Families and Firewalls

I was asked to give a lesson to the adults at our church on how to help keep their families safe online.

I thought it might also make a nice blogpost. Here is the ‘handout’ for those attending.

Keith

 

“Youth in this generation are “digital natives” – being inundated by technology since birth. But many parents are not and need to educate themselves about technology.”

Cellphones for kids   http://www.kajeet.com/kajeetStore/whyKajeet.do

Internet Filters

Open DNS                  http://www.opendns.com/home-solutions/

OpenDNS is a perfect solution for people who either lack the time or expertise to set up and administer a full-out content-filtering server. OpenDNS replaces your current DNS server and allows you to filter every connection coming out of your house if you change the DNS settings at the router level. No matter if someone is on your main desktop or connecting into your wireless via laptop, everything will be filtered by OpenDNS. You can set custom filters to white list and black list specific sites and customize the range of filters they provide for you

K9                                http://www1.k9webprotection.com/

Many have had experiences with K9′s internet filtering, if for no other reason than it’s used in thousands of schools across the country. One of K9′s strong points is the division of filtered content into 60+ categories which allows you to easily block and unblock large chunks of their blacklist without having to get your hands too dirty. K9 is a desktop solution; you install the software and it checks all the Internet requests you make against the filters you have specified.

DansGuardian                       http://dansguardian.org/?page=whatisdg

One way to measure whether or not Dansguardian is the right filtering tool for you is your willingness to install and tinker with an operating system like Linux. If OpenDNS (below) is the Mac-like “It just works!” one click solution, DansGuardian falls into a much more Linux-like “I can change every setting and experience real, ultimate power!” category.  DansGuardian is extremely configurable and allows you to do all sorts of things, like block all images, filter ads out across your entire home network, block files from being downloaded by extension type, and control the effects of the filters, whitelists, and more based on which computer on your network is doing the accessing.

 

Computer Monitoring

WebWatcher              http://www.webwatchernow.com/

SnoopStick                 http://www.snoopstick.com/

Spytech SpyAgent     http://www.spytech-web.com/spyagent.shtml

Spector Pro                http://www.spectorsoft.com/  – PC, Mac and Cellphones

 

Wireless LAN Security

  • Open – no Authentication, no Encryption
  • WEP – Encryption key=Authentication – Broken, do not use
  • WPA Personal – Passphrase for Authentication – TKIP simpler Encryption
  • WPA2 Personal – Passphrase for Authentication – AES complex Encryption
  • WPA/WPA2 Enterprise – Username/Password for Authentication

Open Wireless networks may be a target for accessing Internet without any controls.

Lock down your Wi-Fi with at least WPA Personal.

Warning: a SoHo version of WPA called WPS has been hacked. Use manually set passphrases.

Some suggestions for setting family rules:

  • Anything on the family network is accessible by the parents. Children have no privacy rights.
  • Computers and Televisions in an open, public area of he home.
  • Cell phones, Internet Access, and Television is a privilege, not a right and can be revoked at any time.
  • Never give out personal information online, to anyone you don’t personally know.
  • Not answering a cell phone or a text message within 5 minutes is grounds to loose the privilege.
  • Never open email attachments from anyone you don’t know personally.
  • Always check for SSL (this “lock”) before entering any personal information or credit card information online.
  • If using Windows, keep Virus and Malware protection up to date.
  • Parents will periodically check on all children’s communications, chat room activity, website activity, Google searches, Facebook posts, and text messages.

 

“Teach them correct principles, and they govern themselves”

Posted January 23, 2012 by   ·  Leave a Comment To Start The Conversation  

Update to WLAN Vendor Tiers

Two years ago I posted a list of what I thought were the current state of Wireless LAN Vendors into three tiers. It received quite a few comments, and I thought it high time to revisit this list. (plus a little nudge from Zaib over at http://www.wlanbook.com.

This is not some ‘Gartner Magic Quadrant’ type thing. No hard data, like from a Dell’Oro Group report. This is just my personal opinion of where these fall. Not a ranking by quality, or by technology… just a ‘gut feel’ from what I see out in the marketplace. They are just random inside the Tiers. I was not about to try and rank these within tiers… that would take more research and numbers… then this wouldn’t be a ‘gut feel’ but measured.

I would love to hear what you think. Did I miss any major vendor? Any of these placed in the wrong Tier?

Tier One

  • Cisco
  • Aruba
  • Motorola

Tier Two

  • Ruckus
  • Aerohive
  • Meraki
  • Ubiquiti
  • Hewlett Packard
  • Xirrus
  • D-Link
  • Meru
  • Enterasys/Siemens
  • Trapeze

Tier Three

  • Senao/Engenius
  • Mikrotik
  • Bluesocket
  • 3Com
  • LANCOM
  • Extricom
  • Proxim Wireless
  • Belkin
  • Linksys
  • Netgear
  • Fon
  • SMC
  • RealTek
  • TrendNet
  • ZyXEL

There are other Vendors who work in more Niche space like FireTide and Belair that I haven’t added to any of these tiers. Or those like Extreme that just OEM someone else’s product lines.

This is purely one man’s opinion… what are your opinions? Who should be moved between tiers, who should be added or removed? What WLAN vendors do you see in your space?

Posted January 22, 2012 by   ·  3 Comments - Join The Conversation  

The “Magic” of Wireless Mesh

This document is also available for download via a PDF White Paper.

The Wireless Mesh Cost vs Throughput Spreadsheet.

 

The “Magic” in magic is really just a combination of illusion and mis-direction.  And yet we are entertained by being convinced we’ve seen something that breaks known physical laws.

We know the woman really isn’t being sawn in half, yet we don’t mind suspending reality for a couple of minutes while we try and figure out how the magician is doing his magic.

In the world of Wireless Mesh, sometimes WLAN professionals get too caught up in the mis-direction and illusion of getting something for nothing that we forget all about the laws of physics that determine connections and throughput and watch as our customers suspend reality hoping to get something for nothing, and not paying any penalties.

In reality, there is nothing “magic” about Wireless Mesh. It follows known laws concerning RF propagation, packet transfers, and network packet protocols.

I believe that Wireless Mesh does have it’s place in WLAN Design… but many people, in their quest to save a bit of money end up ruining their Wi-Fi network by employing mesh incorrectly.

To emphasize this point, I’ve developed an Excel Spreadsheet and made it available to download. (Link to Mesh Analysis Spreadsheet) – this spreadsheet, like all good spreadsheets, pulls the variables out where you can see them. All the fields colored in Green are the input points for the algorithms. You, as a WLAN designer can choose your own amounts for these.

Here are the variables you can enter to drive the equations in the Spreadsheet:

  • Expected net TCP data rate on the 2.4GHz Access Frequency
    • I started using a value of 25Mbs to reflect a network where the bulk of the client devices are still 802.11g
  • Expected net TCP data rate on the 5GHz Mesh Frequency
    • This is estimated at a value consistent with an 802.11n connection
    • Remember – the Mesh AP’s must be within range to have great SNR to maintain this data throughput!
  • Number of Clients per 2.4GHz Access Point
  • Cost of a wired Ethernet Backhaul connection
    • Including Cat 5e cabling, installation, and cost for a switch port
  • Sample Size of the Mesh Network
    • number of Access Points to provide coverage for clients, as well as enough Mesh AP’s to maintain high throughput speeds between 5GHz Mesh RF connections.
  • Average Loss in Percentage per additional Hop.
    • I’ve started with the minimum loss of 50%, in actuality there could be 10% to 15% more loss because of overhead and other issues.
802.11g 2.4GHz dedicated to Access

25

 Mbs
802.11an 5GHz dedicated to Mesh

75

 Mbs
Number of Clients per Access Point

25

 Clients/AP
Cost Per Access Point – Installed

$600

 /AP
Cost per wired Backhaul Connection

$400

 /Cable Drop & Switch Port
Sample Size of Wireless Mesh Network

50

 Access points
Average Loss per each additional hop

60%

 % loss

 

Remember, you are the one to make these assumptions. This is not something that I’m making up – you put in your actual costs, size of system, assumptions on data throughput and number of clients per access point.

You can use this spreadsheet to work with your customers/clients to help them better understand the value and costs of providing Wireless Mesh versus other alternatives like Ethernet cable or a dedicated Wireless Bridge.

As an aside, I like to keep these in order both in my mind, as well as in the mind of my customers. Order of AP backhaul desired:

  • Fiber
  • Copper
  • Dedicated Wireless Bridge
  • One-Hop Wireless Mesh
    • and way down here in the very last position
  • a Multi-Hop Wireless Mesh

 

Also remember the first hop is ‘free’ – only kind of – since there isn’t the requisite 50% loss on this first hop. The receiving Mesh AP doesn’t need to re-transmit the packet on the 5GHz channel. The client packet comes into AP #1 on 2.4GHz, AP #1 then re-transmits the packet on 5GHz, then AP #2 receives the packet and places it directly on it’s Ethernet port.

But for subsequent Mesh Hops, AP #2 would have to re-transmit the packet on the same 5GHz channel it came in on… thus the 50% drop (Plus additional loses due to overhead issues) Each subsequent hop also results in this drastic degradation of data throughput.

Here are some graphical examples of this process of going to multiple hops. The horizontal access is number of Mesh AP’s – one more than the Mesh Hop (two meshed AP’s equals one Mesh Hop).

Note the gradual reduction in total cost as you add more Mesh Hops. It is true that adding Mesh rather than Ethernet will save you money, but only on the installation costs, not the actual cost of the Access Point.  But also note the drastic drop in throughput as you add more hops.

In this graph we can see as the average cost per installed AP drops (savings from the Ethernet cabling costs as you go with more and more Mesh Hops) the actual cost per kilobyte for each end user skyrockets. This is a function of more and more client devices sharing less and less actual Ethernet backhaul.

In this final graph we’ll focus on comparing the savings in percentage of lowered backhaul costs, compared with the loss of throughput. The “Sweet Spot” is at two Mesh AP’s or one Mesh Hop. Each additional Mesh Hop barely adds much in the way of cost savings, but instead has a huge drop in throughput.

 

Feel free to try out this spreadsheet on your own and see how little is actually saved in adding more mesh hops, then compare the huge drop in throughput as well as it’s associated costs per Kilobyte to end users.

Learn from the experience of others, and don’t get caught with a Wireless Mesh system that doesn’t provide for the requirements of your client devices.

Wireless Mesh isn’t “Magic” – it’s merely an illusion of cost savings – you still can’t break the laws of physics.

 

(a note that I’m not talking about Strix or Firetide Wireless mesh so hold your comments on those vendor’s proprietary solutions)


 

Posted December 28, 2011 by   ·  16 Comments - Join The Conversation  

Next Page »