Slashdot Mirror
Upgrading Wi-Fi — What, When, and Why
lessthan0 writes "Wi-Fi (802.11x) networks have been around long enough that many businesses and home users run their own. The first widely deployed standard was 802.11b, while most new hardware uses 802.11g. The latest 802.11n hardware is just around the corner. If you run an existing wireless network, is it time to upgrade?"
The summary says that 802.11n is just around this corner...what about this article yesterday that says it's been delayed to 2008?????
When you get to hell -- tell 'em Itchy sent ya!
Not if you have more than one user. Hint: think about wifi deployed at a school or airport...
... wait for n.
As for the general question, the answer is: Upgrade if you have to. If your users are bitching that the net is too slow, upgrade.
If you just want to be hip and spout the latest and greatest
Tom
Someday, I'll have a real sig.
most people get along just fine with 100mb because 1. the internet is the primary use of the network.. which comes nowhere near 100mb of bandwith.. and im sure gigabit is pretty widely used in very high bandwith environments.. its just.. why use a more expensive technology when there is no need for it (as in most home and small office environments)
Well, gigabit ethernet is no longer "much more expensive." I saw a 5-port gigabit switch at a retailer yesterday for under $12/port. Cards are equally cheap. The problem is that for most users, they won't notice the difference, or they'd have to change the cabling fro cat5 to cat6, or they have one or more boxes that are still runing 100mb, so there is zero point in upgrading.
Give it 5 years ...
Network operators should not be concerned with who is on the network. All that matters is that the network works.
If they don't pay attention to who is on the network, then the network will cease to work. Would you want 10 people to use your home network and drive your performance through the floor?
I'm honestly interested: What is the reason for not wanting "rogue access points" on a network, except for the foolish belief that the network security is at risk?
First, it is not a foolish belief. The fact you believe it is foolish shows you do not really understand the underlying issues. While there are too many to list, here are a few off the top of my head:
Where I work, we've had people install wireless routers with DHCP turned on and giving out real network IPs because they wanted to get their assigned IP for their notebook. Of course, they made their SSID the same as the normal APs. Addressing and routing problems occured all over the building.
You can also interfere with other access points. If you set yours to the same channel as a nearby AP, you can wreck their performance. Your performance may be fine since you are in the same room as your rogue AP and your signal is strong enough. Not neccesarily true for neighboring rooms/buildings.
If you plug in a router that assigns IPs, even reserved IPs, you may be allowing an attacker to operate anonymously. The official APs may be set up to log all MAC addresses that attempt to connect or otherwise maintain information on the users. If your AP doesn't, then the attacker can't be traced in any way. Our location requires the MAC addresses to be registered - by going through a router this is eliminated. (MAC address is only seen by the router.)
There may be a firewall or IDS immediately "behind" official APs. There might not be a firewall where you connect into the wired network. Especially if you are in a lab, the machines might be patched with a firewall, anti-virus and other protection mechanisms in place, such as no administrator access to users. So anything entering from those machines has already made it past their defenses.
As for being connected to the internet thingy, sure there are a lot of bad things out there. However, if you look at properly secured networks, you would find that there is usually an "outer" firewall, then the DMZ with the machines (mail, web) that need to be accessed from the internet thingy, then there is an "inner" firewall with even more restrictive rules. Then you throw in a few IDS systems, proxy servers and other systems and any attacker has to really work to get into your network without at least alerting you something is going on.
Now, your point that someone can connect their laptop to the network is a valid one - which is why most corporations provide the laptops AND the administrative support for them to make sure they have the latest patches and security apps installed. Ideally, they also have a policy about how and where the laptop can be used. For example, the laptop is for work related business only - no online gambling, pr0n, etc. This greatly reduces the risk. Also, properly managed, the user doesn't have administrative access to the machine.
On a final note, don't assume that bad service indicates a bad admin. They may be operating under restrictions that you aren't aware of. For example, if a corporation donates equipment for a new lab, the school has to spend the time and money to wire it and maintain it. It's great that there is an additional lab, but there is no corresponding increase in staff, so everyone has to work harder. Lack of funds may prevent network upgrades or equipment replacements that are recommended by the admins. Maybe a switch went down and they can't replace it right away, so they decided to provide some service in each lab instead of eliminating all service in one lab.
Anyway, just because you don't think there is a problem with doing something doesn't mean there isn't. Respect the opinion of a professional - unless you know, from experience, they are wrong.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.