To Cable, or Not to Cable
-
“To Cable, or Not to Cable?” Is that even a question? Believe it or not, if you were to assume that all businesses set up cabled networks, you would be mistaken. And questioning whether or not cabling is necessary could dramatically affect network security and complexity, and your day-to-day duties as an IT pro.
That’s not to say there’s going to be a massive trend where we see businesses and institutions go back to only using WiFi. But whether or not the networks you are responsible for actually benefit from network cabling is something worth looking at on a case by case basis.
WiFi, simpler, more secure, and cheaper than Wired Ethernet
Scott Alan Miller is the only triple Pure Capsacian so we know he’s said a lot of stuff and online often. But he’s more than just another guy with a keyboard. As an IT Pro that works for businesses that have never used Ethernet, he’s also a bit of a non-unicorn, because loads and loads of businesses do this.
SAM runs IT for many small offices all over the country. He has consulted for companies since before Switched Ethernet and IP Networking were standard for networks. While he said there are definitely guidelines that IT pros should consider when deciding if Wired Ethernet is needed, it is often an easy decision for his clients not to offer the technology.
“Initially, Wired Ethernet was a new thing, and there were a lot of security and cost concerns,” SAM said, “all the cubicles and walls were already put in, so it was very expensive to wire for Ethernet. Every location where somebody would sit would need a jack. We have laptops, tablets, phones, and unforeseen devices in the future, so portability and employee efficiency were issuess.”
According to Miller, deciding whether a business needs Wired Ethernet hinges on whether employees have devices that don’t support WiFi. “If you don’t need to fall back to wired connections, why do you need Ethernet?” he said. “I said the same thing about computers when they came out: Don’t buy something because it’sa trend. If you don’t need it, why would you use it?”
And as many an IT Pro knows, dealing with Wired Ethernet cabling and breakage issues can be a real drag. About Wired Ethernet reliability, Miller said, “To be fair, most of the times (that Wired Ethernet fails), it’s because of a poor setup or old cabling. But it definitely happens in businesses.”
While security is always on the forefront, there are more utilitarian reasons to eschew Wired Ethernet. Miller said he feels that WiFi outperforms Wired Ethernet for his customer’s needs. He said that Wired Ethernet is typically slower because it is more difficult to upgrade and isn’t shared, the cables can easily break, and he would have to set up and manage switches and run expensive cabling to every inch of the building and buy equipment that has Ethernet jacks on them, just to get started! About sticking with WiFi, he said, “It’s just less work… and one less thing for me to worry about.”
WiFi Security
Making Wired Ethernet available in an office introduces inherent security concerns that don’t plague Wifi networks. An anonymous source claiming to work on sensitive networks says adamantly that companies that absolutly need Wired Ethernet should consider getting rid of it.
This source laid out the security concerns very succinctly: Hackers can more easily compromise a network via a wall jack than if they had to breach an encryption and authentication mechanism. And as always, he said, the biggest concern is the end user. Wired Ethernet is based around the security assumption that if you can push a plug into the wall, you can access the data on the network! WiFi makes you authenticate and then encrypts your data once you are on the network. Network security is very important with the data that is stored on computers today. Exposing that data via Wired Ethernet is a risk that businesses should be reconsidering.
“Wired Ethernet is this vague port availability that is always there. If a port is labeled ‘conference room’, that doesn’t mean that it’s actually the conference room. People don’t double check. They assume. And that leads to trouble every time.”
The Wired Ethernet concerns that our anonymous source had raised with his clients haven’t fallen upon deaf ears. About a year ago, he convinced a medical firm for which he consults to make the “switch” (pun intended.) “The recent WPA2 “Krack” attacks and the WAP attacks last year made visibility of security measures and efforts in the WiFi space very clear, whereas Ethernet has none,” our source says. “I was finally able to convince them.”
Industry Specific: Sensitive Data and Wired Ethernet
Ultimately, the industry you serve might also be a deciding factor. Our source said that industries like finance, healthcare, and education that have high portability needs and strict legal repercussions for breaches of secured data should really consider making the change.
“The defense industry is definitely strict on Wired Ethernet,” our source says. “There are entire buildings and outdoor areas with no Wired Ethernet. Banking is starting to go that way. Hospitals should start thinking about it as well as anyone who handles financials.”
“For instance, an accounting firm that handles payroll is at great risk of liability,” he added. “Payroll bank accoutns are not federally insured. The person who loses that information could be the person who gets sued.”
Is Wireless Ethernet necessary where you work?
While Miller doesn’t see a mass exodus back from Wired Ethernet to WiFi any time soon, he said it’s something he would always discuss with clients when he was a consultant. “This is pretty much what I always recommended to my clients when I had a consulting company: Don’t use insecure Wired Ethernet unless you need it. It’s definitely riskier and more expensive,” he said.
Epilogue.
Sadly, it must be pointed out that this article is a farce, but was taken more seriously than the article that it is responding to. The idea that we must consider the needs of a business, not take things for granted, and consider security is very important. But the sources and information in the original article are insane and make no sense and intentionally overlook the factors that actually matter and instead focus purely on the media - which is always insecure. The danger of the original article is that it ignores real world security and presents copper cabling as a panacea, the very concept the article should have been working to dispute. Instead of promoting secure thinking, the article promotes blind faith in old technologies simply because they are old or Wifi feels scary or one recent issue makes people panic.
Unfortunately, the original article does not appear to have been sarcastic but was actually meant to suggest that Wifi was insecure and copper cabling was magically protected. People responding to the article sure took it seriously, and shows the danger is articles of this nature. No one appears to be thinking about security at all, but a one sided look at media concerns, once that mostly didn't even make sense.
And, of course, beyond security precautions themselves and overall insecure thinking, the original article was based on the concept of LAN-based security, instead of LANless. The real answer should be - no one should be depending on their network media, of any type, for their security. If WiFi or Wired Ethernet pose a security concern for you, then you have a security problem, period.
-
I had to add a video response as well. (I should mention that the video was uploaded via WiFi.)
-
I feel like that article was so bad, getting quoted in it was a bit like a name and shame. I'm sure much of it was taken out of context to make minor quotes like "don't deploy it if you don't need it" or whatever were used to build up the general insanity and on their own didn't imply the craziness that resulted. But, still.
-
I feel like this article could easily have been written about using Windows, WSUS, or other assumed, but actually optional, technologies pretty easily as well.
-
I'm actually reading this post over WiFi right now.
-
-
|can|———string———|can|
I win security!
-
I'm pretty sure I got cancer (Wirelessly) reading that article and the responses.
-
@storageninja said in To Cable, or Not to Cable:
I'm pretty sure I got cancer (Wirelessly) reading that article and the responses.
I would never had even read it if you had not mentioned how bad it was earlier this morning.
-
@scottalanmiller said in To Cable, or Not to Cable:
@storageninja said in To Cable, or Not to Cable:
I'm pretty sure I got cancer (Wirelessly) reading that article and the responses.
I would never had even read it if you had not mentioned how bad it was earlier this morning.
It did make me realize that a LOT of people don't understand the OSI layer model, and how security at a higher level can completely mitigate any breach at a lower level.
-
@storageninja said in To Cable, or Not to Cable:
@scottalanmiller said in To Cable, or Not to Cable:
@storageninja said in To Cable, or Not to Cable:
I'm pretty sure I got cancer (Wirelessly) reading that article and the responses.
I would never had even read it if you had not mentioned how bad it was earlier this morning.
It did make me realize that a LOT of people don't understand the OSI layer model, and how security at a higher level can completely mitigate any breach at a lower level.
Yes. I was shocked by the total dependence on media security and the assumption that if you could access the network itself that all was lost. It explains so much about to many other posts, though.
-
@scottalanmiller I'm curious, which AP were you thinking of in this video? By the nature of how radio and wifi work, I don't expect any kind of performance after around 15-20 active clients per radio (most AP have a minimum of 2 radios). Yes, keyword is active. You can have thousands of clients per AP radio if most of them aren't doing anything.
-
@travisdh1 said in To Cable, or Not to Cable:
@scottalanmiller I'm curious, which AP were you thinking of in this video? By the nature of how radio and wifi work, I don't expect any kind of performance after around 15-20 active clients per radio (most AP have a minimum of 2 radios). Yes, keyword is active. You can have thousands of clients per AP radio if most of them aren't doing anything.
None in particular. APs are dirt cheap, so you can always add more. I only mentioned around that number per machine. You can have roughly one AP for every user for the cost of Ethernet drops, anyway!
-
@scottalanmiller said in To Cable, or Not to Cable:
@travisdh1 said in To Cable, or Not to Cable:
@scottalanmiller I'm curious, which AP were you thinking of in this video? By the nature of how radio and wifi work, I don't expect any kind of performance after around 15-20 active clients per radio (most AP have a minimum of 2 radios). Yes, keyword is active. You can have thousands of clients per AP radio if most of them aren't doing anything.
None in particular. APs are dirt cheap, so you can always add more. I only mentioned around that number per machine. You can have roughly one AP for every user for the cost of Ethernet drops, anyway!
Yep. Or if you're building didn't get structured wiring put in when it was built, it's much cheaper to run a cable to each AP than it is 2 to 4 cables per room! Which is exactly what my plan is for next year just before the Sophos license runs out, and cheaper for more radios (much less APs) than another year of a license.
-
@travisdh1 said in To Cable, or Not to Cable:
@scottalanmiller said in To Cable, or Not to Cable:
@travisdh1 said in To Cable, or Not to Cable:
@scottalanmiller I'm curious, which AP were you thinking of in this video? By the nature of how radio and wifi work, I don't expect any kind of performance after around 15-20 active clients per radio (most AP have a minimum of 2 radios). Yes, keyword is active. You can have thousands of clients per AP radio if most of them aren't doing anything.
None in particular. APs are dirt cheap, so you can always add more. I only mentioned around that number per machine. You can have roughly one AP for every user for the cost of Ethernet drops, anyway!
Yep. Or if you're building didn't get structured wiring put in when it was built, it's much cheaper to run a cable to each AP than it is 2 to 4 cables per room! Which is exactly what my plan is for next year just before the Sophos license runs out, and cheaper for more radios (much less APs) than another year of a license.
That's one of the many places where the original article just didn't make sense. Their assumed "wired is free, wireless is expensive" pricing just doesn't hold up. That can be true, if one is already paid for and one isn't, but that's about equally likely to be either one.
-
And over the years I've dealt with a lot of companies that had cabling problems and needed cables ripped out of the walls and fixed at great expense. That can get expensive really quickly.
-
The only thing I would not run over wifi is VoIP phones, not because of security but stability on the network.
-
@dbeato said in To Cable, or Not to Cable:
The only thing I would not run over wifi is VoIP phones, not because of security but stability on the network.
I'd be hesitant to do SAN or database connections over Wifi, too
-
@scottalanmiller said in To Cable, or Not to Cable:
@dbeato said in To Cable, or Not to Cable:
The only thing I would not run over wifi is VoIP phones, not because of security but stability on the network.
I'd be hesitant to do SAN or database connections over Wifi, too
Yeah, sorry I missed that
-
@dbeato said in To Cable, or Not to Cable:
@scottalanmiller said in To Cable, or Not to Cable:
@dbeato said in To Cable, or Not to Cable:
The only thing I would not run over wifi is VoIP phones, not because of security but stability on the network.
I'd be hesitant to do SAN or database connections over Wifi, too
Yeah, sorry I missed that
LOL, there are lots of infrastructure things I'd not do on wifi. But the original article was pretty much written from an "all IT is the end user" perspective as if there was no tech involved anyway.
