but if your data is at all sensitive, it shouldn't be hooked up to a public network.

Re:School

[Hast]

Treat the wireless network as the Internet. Firewall it, don't trust host on it etc.

User loggin on from the wireless net should use VPN.

That way you're safe.

Re:School

[Pii]

It's called Split-tunnelling, silly.

In deploying the VPN solution, you can set the security policy so that when attached to the VPN, *ALL* traffic must utilize the VPN connection.

The effect is that once you initiate the VPN connection, you can't even ping a device on your local segment, or on the Internet.

Once connected, the home/roaming user is insulated as though he were on the network behind the corporate firewall.

Cisco's VPN concentrators (formerly Altiga) behave this way... If you choose to allow split tunnelling, they can even demand that the remote station utilize personal firewall software (Like ZoneAlarm, etc) before completing the VPN connection.

At any rate, the problem you describe has long been solved.

Try RTFM

I'm guessing you have no buisness recomending one solution or the other. You seem very biased at the install cost without reguard to what is being installed. Obviously phones aren't going to be moved to wireless if your in a call center. The speed of fixed vs wireless at this point is much better. The obvious security implications of wireless data floating around the office and surrounding neighborhood would also be a worry. Wireless could always be added in stages at a later time however, the costs of going back to a fixed solution after the initial move would be really outrageous. Better to do that than experiment with technologies that while undoubtedly are cool are not proven yet and as such should be handled with a long stick unless you are prepaired to take a big hit should things not work out the way you expect them to.

Re:Try RTFM

[bellings]

If I had mod points, I would give them to you in a heartbeat.

I have no idea what the original poster considers an "exorbitant" price for wiring. I have a difficult time imagining that doing all the wiring for a bunch of call center fixed phone stations without ethernet is going to be significantly less than doing all the wiring for a bunch of call center fixed phone stations with ethernet. If it is significantly different, the submitter should suggest to the owners that they get additional quotes. If the owner refuses, well... either he's spending his own money foolishly, or there's some type of fraud going on. Time to polish up the resume, I guess.

evesdropping

[anthony_dipierro]

Can the Slashdot crowd help me come up with more selling points for WiFi (beyond the obvious) before I make my formal proposal?

Management can set up a single computer which monitors all traffic on the network without buying expensive chained managed switches.

Re:evesdropping

[honold]

even better...it's not just limited to management - the employees of the taco bell next door can do it too!

Re:evesdropping

[anthony_dipierro]

the employees of the taco bell next door can do it too!

Only if they have the decryption key - which isn't totally out of the question.

Depends on how much security you really need. If there's nothing proprietary on the WiFi connected computers, then it might be a good idea. OTOH, if there is anything you don't want available to the public on those computers, you're probably better going with the most secure method of protection - physical security.

call cisco

[ealar+dlanvuli]

The simplest solution to your problem is to let the salespeople sell. Call cisco and get a marketing type on, tell them what you have been quoted, and ask them to come up with a total network quote that's better, then have them present it to the managment. If your even a mid sized buisness I'm sure they can come up with a salesperson to do a meeting with your managment for a hour or two.

You talking to the managment *might* get you somewhere, but your much more likley to get somehwere if you get a professional marketer in there.

Doh!

[itwerx]

Unless you know for a fact that your performance needs are minimal, you better do a bunch of research and discuss the future needs of the company with the powers that be or your head WILL be handed to you on a platter.
Cat-5 can do Gigabit nowadays, WiFi does about 20Mb if you're lucky (yeah, I know 802.11a can burst up to 74Mb, but you gotta be sitting on top of the damn AP to get that! How many sys-admins can sit on the head of an AP anyway? :).
If you're looking at 802.11b for range then you'll be looking at a real-world max of about 2Mb. Again, fine for browsing and the occasional download but impossible for a business with real bandwidth needs like databases and poorly designed accounting apps. Not to mention the schmuck who delights in creating 50Mb PowerPoint presentations.
Think twice, then a couple more times. Then investigate every app you're using now and every app you expect to be using in the next couple of years, then go have a beer and come back to thinking about in a day or so. Repeat as many times as it takes to update your resume'...

Re:Doh!

[WolfWithoutAClause]

My suspicion is that if you NEED more than 10 base T, your computers are set up badly.

The network I'm on runs with each PC getting their own dedicated 10 baseT link to the routers. This reduces contention and fault isolation is a doddle. The servers are interconnected via 150M connections.

Seems to work fine.

Still, I don't think you'd want to use WiFi for everything- it works better as an overlay network for a few people to use- managers for example. If you do want to use it for everyone, then you'd be looking at dotting dozens of APs everywhere and worrying about how they interwork when they're on the same channels and stuff. It can be made to work, but it's hassle- 100 base T is dirt cheap...

If you're looking at 802.11b for range then you'll be looking at a real-world max of about 2Mb.

Depends on the AP and whether you have WEP switched on. I think there is a strong argument in some scenarios for switching WEP off- the security is inadequate, and a firewall & VPN(IPSEC) is needed. If you have that, setting the SSID is probably sufficient.

Why not just find a better wiring quote?

[zenyu]

If the price is really high, maybe someone out there will seriously underbid them. While WiFi will always be cheaper it's so much slower. I know I'm always maxing out my two 100Base-T lines because of NFS. My SysAdmin promises Gigabit ethernet next time he buys a switch... Don't get me wrong, I love the WiFi for when I bring in my laptop, but it's not really a replacement for wires. Unless you know everyone is just web browsing or something.

If no one will bid low, maybe you can hire some high school students, buy some testing equipment and do the wiring yourself. It's not exactly rocket science. It won't be so pretty if it's outside the walls but it's never pretty behind desks anyway.

Re:Why not just find a better wiring quote?

[dasunt]

For wires outside of the wall, there are surface
mount connectors for RJ-45 (like the RJ-11
telephone connectors) that don't look too bad.

Always keep an eye to security!

[rodionpunk]

Wow, that's a bold agenda! I've actually been peddling the other way: telling management about the perils of going wireless. One of the people in my office asked me, "So, am I safe getting wireless for my house?" I sent him a three page email outlining why wireless was dangerous, as well as recommended security to implement it. (Not that he followed suit, mind you -- it would have taken a gear head to implement security properly, and he didn't seem too keen on the idea of, say, building his own firewall.)

It sounds like to make your case, you have to show that the wireless route is 1) secure, 2) cheaper / more scalable, and 3) secure. Note the repetition there. ;) Passing up security for the moment, you probably have a better handle on whether or not wireless is cheaper / more scalable than wired routes. In my office, WiFi would definitely *not* be sufficient, if that were the only network available. I know that I wouldn't be very happy if I was limited down to the 2 - 11Mb/s of 802.11b at the office, especially when, say, transferring large files or routing large documents. If you have the numbers that say that the bandwidth is "sufficient", fire away!

Unfortunately, whatever proposal you present *has* to have a security focus. You *have* to make the emphasis that wireless is secure enough, and you *have* to be unyielding on the security measures necessary. The main problem with this is the fact that you are surrendering the security of closed wired networks for an open-air, wireless one. Sure, you may have convenience in terms of setting up connections, but you're going to have significant additional headaches making sure things are secure. Some thoughts? Try to get everyone to use IPSEC. Oog, it's ugly and non-simple, but it's what you would have to do if your paranoid. Just thinking about plain-text passwords flying through the ether makes me dizzy from a security standpoint. Drive-by hacking is all too easy and cheap to do. *sigh*

Of course, you're really trying to push the proposal past a manager, right? So perhaps your focus should be on how it's keeping the company on top of cutting edge, alternative technologies to proactively seek out the most cost-effective methods for maximum deployment capacity. *heh*

Re:Removal of Shackles

[emag]

You might want to reconsider the choice of an SMC Barricade. While it has OK range, it's not the best. The two highest that I've found are SMC's stand-alone WAP (which I would have gotten, if MicroCenter hadn't pissed me off with a bait-and-switch attempt on the Barricade+NIC), and the Linksys WAP11. I have the Linksys, and a friend/coworker has the SMC standalone. Both have at least a 50% greater range than the Barricade (Linksys's is 50%, the standalone SMC's is about 70%-80%).

Plus, this friend originally had a Barricade, and got absolutely *awful* reception in his house. The switch to the WAP-only SMC product (wish I could remember the name) greatly improved his wireless experience.

Of course, if you *need* the other features of the Barricade, and live in a tiny area (like a 1 bedroom apartment), you might be OK.

Gotta ask about the phones

[biglig2]

The point is, that assuming your phones are going over CAT5 to the desks, then the difference between wiring one CAT-5 to every desk and running two is going to be minimal. (of course, you want at least three per desk, but you get the idea)

Of course, perhaps you're going to squeeze the voice over that 802.11b link, in which case the bandwidth is starting to look even more uncomfortable.

Why is your quote for cabling so high? Is it a tricky install? Decent flood wiring isn't cheap - labour intensive and so on. My company tried doing it cheap, and we have plenty of crappy floorboxes to show for it.

If wireless works out cheaper, and manangement want to stay wired, then it's probably because they are unsure of the new technology. Given the bandwidth and security implications, you must ask yourself "are they right?".

Re:a couple things:

[WolfWithoutAClause]

4. Its secure (128 bit encryption)

It doesn't matter if it has 10,000 bits if it has been cracked. WEP 128 bit encryption has been cracked, and furthermore you can download software to implement the crack off the internet.

I think you really need to put the wireless network outside any firewall you may have; and access corporate data via VPN software. Anything else is begging for trouble.

Being outside the firewall, the security aspects are much reduced, making it questionable whether you need WEP enabled. I would leave WEP on however, it minimises the chances of people leaching bandwidth off of you- it can be cracked but the crack takes atleast an hour to recover the encryption key, and checking your access point's logs occasionally would probably enable you to discover if anyone was keen enough to wait that long.

"Cost" isn't always the "cost" you think it is

[R2.0]

If you are moving to a new location, the PHB's have worked out a deal with your new landlord by which the renovation costs (including network cabling)are covered by the landlord and then amortized through the rent. That way, the costs go on the operating expenses budget and not the capital improvement budget, which both looks better on your balance sheet and is genearally a simpler way to do things.

If you buy all the new WiFi stuff, you have a big hit on your capital budget right up front, and you've purchased equipment that will be obsolete in a short while, which will lead to ANOTHER hit on your capital budget. Copper cables don't wear out, don't break (except for the occasional mis targeted nail), and if you need to lay fiber later, the routing and supports are all there.

It's not nearly as simple as you make it out to be.

Get a going wireless quote first

[jo42]

Before going WiFi silly, get at least two more quotes to have the new facility wired. Then get a quote on what it would take to set up a wireless network.

I'll bet that you'll bet getting wired.

Re:Removal of Shackles

[kableh]

I have a 3Com "Home Wireless Gateway" at home (not sure on the model) and the range is pathetic. Just being a room over it drops in and out of range. Only bought it because it was on sale for cheap. The 3Com plain AP I have here at work has probably 4 times the range.

Also, I've found Linksys cards suck for range. Cisco Aironet 350s can almost double their range. You get what you pay for =).

Re:Removal of Shackles

[emag]

I'm very happy with my SMC card. It was a tossup between "immediacy" and "wait for orinoco gold". Immediacy won. But aside from the lack of external antenna jack, I haven't found anything wrong with the SMC NICs... Now if I'd know about 3Com's XJACK NIC for 802.11b, I might have gone with that, since I *hate* dongles or anything permanently sticking out the side. As it is, I'm afraid of snapping the antenna off of most wireless NICs when I transport my laptop. Glad I have a metal CD case I can stick it in...

Why are you moving the wiring?

[unitron]

"...a very outrageous quote to move our computers, telephony gear, and ethernet wiring to our new office."

Leave the wiring where it is and get the building owner to pay you something for it so that he can offer the next tenant a "network ready" office as additional incentive to rent from him at the price he's asking.

If that location in the suburbs is still under construction, hold a gun to somebody's head to force them to install conduit and a decent wiring closet. That way you can install non-plenum and replace it with fiber-optic or trilithium-sleeved flux capacitance ion stream waveguide hose or whatever the next big thing is ten or twenty years down the road just by hooking it to the old stuff and using the old stuff as a pull rope.

(Yes, my assumption that he meant that they were actually moving the wire is slightly tongue in cheek. But I'm deadly serious about the virtues of conduit.)