wired or wireless network?

monument

I want to connect three buildings together on a network - B1 with B2 and B3. B1 should some time in the future have (fingers crossed) an ASDL connection (hopefully 1mb).

(see attached image)

Connecting B1 to B3 is the easy part as they have a line of site, and could be easily connected by wires under or over ground. Either way B3 will not be put on the network at first, because the compute located in B3 is still running Windows for Workgroups.

Connecting B1 to B2 is the most important and the complicated as they are separated by a small pubic road. For a wireless network - there is a line of site between B1 and B2. Alternatively I could ask Eircom [or (err, sic!) the ESB] for permission to run a cable from building to pole to pole to building?

So what I’m asking is…

A. Is a wireless network suitable, and how easy is it to make a wireless network secure?

B. Would Eircom (or the ESB) allow a wire going from one of their poles to another? (I'm thinking no)


==========================

B1 = PC, printer, proposed DSL conection
B2 = PC, laptop, Xbox, PlayStation 2
B3 = PC
==========================
Key (for image)

purple lines = Eircom lines
red lines = ESB wires (I’m not going near them with a 10 foot poll)
blue line = line of site between building 1 and 2

fatherdougalmag

Get an omnidirectional antennae on B1 then use directional antennae on B3 and B2.

FWIW the guys on IrishWAN might be able to give some advice on this sort of set up.

monument

Right thanks.

Just phoned Esat BT Biz and they said we have PASSED LINE TEST!!! So if the boss agrees it's 1mb ASDL and that's me happy for at least half of 2004 (B2 is my house)

Reyman

ESB definitely won't let you near their poles !!! And there's very strict rules about running cable under or over their overhead cable (in case one of the cables drops)!
Ignore at your peril!

I doubt if eircom would let you use theirs either - there'd be all kinds of climbing issues and maintenance conflicts!

flywheel

try VBNets.com for some info

last place I was in used Laser links between office locations - although reading your requirements a wireless link shoudl do - Laser would defo be overkill (and not cheap )
http://www.laserbitcommunications.com/

BrianG

BigEejit

You dont show distances between the buildings but if it was reasonably short distance (50 - 100 meters) you could use an ordinary 802.11g access point (like a Netgear DG834G) inside a window in one building and a Netgear WGE101 in the other (inside a window), connected to the internal network, the DG834G is dsl modem with firewall and nat ...For best results you should see the window in the other building then just mount them inside the windows on both sides ... no messing with external antennas etc etc
Only 128Bit WEP on the WGE101, better products should appear soon but if you use mac address filtering on the DG834G it will be a lot more secure, secure enough so that most would be bandwidth leechers / hackers wouldnt be bothered

If you are mental about security get 802.11g with wifi protected access and a high level of WEP and the products must support bridge mode too, not too many of these around I'd guess

monument

Originally posted by BigEejit
You dont show distances between the buildings but if it was reasonably short distance (50 - 100 meters) you could use an ordinary 802.11g access point (like a Netgear DG834G) inside a window in one building and a Netgear WGE101 in the other (inside a window), connected to the internal network, the DG834G is dsl modem with firewall and nat ...For best results you should see the window in the other building then just mount them inside the windows on both sides ... no messing with external antennas etc etc
Only 128Bit WEP on the WGE101, better products should appear soon but if you use mac address filtering on the DG834G it will be a lot more secure, secure enough so that most would be bandwidth leechers / hackers wouldnt be bothered

If you are mental about security get 802.11g with wifi protected access and a high level of WEP and the products must support bridge mode too, not too many of these around I'd guess

It’s probably just less then 50m, but I’m becoming slightly mental about security – thank for the help.

BigEejit

I'm a bit mental about security as well and to tell the truth, doing a few basic things like stopping the AP from transmitting the SSID and by using MAC filtering (both very easily done) you will stop 99.999% of potential haxors ... the last 0.001% would probably get past WPA and strong WEP as well (not to mention the firewall on the modem) ... so I dont think that it makes a difference ... I dont know if you can get a VPN going over that wireless bridge but that would probably stop that last 0.001

(Note: The percentages mentioned above I just pulled out of the air, but I wouldnt be far wrong)

Ryaner

Firstly I'm by no means a haxor so dont start. I have an interest in this kinda thing.

The MAC filtering is being used by many people atm thinking it's secure because the MAC addresses and burnt into the cards. Ie the card has it on it and can be changed by flashing or anything close to it. Truth it that networks run on software. MAC address faking it extremely easy. Getting by it can be done with a packet sniffer and a wireless card. Sniff some packets and get the address. Use the program to change the address on the card and hey your by that.

WEP is good at security. Most people wont bother if they see this. It's getting better but the higher the security it uses the slower the network. Most routers dont have enough processer power to handle it all but if your only connecting on one connection dont let that bother you. You wont notice it, espec with the netgear stuff. WEP will NEVER be completely secure. It has a major flaw. No matter how high the security, if they have enough time they will get the key. Search on the Chines keyfind method.(i think - it called something close to that)
I havent seen this in operate but I've seen the programs. If your WEP is set high you'll be grand. It doesnt sound like the network is going to have any really important stuff that someone would got thru the wireless method of hacking.

A VPN over the network 'could' work. Would be quite hard to setup but if it was and you ran it. I'd say if someone stumbled across the network (something quite unlikely I'd say) then they'd prob never even know the vpn was there. If they did spend enough time to get through the MAC filtering and WEP and then saw a VPN they'd prob just leave. Alot wouldnt though. They'd prob wanna break the VPN then thinking there something there. You could always cycle the network key every once in a while to be completely safe no one going at it over a long time.

In reality, the setup does sound to small for anyone to really bother with. Wireless network across the street would be cheapest and easest way to do things.

BigEejit

Well the reason I left out WEP from my list of things to stop haxors is because only an idiot would have that disabled .... but like Ryaner and I said, WEP + no SSID broadcast + MAC address filtering WILL stop most hoxors, but the very very tenacious haxor may (with a lot of time and effort) get access to your network, and to tell the truth they couldnt be arsed if you are a small company and there is most likely a company or individual nearby with no security - they always go for the easy ones

Ryaner

Yeah I well agree which I thought I said. Was late and all writing that so yeah. Most of the walking haxors just look for open networks and post their locations or ones with easy access. Unless someone lives close to it and is very bored and determined nothing is gonna happen.

quozl

use a vpn. WEP and mac filtering really are a start, but they wouldnt keep any interested nerd out. Even the standard linux scanner, kismet, will crack WEP keys on the fly if you just leave it listening.

Something like FreeSWAN or OpenVPN would do nicely. Or pptp even, IrishWISP use(d?) pptp running on a bsd machine I think to secure their service, it's a lot easier to set up than IPSEC.

I've never used OpenVPN myself, but I've heard good things about its security and ease of setup.

Greg

BigEejit

Setting up a VPN would be the best option for security ... but it would add a layer of complexity that may put you off, it also adds to the number of things that could fail and bring your remote network to a screeching halt ..... of course if you got machines that integrated VPN and wireless you would be laughing ... all the way to the bank and then you would start crying because you'll see the loan you had to take out to buy that gear ....

longword

Any good with your hands? Give Ronja a shot.

BigEejit

Originally posted by longword
Any good with your hands? Give Ronja a shot.

IF you could get it going it would be very secure ... but you'd lose your link during fog (I'm guessing, its optical and fog is opaque) ...
One of the links on that site has the builder ranting about people taking his open source project and making and selling products .... I cant tell if he has finished development or what ....

monument

Originally posted by BigEejit
IF .... I cant tell if he has finished development or what ....

http://ronja.twibright.com/tour/tour5.php

And for heavy fog you'd have to have a back up, like this....

Link most people rely on is the same link in Ynet, Bratislava. There are 1000 students browsing on the Intrnet behind this link. The link is backed up by WiFi for a case of heavy fog. Students are very happy for having rock-stable submillisecond latency even in case of 100% load of the link.

Added: Any one want to make one for me?

Ryaner

Of course anyone will be able get in over time if it is left running. It's called bruteforce. To get around this change the network keys often and anyone on brute force wil be lost.

quozl

Originally posted by Ryaner
Of course anyone will be able get in over time if it is left running. It's called bruteforce. To get around this change the network keys often and anyone on brute force wil be lost.

WEP has critical flaws in the algorithm which means you don't have to brute force it. Weak packets reveal parts of the key, once you have all the parts you're in. You do need to listen to a fair bit of traffic for this, but you're talking days instead of the months/years(?) it would take to brute force WEP. I've no idea how long it'd actually take to brute force WEP as it's never been necessary due to the flawed algorithm.

Brute forcing a suitably keyed VPN brings you into the domain of government agencies or large corporations, not random bloke on the street.

Greg

Ryaner

Ok first of, my previous posted showed the method of getting into wep by listening with a packet sniffer. Full brute force on the network would slow it down and easily be picked up and prob would take years depending on how fast your system could update the card.
Brute force on a vpn is not adviseable. Most of the brute force methods will punch as many keys as it can per second. Most good vpn programs have ways to block this. Things like silent blocking on ip's etc help. Basically that works by blocking any passwords from a computer if it gets the password wrong say three times in how ever many minutes. This all times out and is user setable. Anyone on the vpn will get notified of the attempt and can do whatever then to stop it.
One thing I'll be tring out of the next few days is WPA. It's an interm system on some of the new routers. Its a shared key method which means the computers need to have part of the key before connecting, kinda. It's alot more secure than WEP provided you pick a secure password. If not it becomes very easy to crack. I be testing this as I just got a netgear router today which has this function but overall the system would be very secure and at 108mps quite fast indeed.

BigEejit

And I was looking at 80211anews.com and saw somewhere (cant find it now) that theyre thrashing out WPA2 .... the article said WPA products will be available by end of the year and be very very secure (no details on how secure, just much more than the current WPA and it does not suffer from the weak key problem that current WPA has either)

Also saw an item on Atheros 5004 chips ... non-standard 802.11a modes allow more than doubling of range ... also supports Wake-on-wireless and some security mullarkey (go out of range of an access point(s) and 'she go crazy') ... supposed to be products shipping in Q1 this year

Ryaner

Yeah WPA2 is a completely new system. WPA is just sitting in the interm so it had to have the flaws of WEP so as to be compatible. The new system is meant to be alot faster and alot more secure. Bring on the future