WAP: Cheap vs Expensive for a small business?

Kelemvor

Lifer
May 23, 2002
16,928
8
81
Howdy,

My wife works for a small company (8 people) in a small office. They currently have a fully functioning network with the standard router, file server, etc. They have a couple people with laptops and they are looking to get the ability to use wireless cards. Also they had someone with some cabling problems so might just make any desktops also wireless if they start to have problems.

So, here's the question:

Since they already have their existing network in place, is there any reason NOT to just get a $40 wireless router and use it as a WAP and plug it into their existing router? Assuming it would have WEP on and use dedicated MAC addressing to decide who could log onto it or not, is there any major security problem with doing it this way?

If so, what would you recommend for a relatively inexpensive solution to add wireless to a small office with an existing network already in place? They don't need to be able to access each other's computers... Just the shared network drive and the printers.

Thanks for any input.
 

buleyb

Golden Member
Aug 12, 2002
1,301
0
0
I would spend more up front and put in a pure WPA enabled wireless AP and client cards, as WEP is a good, but horribly weak security measure.

are there any wireless APs or clients already in existence (the most likely is some Centrino laptops in the company already)?
 

cmetz

Platinum Member
Nov 13, 2001
2,296
0
0
FrankyJunior, I second buleyb's suggestion of WPA. I strongly suggest it for all users at this point, home, business, or otherwise. Considering that nearly all cheap 802.11g stuff you'd buy today will do WPA TKIP fine, this is not a serious cost burden compared to 802.11b.
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,513
407
126
If the the Wireless connection is going to be used for Regular office work, you would like to look into 802.11g.

If you are looking for a solid powerful system you would like to look into the Cisco Airnet line.

If security is a real concern? Look for WPA. The majority of business is still using WEP, and the Wireless security issue, thought very important, has to be judged according to the reality of the specific business.

In general.

802.11b vs. 802.11g.

The following refers too Entry Level Systems that are usually equipped with < 50mW radios, come with 2dbi antennae, and cost bellow $100.

For Internet surfing it does mot matter since in most cases Internet broadband connection is slower than 802.11b.

For traffic across Internal LAN, 802.11g is significantly faster.

As a frame of reference. The transfer "Speed" of a Good Windows based 100Mb/sec. Network is 70 to 80Mb/sec. (b=bits 8bits=1Byte)

These are the most common used Wireless standard and their official rating.

802.11b = 11Mb/sec. Network "Speed" (Carrier transmission 2.4GHz)
802.11g = 54Mb/sec. Network "Speed" (Carrier transmission 2.4GHz)

Wireless Ethernet needs additional protocol over head for the transfer. In addition, it is not as stable as Wired so it needs extra processing procedures.

As a result the 11Mb/sec. of the Network chipset is translated to a much lower actual performance. Usually 4-6Mb/sec.

Few 802.11b hardware units are also capable to work at 22Mb/sec. (usually referred to as b+) it is nice if it works, in real term will yield 20%-40% more than 11Mb/sec. systems.

The 802.11g line that is rated 54Mb/sec. in the real world it yields 18-22Mb/sec.

***Does 802.11g provides more Distance than 802.11b?***

The answer is Yes and No.

Since the frequency and the output power of 802.11b and 802.11g hardware are similar, the general distance that they cover is similar.

That means that if you have an envioroment that "Kills" the signal it will "Kill" them both.

However if you have a weak unusable 801.11b signal at 50? (just a numerical example) 802.11g might provide a working signal at the same distance since it provides more bandwidth.

Log the following page. The differences between the first set of graphs to the second represent the performance differences between 802.11b to 802.11g

Link to: 802.11a/b/g SOHO Routers & Access Points: Performance

Notice how the D-Link and Netgear Super G Stick above the rest of the Crowd.

Note. If you go with Super G all Wireless units should be of the same Brand.

At the moment the best performance for the price is: D-Link Extreme G Bundle Kit ($89 after rebate)

On Distance in general.

2.4Ghz. is the microwave band; it looses energy on Water molecules. It is susceptible to 2.4GHz noise, and there is a lot of it around (Microwaves, Cordless Phones, etc.)

Indoor, No obstructions (no walls, or Baroque type furniture), it will go up to 100' -120'

Once walls get in to the equation it is a fast decline.

One or two "flimsy" (i.e. not concrete full of metal) walls will yield 40-70'.

Three walls or more? You never know until you try.

If you are almost there, a good external Antenna can save you.

Outdoor with Entry Level Equipment as is out of the box. You can get above 100'

With Direct line of sight using High towers and very good directional Antennae it can work for few miles.

Link: Wireless - Basic Configuration.

Link: Wireless Security for the Home User.

Link to: Extending the Distance of Entry Level Wireless Network.
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,513
407
126
Quote"

If you are extra worried, change the WEP key evrey 3-4 days. Breaking 128bits WEP is a matter of days, frequent changing will deem casual hacker affords futile***.

The solution to the current "weak" WEP is coming out these days (May 2003) with a form of better encryption system called WPA.

Few Manufactures (Linksys, D-Link, SMC), stated that most of their current Wireless hardware will be updated to WPA through new firmware.

Microsoft already posted the WPA update for WinXP".

The above is a Quote from: Wireless Security for the Home User.

***WPA does a very frequent change of the internal key automatically as part of the protocol. :sun:
 

buleyb

Golden Member
Aug 12, 2002
1,301
0
0
WPA is an improvement of WEP in a few ways. The basic improvement is as Jack stated, the shared key you use is utilized to make other keys which are changed every packet, WEP doesn't do this, and its a security concern.

Also, there are two better ways of exchanging keys, WPA (Wi-Fi Protected Access) uses WEP/TKIP to encrypt and exchange keys, or AES (in hardware) to encrypt/exchange keys.




phew...maybe that was too long winded. Regardless, Franky, do you already have any hardware?


The biggest problem, is finding hardware that doesn't support WPA, because a mixed WEP/WPA environment is also a concern.
 

Kelemvor

Lifer
May 23, 2002
16,928
8
81
We have no wireless hardware. Everythign now is wired. But because we've recently gotten some laptops and recently foudn some cabling issues, we want to ADD wireless to the existing network. Not to convert the existing network to wireless.

Thsi would be stricty an Add-On Device to connect to the existing router and such.
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,513
407
126
Technology wise you would Add-On an Access Point to one of your Network Switches, and your Network will become Wireless.

However, due to marketing considerations Wireless Cable/DSL Routes are much less expensive than Access Points.

So either you buy an Access Point, or you might consider getting a Wireless Cable/DSL Router, and use it as a Switch with an Access Point.

Link to: Using a Wireless Cable/DSL Router as a Switch with an Access Point

Which then take us back to the link in my first post.

Link to: D-Link Extreme G Bundle Kit ($87 after rebate)

Or if you are fixated and the word Add-On get this.

Link to: D-Link 2000AP, Up to 108Mbps, with 802.1x and WPA.
:sun:
 

buleyb

Golden Member
Aug 12, 2002
1,301
0
0
Originally posted by: FrankyJunior
We have no wireless hardware. Everythign now is wired. But because we've recently gotten some laptops and recently foudn some cabling issues, we want to ADD wireless to the existing network. Not to convert the existing network to wireless.

Thsi would be stricty an Add-On Device to connect to the existing router and such.

Yep, follow those wonderful links Jack keeps up his sleeve, and just make sure you are buying WPA approved hardware!

If you have no hardware, it makes sense to get all 802.11g hardware, particularly the turbo hardware if you need the speed for file x-fer
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,513
407
126
Hello, Hello. :D This is $87 as compare to $160. :D

At the moment the best performance for the price is:

:D Link to: D-Link Extreme G Bundle Kit ($87 after rebate) :D

:D:D Bundle=SuperG Router + SuperG Card. :D:D


Log the following page. The differences between the first set of graphs to the second represent the performance differences between 802.11b to 802.11g

Link to: 802.11a/b/g SOHO Routers & Access Points: Performance

Notice how the D-Link and Netgear Super G Stick above the rest of the Crowd.

Note. If you go with Super G all Wireless units should be of the same Brand.




 

buleyb

Golden Member
Aug 12, 2002
1,301
0
0
I should change my name to "JackMDS_bandwagon".

I'll second his motion: If you have nothing, super G is great, and keep within the same brand.

if the rebate ends today, BUY IT TODAY :)
 

Kelemvor

Lifer
May 23, 2002
16,928
8
81
Well I'm just doing the research, I don't actually do the buying. And the people that do don't react fast enough to get in on the D-Link deal that ends today. I know that G is the best and Super G is even better and that we would stay within the same brand. Was just mainly asking about the difference in one brand to the next. Reliability, performance, warranty, etc. Cost isn't that much of an issue since this is for a business and not something I'm actually paying for to take home.

They have just started looking into this and I don't know how much research they have already done or how close to being ready to actually buy something they are...

HOWEVER: Thanks a lot for the info. I've read it all and it is very helpful.
 

Kelemvor

Lifer
May 23, 2002
16,928
8
81
Well looks like the D-Link rebate has been extended again thorugh the end of March now...
 

classy

Lifer
Oct 12, 1999
15,219
1
81
For a group that small and the small cost involved I would just add a WAP. I see the other guys reason but unless they are working for the secret service ;) I don't see a huge reason to go all out. Just change the wep every so often and set it up so it allows just the number of connections it needs.
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,513
407
126
Originally posted by: classy
For a group that small and the small cost involved I would just add a WAP. I see the other guys reason but unless they are working for the secret service ;) I don't see a huge reason to go all out. Just change the wep every so often and set it up so it allows just the number of connections it needs.
As an Analogy. Would you like to have a WebCam in you bedroom even if you are not a member of the secret service?

I do not think that the Teenager next door care about the secret service. He gets a signal in his Wireless and he his curious. G_d knows that he can find a lot of ?Ill ?dvice? on the Internet concerning the analysis of his next door neighbor signal.

:light:
 

classy

Lifer
Oct 12, 1999
15,219
1
81
Originally posted by: JackMDS
Originally posted by: classy
For a group that small and the small cost involved I would just add a WAP. I see the other guys reason but unless they are working for the secret service ;) I don't see a huge reason to go all out. Just change the wep every so often and set it up so it allows just the number of connections it needs.
As an Analogy. Would you like to have a WebCam in you bedroom even if you are not a member of the secret service?

I do not think that the Teenager next door care about the secret service. He gets a signal in his Wireless and he his curious. G_d knows that he can find a lot of ?Ill ?dvice? on the Internet concerning the analysis of his next door neighbor signal.

:light:

If he uses a 128bit or higher wep and sets the connections too ever how many it will use, if its 2, then only 2 at most can be connected at one one time I think he'll be fine. If its a small business, he's probably in a business type area which I don't think you'll have someone sitting outside trying to get access. And you can never have too much security, but from what he's decsribed here briefly I think a WAP will be just fine. Your talking about 8 people and only 2 use laptops. You have use some practicality as well. If this was 50 users with 15 or so using wireless I would agree. But for only 2? Unless they are securing some very sensitive data like at a law firm or something I don't see the need to spend the extra cash.

And one more thing to consider, if its a small business more than likely the network will be shutdown at night maybe as well.
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,513
407
126
classy. If you would scan the Forum you would discover that I am the "Biggest" advocate to "push" people onto the Wireless.

However, trying to "minimize" the security risks is not part of the "Game".

Link to: Wireless Security.
:light:
 

classy

Lifer
Oct 12, 1999
15,219
1
81
Originally posted by: JackMDS
classy. If you would scan the Forum you would discover that I am the "Biggest" advocate to "push" people onto the Wireless.

However, trying to "minimize" the security risks is not part of the "Game".

Link to: Wireless Security.
:light:

I know who you are slick ;). Your a great forum person. :beer: All I'm saying is that in this case to spend an extra couple hundred I don't see the reason for it. Its like a home user with a small network buying a 2600 series router. Thats all I'm saying. He didn't say so but I am sure a budget may be order here as well.
 

watts3000

Senior member
Aug 8, 2001
619
0
0
Ok this office has 8 people theres no need to go out and spend a ton of money on access points. I would good some real good quality wireless pci cards for the desktops. I've found that 3com and proxim make the best wireless pci nics. Check out the links I pasted below. I just set up a 20 user office using 3 linksys wireless g access points. I believe the focus should be more on security. For example my setup employed a windows 2003 server public key infrastructure and a windows 2003 radius server. User were authenticated peap ms chanp version 2. Also you can secure wireless by setting up a dmz one would put wireless clients on a network segment, and they would vpn back into the main network if they needed access to resources.

http://www.newegg.com/app/ViewProdu...-167-103&catalog=31&manufactory=BROWSE&depa=0

http://www.cdw.com/shop/products/default.aspx?EDC=546351
 

Kelemvor

Lifer
May 23, 2002
16,928
8
81
Well I foudn out today that the idiot computer guy (really the accountant) bought a Linksys BEFW11S4 . Argh. It's a 11B router and it doesn't support WPA. Guess I'll have to send him an email and tell him to go take it back...

Just to chime back in here. There are only 2 laptops right now but some of the PCs have issues so they would probably get at least a couple PC wireless cards. I don't think the network is shut down at night but there's nothing real sensitive on it at all that anyone would want to break into.

I would have them setup their system via MAC addres filtering so no one can get on if they don't have the right card. I doubt they'd be keen enough to remember to change keys every so often but WPA router/access points are under $100 so gettin gone isn't a big deal...

I guess we'll see.
 

watts3000

Senior member
Aug 8, 2001
619
0
0
Ok well I guess you could use wpa preshared key, but I would take a look at those nics I posted. For a business setup I would stay away from linksys, netgear, and dlink nics. The ones I used in my last setup was 3com.
 

buleyb

Golden Member
Aug 12, 2002
1,301
0
0
Originally posted by: classy
Originally posted by: JackMDS
Originally posted by: classy
For a group that small and the small cost involved I would just add a WAP. I see the other guys reason but unless they are working for the secret service ;) I don't see a huge reason to go all out. Just change the wep every so often and set it up so it allows just the number of connections it needs.
As an Analogy. Would you like to have a WebCam in you bedroom even if you are not a member of the secret service?

I do not think that the Teenager next door care about the secret service. He gets a signal in his Wireless and he his curious. G_d knows that he can find a lot of ?Ill ?dvice? on the Internet concerning the analysis of his next door neighbor signal.

:light:

If he uses a 128bit or higher wep and sets the connections too ever how many it will use, if its 2, then only 2 at most can be connected at one one time I think he'll be fine. If its a small business, he's probably in a business type area which I don't think you'll have someone sitting outside trying to get access. And you can never have too much security, but from what he's decsribed here briefly I think a WAP will be just fine. Your talking about 8 people and only 2 use laptops. You have use some practicality as well. If this was 50 users with 15 or so using wireless I would agree. But for only 2? Unless they are securing some very sensitive data like at a law firm or something I don't see the need to spend the extra cash.

Aside from the reality that wireless is insecure with just WEP and MAC filtering, etc., enabled, trimming security because its a small business is a bad idea. If anything, a small business would be less likely to recover from a serious breakin that doesn't have to be about stealing data. Breaking into networks can be about selling business secrets, using the connections for illegal activities (that leave the business liable for damages), or simply by trashing their internet connection with data traffic. The added cost of WPA certified hardware is worth it.

And one more thing to consider, if its a small business more than likely the network will be shutdown at night maybe as well.

More than likely? Small business or not, who does this? I know many small businesses that don't turn it off, many because they can connect in from home or they have automated backups run at night. Regardless, I don't turn off my LAN at home, because why bother?