A WiFi-Only Office Network?

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Wednesday June 7, 2006 @01:45PM from the airborn-packet-storms dept.

periol wonders: "I'm the sysadmin for a firm in mid-town Manhattan that is moving to a larger workspace six months from now. The new space is on one floor (100+ users to begin, 200 capacity) and is completely stripped. We've been playing around with the idea of completely wireless office, with no ethernet except to the access points (probably running over VPN for security). Email and files are all accessed locally over the network, and there is a web application hosted off site. Does anyone have experience with this kind of setup? My calculations are that we would need one access point per 15 computers, but I don't know what kind of issues we'll run into along the way. Will we run into unexpected periods of network downtime with a wireless-only setup like this?"

2 of 155 comments (clear)

Min score:

Reason:

Sort:

Absolutely not. by jacobdp · 2006-06-07 14:18 · Score: 5, Informative

Wireless performance is shit. Here's the problem: Sure, 802.11g gives you a theoretical peak 54 mbps. However, not only do you never get more than 50% of it, that bandwidth is shared among every user on the network and is half-duplex. It's like having everyone on a single hubbed network - once a buch of users all start communicating at once, you get collisions, and performance drops. 1 user on wireless is fine. 5 or 10 is questionable. 50 will be like molasses.
Re:The downside to wireless office: by swillden · 2006-06-07 14:46 · Score: 5, Informative

How long do you think it will take me to crack the WPA/EAP key,
Which one?
Assuming EAP-TLS, each authentication is a mutual authentication using public/private key pairs on both access point and device. You'll need to crack the client's auth key to get in. So how long will it take you to crack a 2048-bit RSA key?
Or, assuming you want to sniff the data, rather than join the network, you need to crack the packet encryption keys. With WPA, that means you have to defeat TKIP, which changes the RC4 key on every packet transmitted, and isn't vulnerable to the related-key attacks that sunk WEP's stupid design. But if this is a new office, there's no reason for them to use the backward compatibility hack that is WPA, they should deploy WPA2, which uses AES for the packet-level encryption. Although both WEP and WPA/TKIP misuse RC4 in a way that enabled the WEP attacks (neither of them discard the first few hundred bytes of the keystream after a rekey operation), AES doesn't have the same potential weakness as RC4. Since the best known attack against AES is brute force, you're going to have to search a 128-bit keyspace. How long will that take you?
Given WPA2 and, say, EAP-TLS, the best known attacks on the WiFi security require breaking either RSA or AES. Good luck with that.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.