Slashdot Mirror
Upgrading Wi-Fi — What, When, and Why
lessthan0 writes "Wi-Fi (802.11x) networks have been around long enough that many businesses and home users run their own. The first widely deployed standard was 802.11b, while most new hardware uses 802.11g. The latest 802.11n hardware is just around the corner. If you run an existing wireless network, is it time to upgrade?"
Upgrading Wi-Fi: What, When, and Wi?
...and that's the way the cookie crumbles.
The summary says that 802.11n is just around this corner...what about this article yesterday that says it's been delayed to 2008?????
When you get to hell -- tell 'em Itchy sent ya!
If 802.11b/g works for me, why would I upgrade? Don't be a consumer whore just because some shiny new wireless protocol comes out... stick with what you have unless it sucks.
Not if you have more than one user. Hint: think about wifi deployed at a school or airport...
... wait for n.
As for the general question, the answer is: Upgrade if you have to. If your users are bitching that the net is too slow, upgrade.
If you just want to be hip and spout the latest and greatest
Tom
Someday, I'll have a real sig.
for me anyway.
I have 3 problems with WiFi.
1) Too many people near by with WiFi makes the connectivity suck within my apartment(have tried many channels). How about a new system where base units can figure out the best configuration when there are others nearby and even change them when the radio pattern(/coverage) changes.
2) My existing devices are not compatible with "New" security standards, fx. Ipaq and wpa2. For every WiFi enabled unit you buy, you have the problem of not being able to upgrade your security unless all devices support it.
3) My HP notebook drops connection when a cellphone is used in my apartment.
There are so many things that can break my WiFi net that I still prefer to use cables. Thought about getting a Squeezebox with WiFi, but I think I might as well save the money and just use cable.
No, if your users are bitching that the net is too slow then you should schedule a three day long upgrade window during their peak usage times, wander around the site changing all of the patch cables on the access points from blue to yellow, and then turn it back on again five days later without changing anything else.
They'll be raving about the increased speed for at least a week and then forget that anything ever happened.
Reading articles about 802.11n, there seems to be no compeling reason to upgrade to this draft specification for most folks right now... Poor interoperability with other "n" devices, poor backward compatibility with both "b" and "g" devices, more expensive hardware, and buggy firmware. The bottomline is, upgrading to 802.11n today means you are willing to be a beta tester for the hardware manufacturers.
1. If you buy 802.11n products, your AP needs to have easy firmware updates, because there is no standard, and you WILL want to update the firmware when the standard is ratified plus three months, meaning the summer of 2008.
2. 802.11n is faster than 802.11a,b, and g. But you need to buy everything from the same vendor, because that'll ensure it works together as compatibility is iffy. You can't do as nifty antenna tricks with 802.11n as you can with b and g. The 802.11a rules in the US currently prohibit antenna tricks. So, flexibility with standards means 802.11g.
3. If you use any 802.11 product, use WPA, or upgrade to it, and keep checking for firmware upgrades every few months, then do it.
4. Currently, the fastest *standardized* method is 802.11g. There are various turbo modes that may or may not allow you faster downloads, but most APs are inhibited by upstream throttle-back anyway. And for this reason, you might like it for home use but don't use it on mobile machines as hotspots sometimes have trouble with cards that are in 'auto-turbo' mode.
5. Unless you have backhaul that's faster than the WiFi transport, it's useless to buy anything faster because it will make no difference in speed. If you have a crappy DSL connection, the speed will still be crappy DSL speed. It's nice to have your WiFi router speed as the fastest common denominator because DSL and cable and other transports keep getting faster and faster. If you have asymetrical backhaul, that won't change no matter what you do (example: 3MB/s down, 750KB/s up).
WPA secures at minimum. Using AES with TLS is thought to be the most solid method. Having a temporal key is important as key life had a bearing on breaking the key. Currently, no one will sit around and wait for long keys to be broken unless THEY REALLY WANT YOU. If they do, they'll do something smarter. All WEP can be broken in under 22minutes, period.
For better paranoia, read WiFoo-- currently the most interesting hacker cookbook I've found.
---- Teach Peace. It's Cheaper Than War.
> Why upgrade at all? Unless you can really use the extra speed of 802.11g because you have an
> insane internet speed it's just a waste.
Many places there are quite simply too many nearby using 802.11b/g along with wireless
phones on the same frequency. It is too crowded.
"Upgrading" to 802.11a (different frequencies used than 802.11b/g) will help as there generally
are far fewer 802.11a users. The range may not be the same, though.
if I didn't have VPN over wifi thanx to m0n0wall and my RADIUS server...... as such I guess I will wait for N assume my trusty BEFW11S4 (b router) dosn't crap out.
if anyone is thinking of going G the WRT54GL with the dd-wrt firmware is pretty sweet.
whatever you do DO NOT buy a WRT54GS or later model WRT54G models..as they suck pretty much http://en.wikipedia.org/wiki/WRT54G
actually I am happy to see you, however that is in fact a banana in my pocket.
"I saw a 5-port gigabit switch at a retailer yesterday for under $12/port. Cards are equally cheap. The problem is that for most users, they won't notice the difference,"
I think the problem is that it's unlikely that switch supports JUMBO frames. 1500 bytes don't cut it at gigE speeds. Even on a Barton XP 2500+, you get 100% CPU saturation around 250MBps with 1500 byte ethernet packets. My very high quality Intel gigE NICs support jumbo frames of 9000 mtu (and up), but this cheap Airlink switch (the only one I could find in town) is broken past 1500 MTU, meaning it's garbage (don't buy Airlink gear).
I'm sure the Airlink would be fine if you had garbage gigE nics, though, which is probably their target market.
" or they'd have to change the cabling fro cat5 to cat6, or they have one or more boxes that are still runing 100mb, so there is zero point in upgrading."
All of these are bunk. Most cat5 that's properly wired has 4 conductors in it (which is what you need for gigE) and are shielded well enough. You mentioned a switch; you should know that a switch allows for mixed speed devices with no general speed drop (unlike the old hubs that used to exist).
If you have a fileserver in your house serving up to 3-4 client machines like I do, gigE is well worth it, since the network is no longer the bottleneck.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Network operators should not be concerned with who is on the network. All that matters is that the network works.
If they don't pay attention to who is on the network, then the network will cease to work. Would you want 10 people to use your home network and drive your performance through the floor?
I'm honestly interested: What is the reason for not wanting "rogue access points" on a network, except for the foolish belief that the network security is at risk?
First, it is not a foolish belief. The fact you believe it is foolish shows you do not really understand the underlying issues. While there are too many to list, here are a few off the top of my head:
Where I work, we've had people install wireless routers with DHCP turned on and giving out real network IPs because they wanted to get their assigned IP for their notebook. Of course, they made their SSID the same as the normal APs. Addressing and routing problems occured all over the building.
You can also interfere with other access points. If you set yours to the same channel as a nearby AP, you can wreck their performance. Your performance may be fine since you are in the same room as your rogue AP and your signal is strong enough. Not neccesarily true for neighboring rooms/buildings.
If you plug in a router that assigns IPs, even reserved IPs, you may be allowing an attacker to operate anonymously. The official APs may be set up to log all MAC addresses that attempt to connect or otherwise maintain information on the users. If your AP doesn't, then the attacker can't be traced in any way. Our location requires the MAC addresses to be registered - by going through a router this is eliminated. (MAC address is only seen by the router.)
There may be a firewall or IDS immediately "behind" official APs. There might not be a firewall where you connect into the wired network. Especially if you are in a lab, the machines might be patched with a firewall, anti-virus and other protection mechanisms in place, such as no administrator access to users. So anything entering from those machines has already made it past their defenses.
As for being connected to the internet thingy, sure there are a lot of bad things out there. However, if you look at properly secured networks, you would find that there is usually an "outer" firewall, then the DMZ with the machines (mail, web) that need to be accessed from the internet thingy, then there is an "inner" firewall with even more restrictive rules. Then you throw in a few IDS systems, proxy servers and other systems and any attacker has to really work to get into your network without at least alerting you something is going on.
Now, your point that someone can connect their laptop to the network is a valid one - which is why most corporations provide the laptops AND the administrative support for them to make sure they have the latest patches and security apps installed. Ideally, they also have a policy about how and where the laptop can be used. For example, the laptop is for work related business only - no online gambling, pr0n, etc. This greatly reduces the risk. Also, properly managed, the user doesn't have administrative access to the machine.
On a final note, don't assume that bad service indicates a bad admin. They may be operating under restrictions that you aren't aware of. For example, if a corporation donates equipment for a new lab, the school has to spend the time and money to wire it and maintain it. It's great that there is an additional lab, but there is no corresponding increase in staff, so everyone has to work harder. Lack of funds may prevent network upgrades or equipment replacements that are recommended by the admins. Maybe a switch went down and they can't replace it right away, so they decided to provide some service in each lab instead of eliminating all service in one lab.
Anyway, just because you don't think there is a problem with doing something doesn't mean there isn't. Respect the opinion of a professional - unless you know, from experience, they are wrong.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.