Wireless Solution

I have been tasked in my company to implement Wireless LAN solution. The
current wireless solution is very secure but very cumbersome to use. We
are currently using a bluesocket box as the gateway and ssh client for
encryption.

An ideal solution must be

1) Easy to implement
2) Seemless to the user
3) Simplifies daily operation and management
4) Secure
5) Employee satisfaction


Any suggestion will be greatly appreciated

Ken Endeley <(E-Mail Removed)> wrote in news:110ieeie9tf6220
@corp.supernews.com:

> I have been tasked in my company to implement Wireless LAN solution.
The
> current wireless solution is very secure but very cumbersome to use. We
> are currently using a bluesocket box as the gateway and ssh client for
> encryption.
>
> An ideal solution must be
>
> 1) Easy to implement
> 2) Seemless to the user
> 3) Simplifies daily operation and management
> 4) Secure
> 5) Employee satisfaction
>
>
> Any suggestion will be greatly appreciated
>

I've been looking into the same thing for my company and have come up
almost empty handed. We're trying to give wi-fi access to a conference
room of a hotel. And Security is our #1 concern. Besides registering
MAC addresses, changing the WEP daily, or giving out Wi-Fi adapters to
wireless users, there just isn't another solution that I know of.

I'm not to familiar with PPoE, but it was suggested (and then shot down)
by my ISP. So it might be something to look into.

I was trying to find a wi-fi AP or Router with something similar to VLAN
support, but unfortunately, from what i've found, i don't think one
exists...anybody know of anything?

Smowk

"Ken Endeley" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have been tasked in my company to implement Wireless LAN solution.
The
> current wireless solution is very secure but very cumbersome to use.
We
> are currently using a bluesocket box as the gateway and ssh client
for
> encryption.
>
> An ideal solution must be
>
> 1) Easy to implement
> 2) Seemless to the user
> 3) Simplifies daily operation and management
> 4) Secure
> 5) Employee satisfaction

0. How many APs and users
1. Do you allready have APs or are you planning on replacing them.
2 Do you want thin or smart APs if replacing, aka full remote
management
3 What kind of authentication do you currently use?
4. Any QoS specs, video, voice?
5. Need Vlan Tagging?
6. What user OS, standardized or many?
7. How easily satisfied are the employees?
8. Do you plan on keeping the Bluesocket? No smarts on Bluesocket
capabilities so some of the above may be covered.

Airhead wrote:
> "Ken Endeley" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>
>>I have been tasked in my company to implement Wireless LAN solution.
>
> The
>
>>current wireless solution is very secure but very cumbersome to use.
>
> We
>
>>are currently using a bluesocket box as the gateway and ssh client
>
> for
>
>>encryption.
>>
>>An ideal solution must be
>>
>>1) Easy to implement
>>2) Seemless to the user
>>3) Simplifies daily operation and management
>>4) Secure
>>5) Employee satisfaction
>
>
> 0. How many APs and users
> 1. Do you allready have APs or are you planning on replacing them.
> 2 Do you want thin or smart APs if replacing, aka full remote
> management
> 3 What kind of authentication do you currently use?
> 4. Any QoS specs, video, voice?
> 5. Need Vlan Tagging?
> 6. What user OS, standardized or many?
> 7. How easily satisfied are the employees?
> 8. Do you plan on keeping the Bluesocket? No smarts on Bluesocket
> capabilities so some of the above may be covered.
>

Aswers

1) 10 AP altogether (5 a site)
2) Yes. We are planning to retire the current Orinoco AP
3) Currently NT4 domain authentication via the bluesocket box.
4) No current Qos, video or voice. Be nice to have with new solution
5) If it is beneficial yes
6) W2k and XP sp2
7) Good seemless solution ----- 100% user satisfaction
8) No really

Smowk <(E-Mail Removed)> wrote:
>Ken Endeley <(E-Mail Removed)> wrote:
>
>> I have been tasked in my company to implement Wireless LAN solution. The
>> current wireless solution is very secure but very cumbersome to use. We

In what way is it "cumbersome" to use?

>> are currently using a bluesocket box as the gateway and ssh client for
>> encryption.

Is cumbersome use the only problem with that combination?

>> An ideal solution must be
>>
>> 1) Easy to implement
>> 2) Seemless to the user
>> 3) Simplifies daily operation and management
>> 4) Secure
>> 5) Employee satisfaction

Just like "cumbesome to use", those are fairly subjective or
ambiguous. To some degree they are also contradictory, in that
to do one makes another one hard (e.g., "Secure" definitely
makes *all* of the others more difficult, if not impossible).

>> Any suggestion will be greatly appreciated

Provide more specifics, but narrow each discussion to one part
of it. Rather than ask for a book, or even a chapter, ask about
one page...

>I've been looking into the same thing for my company and have come up
>almost empty handed. We're trying to give wi-fi access to a conference
>room of a hotel. And Security is our #1 concern. Besides registering
>MAC addresses, changing the WEP daily, or giving out Wi-Fi adapters to
>wireless users, there just isn't another solution that I know of.

There are some possible physical security measures for such a
situation that you might not realize. It depends on the layout
of the room, and what surrounds it though, so I can't give
specifics as opposed to a general concept.

If you provide coverage in a room by placing two AP's in
diagonally opposite corners, using highly directional antennas
and with the power output reduced to the point where each AP's
coverage only extends about 3/4's of the way across the room...
it all but eliminate outside monitoring from the other side of
those particular walls.

To experiment with that a bit, locate an AP in a corner. (It's
antenna should be just about 4" from the walls, or closer.) But
first tape aluminum foil to the walls and ceiling or floor, in
overlapping layers for about 10 feet in every direction. Reduce
the output of the AP to 4 mW. Then use a laptop to see how far
across the room you can still make a connection, and also try it
on the other side of that wall. If done right, the only signal
found on the other side of the wall will be reflections off
items in the room, and the range will be extremely short. If
you can't lower the power enough (or at all), buy "pads" in
various sizes to put between the AP and the antenna. Each 3 dB
of pad is the same as reducing the power in half. It should be
fairly easy to reduce the range to 20 feet, for example.

Of course that is impossible to implement perfectly. And
depends very much on the physical characteristics of the room
and the building it is in. The person who engineers it does
have to understand antennas, and have appropriate equipment to
positively determine the actual effectiveness.

>I'm not to familiar with PPoE, but it was suggested (and then shot down)
>by my ISP. So it might be something to look into.
>
>I was trying to find a wi-fi AP or Router with something similar to VLAN
>support, but unfortunately, from what i've found, i don't think one
>exists...anybody know of anything?
>
>Smowk

--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

(E-Mail Removed) (Floyd L. Davidson) wrote in
news:(E-Mail Removed):

>
> There are some possible physical security measures for such a
> situation that you might not realize. It depends on the layout
> of the room, and what surrounds it though, so I can't give
> specifics as opposed to a general concept.
>
> If you provide coverage in a room by placing two AP's in
> diagonally opposite corners, using highly directional antennas
> and with the power output reduced to the point where each AP's
> coverage only extends about 3/4's of the way across the room...
> it all but eliminate outside monitoring from the other side of
> those particular walls.
>
> To experiment with that a bit, locate an AP in a corner. (It's
> antenna should be just about 4" from the walls, or closer.) But
> first tape aluminum foil to the walls and ceiling or floor, in
> overlapping layers for about 10 feet in every direction. Reduce
> the output of the AP to 4 mW. Then use a laptop to see how far
> across the room you can still make a connection, and also try it
> on the other side of that wall. If done right, the only signal
> found on the other side of the wall will be reflections off
> items in the room, and the range will be extremely short. If
> you can't lower the power enough (or at all), buy "pads" in
> various sizes to put between the AP and the antenna. Each 3 dB
> of pad is the same as reducing the power in half. It should be
> fairly easy to reduce the range to 20 feet, for example.
>
> Of course that is impossible to implement perfectly. And
> depends very much on the physical characteristics of the room
> and the building it is in. The person who engineers it does
> have to understand antennas, and have appropriate equipment to
> positively determine the actual effectiveness.
>

I'm talking about providing VLAN support to the users on the network inside
the building, and security between them. not so much as outside people...

smowk

anything further?

Ken Endeley wrote:
> I have been tasked in my company to implement Wireless LAN solution.
> The current wireless solution is very secure but very cumbersome to
> use. We are currently using a bluesocket box as the gateway and ssh
> client for encryption.
>
> An ideal solution must be
>
> 1) Easy to implement
> 2) Seemless to the user
> 3) Simplifies daily operation and management
> 4) Secure
> 5) Employee satisfaction
>
>
> Any suggestion will be greatly appreciated

Consider doing it the safe, easy and secure way...
VPN (Virtual Private Network) server on your network, and VPN client
software (on CD/Diskette/and in a directory that is not part of the VPN so
people can get to it and download it), or pre-installed on machines you
supply at work.
Even allows people to "tunnel into" your network from public
Hotspots/hotels/home etc.
Works on some PDA's that support wireless too.

We sell VPN servers and client software, (so I can't suggest any without it
sounding like an ad), but generically I can tell you we have VPN servers
that hook into an existing network for about $2800 dollars, and the client
software (used on the laptops/notebooks/pda's etc, is anywhere from free to
$20).
Have to laugh, cause your ideal solutions #1-#5, are what we have in our ad


Know how to search the internet? (use www.search.com and search for VPN
Server)

PS.. Another line from our ad "So easy and simple, your boss will love you"

Smowk <(E-Mail Removed)> wrote:
>
>I'm talking about providing VLAN support to the users on the network inside
>the building, and security between them. not so much as outside people...
>
>smowk
>
>anything further?

Start thinking about "outside people".

--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

(E-Mail Removed) (Floyd L. Davidson) wrote in news:(E-Mail Removed):

> Smowk <(E-Mail Removed)> wrote:
>>
>>I'm talking about providing VLAN support to the users on the network inside
>>the building, and security between them. not so much as outside people...
>>
>>smowk
>>
>>anything further?
>
> Start thinking about "outside people".
>

well, if we're able to provide VLAN support and separate the "inside people",
we'll definately have the capability to keep out the "outside people". So
i'm not too worried about that.

If we can't get a WiFi VLAN configuration though, we'll scrap the whole idea.

"Peter Pan" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):


> Consider doing it the safe, easy and secure way...
> VPN (Virtual Private Network) server on your network, and VPN client
> software (on CD/Diskette/and in a directory that is not part of the VPN
> so people can get to it and download it), or pre-installed on machines
> you supply at work.
> Even allows people to "tunnel into" your network from public
> Hotspots/hotels/home etc.
> Works on some PDA's that support wireless too.
>
> We sell VPN servers and client software, (so I can't suggest any without
> it sounding like an ad), but generically I can tell you we have VPN
> servers that hook into an existing network for about $2800 dollars, and
> the client software (used on the laptops/notebooks/pda's etc, is
> anywhere from free to $20).
> Have to laugh, cause your ideal solutions #1-#5, are what we have in our
> ad
>
>
> Know how to search the internet? (use www.search.com and search for VPN
> Server)
>
> PS.. Another line from our ad "So easy and simple, your boss will love
> you"
>


with a vpn server, wouldn't the people who connect to the wifi access point
still be able to browse each other's network neighborhood, they just
wouldn't be able to get to the internet without the client software?

i'm worried about netbios transmissions between people on the wifi. is
there a VPN WiFI router and a client that would only allow those who have
the client to connect to the WiFi? And once connected to the WiFi, would i
be able to browse network neighborhood? Or ping local IPs?