The OTHER problem with Netgear WGT624 (and probably others)

On 3 Aug 2006 15:56:27 GMT, snipped-for-privacy@ipal.net wrote in :

All of my business clients use business grade goods.

They already serve that market with business grade goods.

On Thu, 03 Aug 2006 17:09:00 GMT John Navas wrote: | On 3 Aug 2006 15:56:27 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Wed, 02 Aug 2006 18:04:51 GMT John Navas wrote: | |>| It's probably not anywhere near that much, and with the razor thin |>| margins in consumer grade stuff, focus is important. Netgear probably |>| thinks a business is better served with business grade stuff. I would |>| agree. |>

|>Most small businesses, and in fact every single one of them that I have |>seen with 20 or fewer employees, is going with cheap consumer grade |>stuff for networking anymore. | | All of my business clients use business grade goods.

Probably already established long term large businesses.

|>With such razor thin margins, they need to broaden their markets, too. |>What better choice than to get the SOHO market. | | They already serve that market with business grade goods.

I'm sure they prefer to sell business grade goods to them. I would, too. But the reality is, businesses are in a financial squeeze, small and large. So they go with consumer grade services like ADSL (ISPs are even targeting the advertising for this).

Why would a business that wants to enable wireless access to their LAN spend $300 for a business grade unit when $80 for a consumer grade unit works just as well in most cases?

Why do office supply stores (Office Depot, Staples, etc) primarily stock and pretty only sell the cheap stuff in the technology department?

On 4 Aug 2006 15:38:58 GMT, snipped-for-privacy@ipal.net wrote in :

Some are established long term large businesses; some are new/small; some are just SOHO professionals. I strongly advise potential clients that it's false economy to use consumer grade products, and I turn down businesses that won't take my advice. Thus the only time I deal with consumer products is for friends.

I personally think that's false economy when it comes to consumer grade products.

Because it doesn't work just as well -- it has buggy firmware, limited features, poor support, etc. -- and because that small a price difference is more than offset by other costs and risks.

Because they are low end suppliers that cater to average folks, not technology departments. Joe Sixpack runs down to Office Depot and uses the company account to buy a cheap wireless router so he can set up a rogue access point that compromises company security. The IT Department typically buys from commercial suppliers and VARs.

On Sat, 05 Aug 2006 15:26:54 GMT John Navas wrote: | On 4 Aug 2006 15:38:58 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Thu, 03 Aug 2006 17:09:00 GMT John Navas wrote: | |>| All of my business clients use business grade goods. |>

|>Probably already established long term large businesses. | | Some are established long term large businesses; some are new/small; | some are just SOHO professionals. I strongly advise potential clients | that it's false economy to use consumer grade products, and I turn down | businesses that won't take my advice. Thus the only time I deal with | consumer products is for friends.

How much money do you think a small business should budget for the router that their internet access connection goes through? How much money do you think a small business should budget for the router or other device used to interconnect laptops in the office to the office LAN (with selected access to the internet)?

|>|>With such razor thin margins, they need to broaden their markets, too. |>|>What better choice than to get the SOHO market. |>| |>| They already serve that market with business grade goods. |>

|>I'm sure they prefer to sell business grade goods to them. I would, too. |>But the reality is, businesses are in a financial squeeze, small and large. |>So they go with consumer grade services like ADSL (ISPs are even targeting |>the advertising for this). | | I personally think that's false economy when it comes to consumer grade | products.

Because of the poor design? Because the products will fail in time? Because the products lack features?

|>Why would a business that wants to enable wireless access to their LAN |>spend $300 for a business grade unit when $80 for a consumer grade unit |>works just as well in most cases? | | Because it doesn't work just as well -- it has buggy firmware, limited | features, poor support, etc. -- and because that small a price | difference is more than offset by other costs and risks.

But what if the product is actually good enough to get the job done?

|>Why do office supply stores (Office Depot, Staples, etc) primarily stock |>and pretty only sell the cheap stuff in the technology department? | | Because they are low end suppliers that cater to average folks, not | technology departments. Joe Sixpack runs down to Office Depot and uses | the company account to buy a cheap wireless router so he can set up a | rogue access point that compromises company security. The IT Department | typically buys from commercial suppliers and VARs.

They cater heavily to small business. A business large enough to have an IT department with 2 or 3 people doing IT exclusively probably does buy a lot from commercial suppliers and VARs, but I've also found that they do not always do so. I've worked in IT departments as large as 40 people and they would typically buy where they were the lowest price, as long as it is what they wanted. Often that was a commercial suppliers or VARs. But quite often it was the local office store or local electronics store.

There are things like budgets. Paying N times as much to accomplish the same thing doesn't let the budget have certain other things at all.

On 7 Aug 2006 17:33:53 GMT, snipped-for-privacy@ipal.net wrote in :

$300; e.g., SonicWALL TZ-150 Wireless $150 (less-capable) bargain: ZyXEL G-2000 Plus

$500; e.g., SonicWALL TZ-170 Wireless

Yes. Also buggy and poorly support. A couple of hours of my time wasted and they've spent more money than they would have by getting a business grade product in the first place.

What if BMWs cost only as much as Camrys?

Just because they do it doesn't mean it's a good idea -- lots of businesses make poor IT choices.

There are always tradeoffs, but going for cheap is often more expensive in the long run. What businesses often fail to properly consider on the front end is the total cost of ownership, including business losses, downtime, technical help, etc.

Don't forget all BS Charges to keep that sonic wall pos up and running. Which will make that price more then double.

|>How much money do you think a small business should budget for the |>router that their internet access connection goes through? | | $300; e.g., SonicWALL TZ-150 Wireless | $150 (less-capable) bargain: ZyXEL G-2000 Plus

So what do I get for 2-5 times the price? A non-Indian tech support accent?

|>Because of the poor design? Because the products will fail in time? |>Because the products lack features? | | Yes. Also buggy and poorly support. A couple of hours of my time | wasted and they've spent more money than they would have by getting a | business grade product in the first place.

Sometimes. Businesses typically go short on dozens of things they buy, and end up having to pay extra because of 1 or 2 of those and still end up ahead with the whole approach taken into consideration. It is risk. But lots of small businesses are taking survival risks every day. Most don't have the financial luxury to play it safe everywhere all the time.

| Just because they do it doesn't mean it's a good idea -- lots of | businesses make poor IT choices.

Lots of businesses make choices that, when looked at in isolation really are poor choices. When looked at in total balance, not only from all aspects of each choice, but also considering the sum of choices together as a group, the practice actually makes sense.

|>There are things like budgets. Paying N times as much to accomplish the |>same thing doesn't let the budget have certain other things at all. | | There are always tradeoffs, but going for cheap is often more expensive | in the long run. What businesses often fail to properly consider on the | front end is the total cost of ownership, including business losses, | downtime, technical help, etc.

What's really dangerous for a business to do is a choice for which there is no recovery available. There is a recovery available from going short on basic business needs. Was the choice of router a bad one? If so, take your lumps and buy a better one. If a router was the _only_ thing they were buying, I'd agree with you (and my techie orientation would be satisfied as well). In reality, it's one of dozens or hundreds of choices they make with the expectation that some of them indeed will end up being bad choices. Then they move on, still being ahead of the game because 97% of the choices worked out.

On 8 Aug 2006 14:25:17 GMT, snipped-for-privacy@ipal.net wrote in :

Did you actually check it out but missed the obvious differences? Or are you just being argumentative? ;) Whatever -- I'll play along one more time -- what you get for the higher price is: Solid design. Robust business-oriented feature set (e.g., enforced VPN, intrusion detection and prevention, security zones, guest feature, content filtering). Polished interface. Management and reporting. Stability. Actually works as claimed. High reliability. Certification. Hardware AES. Very good support. There's really no comparison.

Even a very small business with (say) five computers and associated peripherals has on the order of $10,000 invested and an ongoing operating cost on the order of $3,500 per year. In that context, even ignoring the value of business risk, the additional $250 expense of a proper wireless network product is noise.

I respectfully disagree -- poor choices are poor choices. That small businesses have such a high rate of failure is proof of that.

Unfortunately, it's all too often not that cheap or easy when it comes to security, which can have devastating business consequences when a breach occurs.

As I wrote, wrongheaded false economy. But it keeps me working, so I shouldn't complain too much.

On Tue, 08 Aug 2006 15:25:07 GMT John Navas wrote: | On 8 Aug 2006 14:25:17 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Mon, 07 Aug 2006 18:54:04 GMT John Navas wrote: |>

|>|>How much money do you think a small business should budget for the |>|>router that their internet access connection goes through? |>| |>| $300; e.g., SonicWALL TZ-150 Wireless |>| $150 (less-capable) bargain: ZyXEL G-2000 Plus |>

|>So what do I get for 2-5 times the price? A non-Indian tech support accent? | | Did you actually check it out but missed the obvious differences? Or | are you just being argumentative? ;) Whatever -- I'll play along one | more time -- what you get for the higher price is: Solid design. | Robust business-oriented feature set (e.g., enforced VPN, intrusion | detection and prevention, security zones, guest feature, content | filtering). Polished interface. Management and reporting. Stability. | Actually works as claimed. High reliability. Certification. Hardware | AES. Very good support. There's really no comparison.

"Solid design" --> subjective ... what? a metal case? "Robust business-oriented feature set" --> sounds like sales talk ( enforced VPN intrusion detection and prevention security zones guest feature content filtering ) --> good, if actually needed Polished interface. --> subjective Management and reporting. --> ?? Stability. --> subjective or sales talk Actually works as claimed. --> maybe you can put up a list of false claims for other products on the wiki. For now, I know that Netgear failed to identify the WGT624 as access points. High reliability. --> in what aspects? Certification. --> with few exceptions, generally worthless Hardware AES. --> if the CPU is too slow, useful Very good support. --> no foreign accents? There's really no comparison. --> subjective

How about

| |>|>Because of the poor design? Because the products will fail in time? |>|>Because the products lack features? |>| |>| Yes. Also buggy and poorly support. A couple of hours of my time |>| wasted and they've spent more money than they would have by getting a |>| business grade product in the first place. |>

|>Sometimes. Businesses typically go short on dozens of things they buy, |>and end up having to pay extra because of 1 or 2 of those and still end |>up ahead with the whole approach taken into consideration. It is risk. |>But lots of small businesses are taking survival risks every day. Most |>don't have the financial luxury to play it safe everywhere all the time. | | Even a very small business with (say) five computers and associated | peripherals has on the order of $10,000 invested and an ongoing | operating cost on the order of $3,500 per year. In that context, even | ignoring the value of business risk, the additional $250 expense of a | proper wireless network product is noise.

You have not yet justified why _routers_ should enjoy the extra $250 expenditure, and NOT do similar for the dozens of other things that make up the $10,000 investment.

If a business could buy the best of everything and spend $50,000 doing so, but has only $10,000, in general, _everything_ gets downgraded to an expenditure level of perhaps $8,00, leaving $2,000 for dealing with some of the issues that pop up. Maybe what will fail is a router and that would be replaced. But from a business perspective, everything is on an equal footing unless there is some valid evidence that raises one area well above the others. I'm sure the copier salesman would find a nice list of reasons for buying the "professional" $1500 model in lieu of the cheap $250 home model.

|>| Just because they do it doesn't mean it's a good idea -- lots of |>| businesses make poor IT choices. |>

|>Lots of businesses make choices that, when looked at in isolation |>really are poor choices. When looked at in total balance, not only |>from all aspects of each choice, but also considering the sum of |>choices together as a group, the practice actually makes sense. | | I respectfully disagree -- poor choices are poor choices. That small | businesses have such a high rate of failure is proof of that.

One very poor choice a business simply cannot make is to upgrade everything to the 5x cost "professional version", if the business only has the money for the low end versions. Banks don't like cashing checks on accounts with a negative balance.

So far all you are justifying is the _general_ principle of buy the best of everything. What you say so far has NOT raised the importance of a router for all businesses in general that have to follows the methods because of cash flow issues. There might be a few where they clearly and obviously need something more than average (an ISP for example). Justify why the router ... AND NOTHING ELSE ... warrants the extra expenditure.

|>|>There are things like budgets. Paying N times as much to accomplish the |>|>same thing doesn't let the budget have certain other things at all. |>| |>| There are always tradeoffs, but going for cheap is often more expensive |>| in the long run. What businesses often fail to properly consider on the |>| front end is the total cost of ownership, including business losses, |>| downtime, technical help, etc. |>

|>What's really dangerous for a business to do is a choice for which |>there is no recovery available. There is a recovery available from |>going short on basic business needs. Was the choice of router a bad |>one? If so, take your lumps and buy a better one. | | Unfortunately, it's all too often not that cheap or easy when it comes | to security, which can have devastating business consequences when a | breach occurs.

OTOH, it's just as stupid to buy a "security solution" and then depend on it covering your arse for all the other stupid things to do. The sales people pushing security routers too often give people the impression that it is a solve-all tool. It never is. NEVER. And depending on what the business is doing, and how it is doing it, lots of this endless morass of new security features are not even needed. It's better to fit the security to the actual business situation. If the situation needs a broad suite of things, that's what they should get.

|>If a router was |>the _only_ thing they were buying, I'd agree with you (and my techie |>orientation would be satisfied as well). In reality, it's one of |>dozens or hundreds of choices they make with the expectation that some |>of them indeed will end up being bad choices. Then they move on, still |>being ahead of the game because 97% of the choices worked out. | | As I wrote, wrongheaded false economy. But it keeps me working, so | I shouldn't complain too much.

As a techie I'm always inclined to encourage business to get the very best of everything. But I've been involved with businesses enough at a level where I know this is simply not a reality. I've had to do budgets before. And that was a job I absolutely hated because it meant NOT getting so many really cool things that would have made the business operate much smoother.

Yeah, this practice will keep money flowing to you. It will also keep it flowing to others in other cases because it will be other things that fail where a business needs a consultant, technician, or replacement. I can give you a lot of horror stories I've seen where things go wrong because business decisions force them to go short on everything. One thing a CFO would love to have is a crystal ball so they could see what _will_ file in the future and improve on that from the start. Reality _is_ that unless specifics are know ahead of time (sometimes this is possible) you go short on everything, and make up for what needs it.

So how would you connect a doctor's office to the internet to be in full compliance with HIPAA? I'll tell you how I have advised two cases I had. Don't connect the LAN at all. Connect one computer in the conference room to the net by itself, with a printer. As a big Linux advocate, I'd rather have seen them use Linux everything. But that's not in the cards because they need to run specific applications that aren't available for Linux. But even with Linux, I would have said don't connect the internet to the LAN.

If you are ever in a CFO hot seat, then you'll come to know the real issues that are involved. It was bad enough when I was in the CIO hot seat. Not as hot, but hot enough. But it was a real learning experience.

On 8 Aug 2006 21:41:27 GMT, snipped-for-privacy@ipal.net wrote in :

Whatever, Phil -- think what you want. I've actually used it, and know it to be a superior product, but I'm really not interested in arguing about it.

I disagree, but again, I'm not interested in arguing about it.

In fact I deliberately recommended affordable products, instead of much more expensive products.

Isolated network zone, enforced by router and firewall rules.

Another option, but can be needlessly inconvenient.

I prefer security zones (with robust authentication).

I would never use Linux for mission-critical systems. Where cost is critical I use OpenBSD. Otherwise I use a commercial OS (AIX, Solaris).

Been there; done that. Quite a few times.

snipped-for-privacy@ipal.net hath wroth:

I think I can justify it (by example). About 10 years ago, I had some large medical office systems as customers. I was the backup IT person as the main service companies were not local. If they needed something fixed fast, I received the call.

The issue was over what downtime will cost the company. I was mistakenly trying to cut corners and save a few dollars here and there. That's when I discovered that one of these medical offices was carrying "downtime insurance", where their insurance carrier would pay them for losses incurred by downtime: |

the time, we calculated the cost of downtime for 100 users at about $10,000 per hour. I was told that if my cost cutting was not cost effective if it meant risking a crash or equipment failure. I ceased looking at initial costs and started looking at overall cost of ownership. It works.

The obvious question also applies to the small business, that allegedly cannot afford better quality and more expensive hardware. It doesn't work quite as clearly, but it's still there. One of my nearby clients is a small hotel. Wireless and networking was originally considered to be a frill, like cable or satellite TV. They added wireless rather haphazzardly and without much concern for reliability or quality. However, that all changed when they started carrying small conventions, where the participants considered internet access manditory, necessary, and a major reason for selecting the hotel. Over the last few years, I have replaced literally every piece of equipment in their wired and wireless network with better quality hardware, largely as a result of irate customers and various equipment and topology failures.

I recently caused and witnessed the results of a minor failure. I was working on a coffee shop network and cleverly decided to upgrade the router firmware during peak business hours. There were only 4 people using the wireless and I informed them all that the internet would be down for a few minutes while the flash image was uploaded. Unfortunately, it didn't work due to a power glitch and it took me about 10 minutes to recover and bring things back up. When I went to inform the 4 customers that the internet was back up, all 4 customers were gone. When I told the coffee shop owner, he was more than irate. It wasn't the 4 lost customers that bothered him. It was that they might spread a rumor that the coffee shop internet was "unreliable" and therefore reduce the effectiveness of wireless as a customer draw.

I have other examples, but these should suffice. All of the aformentioned businesses have taken steps to improve their reliability. While cost was always a consideration, there was no attempt to only buy the cheapest. In all cases, overall reliability was far more important than initial cost.

I think I have about 4 customers currently using Sonicwall TZ170w wireless routers. These are not cheap, but very reliable and very feature infested. See: |

a review. I usually don't like putting almost everything in one package. In this case, it's where the routeing between devices and networks (i.e. zones) is best controlled in a single box. Terminating VPN's in the router is useful, as is bandwidth management. Also, because a single box is easier to configure and manage. In two of these systems, I use SNMP to monitor and sometimes manage their systems. In other words, it does more and does it better.

Anyway, if you have problems evaluating equipment, try to estimate what downtime or a failure will cost. Then compare this downtime cost with the initial hardware costs.

On Wed, 09 Aug 2006 02:42:28 GMT, John Navas wrote in :

More Complete Answer: My preferred solution is to put the server behind a dedicated firewall and VPN endpoint that only allows connections over authenticated VPN and blocks all outbound connections. The hardware is secured in a locked cabinet which only the administrator can open. Even if the LAN/WLAN were to be breached, the server would remain fully secure behind the firewall, which logs activity and access attempts that are regularly reviewed as part of the ongoing security process. When an intrusion attempt is detected, the administrator is automatically paged. All of this can easily be done on a modest budget -- all it really takes is skill, business and technical.

On Wed, 09 Aug 2006 02:42:28 GMT John Navas wrote: | On 8 Aug 2006 21:41:27 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Tue, 08 Aug 2006 15:25:07 GMT John Navas wrote: |>| On 8 Aug 2006 14:25:17 GMT, snipped-for-privacy@ipal.net wrote in |>| : | |>|>So what do I get for 2-5 times the price? A non-Indian tech support accent? |>| |>| Did you actually check it out but missed the obvious differences? Or |>| are you just being argumentative? ;) Whatever -- I'll play along one |>| more time -- what you get for the higher price is: Solid design. |>| Robust business-oriented feature set (e.g., enforced VPN, intrusion |>| detection and prevention, security zones, guest feature, content |>| filtering). Polished interface. Management and reporting. Stability. |>| Actually works as claimed. High reliability. Certification. Hardware |>| AES. Very good support. There's really no comparison. |>

|>"Solid design" --> subjective ... what? a metal case? |>"Robust business-oriented feature set" --> sounds like sales talk |>( enforced VPN |>intrusion detection and prevention |>security zones |>guest feature |>content filtering ) --> good, if actually needed |>Polished interface. --> subjective |>Management and reporting. --> ?? |>Stability. --> subjective or sales talk |>Actually works as claimed. --> maybe you can put up a list of false |>claims for other products on the wiki. For now, I know that Netgear |>failed to identify the WGT624 as access points. |>High reliability. --> in what aspects? |>Certification. --> with few exceptions, generally worthless |>Hardware AES. --> if the CPU is too slow, useful |>Very good support. --> no foreign accents? |>There's really no comparison. --> subjective | | Whatever, Phil -- think what you want. I've actually used it, and know | it to be a superior product, but I'm really not interested in arguing | about it.

I'm not disputing that it is a superior product. I'm disputing that it is not the best purchasing choice in all cases. It is pointless to pay more for something that has some areas of superiority if your usage of the product doesn't need those areas to be superior.

If we were comparing two products of equal cost, and one was superior over the other in some areas, and the other had no areas of superiority, then the decision would clearly favor the first. But if the first costs more, then to be a smart purchaser, you need to be sure you are gaining in those areas of superiority to justify the increased cost.

If two routers are exactly the same, except that one has IPsec and the other does not, and the one with IPsec costs $200 more, and you are purchasing the product for a function which does not need IPsec at all, would you waste $200 just to have IPsec?

|>You have not yet justified why _routers_ should enjoy the extra $250 |>expenditure, and NOT do similar for the dozens of other things that make |>up the $10,000 investment. | | I disagree, but again, I'm not interested in arguing about it.

Because you are more interested in making sure your clients have all the neat toys.

|>So far all you are justifying is the _general_ principle of buy the |>best of everything. ... | | In fact I deliberately recommended affordable products, instead of much | more expensive products.

I don't see that in all the recommendations you have made here. In some, maybe, but not all.

|>So how would you connect a doctor's office to the internet to be in full |>compliance with HIPAA? | | Isolated network zone, enforced by router and firewall rules.

I wouldn't need firewall rules. That's because I would use 100% isolation. The office would be connected, but not every computer would be reachable.

|>I'll tell you how I have advised two cases I had. |>Don't connect the LAN at all. | | Another option, but can be needlessly inconvenient.

Can be. In the cases where it isn't, it's a valid option. And it isn't needed in a large number of office cases.

|>Connect one computer in the conference room |>to the net by itself, with a printer. | | I prefer security zones (with robust authentication).

If there is more money available to spend on such things, that could be the way to go. If not, then that option is off the table.

|>As a big Linux advocate, I'd rather |>have seen them use Linux everything. But that's not in the cards because |>they need to run specific applications that aren't available for Linux. |>But even with Linux, I would have said don't connect the internet to the |>LAN. | | I would never use Linux for mission-critical systems. Where cost is | critical I use OpenBSD. Otherwise I use a commercial OS (AIX, Solaris).

Out of the box, most Linux distributions come in an insecure state. There are a few that are fully secure. And many (maybe most) of those that are not secure can be made secure. Someone who knows what they are doing with Linux can easily lock it down tight. OpenBSD is nice because it is one of those that comes out of the box secure.

If I am going to recommend a low cost system to someone who is going to install it themselves, I will recommend OpenBSD. Someone who knows how to lock down Linux doesn't need to ask me which to choose. But for the systems I will manage, I favor Linux principly because I am more familiar with it. Those more familiar with other systems are justified in choosing those over Linux (if their familiarity is enough to get it locked down tight where they need to do that).

|>If you are ever in a CFO hot seat, then you'll come to know the real issues |>that are involved. It was bad enough when I was in the CIO hot seat. Not |>as hot, but hot enough. But it was a real learning experience. | | Been there; done that. Quite a few times.

And probably overspent on geek toys.

On Wed, 09 Aug 2006 14:31:39 GMT John Navas wrote: | On Wed, 09 Aug 2006 02:42:28 GMT, John Navas | wrote in | : | |>On 8 Aug 2006 21:41:27 GMT, snipped-for-privacy@ipal.net wrote in |>: | |>>So how would you connect a doctor's office to the internet to be in full |>>compliance with HIPAA? |>

|>Isolated network zone, enforced by router and firewall rules. | | More Complete Answer: My preferred solution is to put the server behind | a dedicated firewall and VPN endpoint that only allows connections over | authenticated VPN and blocks all outbound connections. The hardware is | secured in a locked cabinet which only the administrator can open. Even | if the LAN/WLAN were to be breached, the server would remain fully | secure behind the firewall, which logs activity and access attempts that | are regularly reviewed as part of the ongoing security process. When an | intrusion attempt is detected, the administrator is automatically paged. | All of this can easily be done on a modest budget -- all it really takes | is skill, business and technical.

How does VPN help an office connect to the internet?

BTW, I used to do intrusion attempts by pager. No longer. The noise level is way too high. Intrusion attempts are at such a high level these days that if you were to respond to each one, you would get very little else done. What you do is block the access in a sufficiently confident way that you don't have to concern yourself with attempts. So unless you have access to the means to track down and prosecute those who attempt to intrude (e.g. you run the FBI network, for example), don't waste your time.

On Wed, 09 Aug 2006 06:22:41 -0700 Jeff Liebermann wrote: | snipped-for-privacy@ipal.net hath wroth: | |>You have not yet justified why _routers_ should enjoy the extra $250 |>expenditure, and NOT do similar for the dozens of other things that make |>up the $10,000 investment. | | I think I can justify it (by example). About 10 years ago, I had some | large medical office systems as customers. I was the backup IT person | as the main service companies were not local. If they needed | something fixed fast, I received the call. | | The issue was over what downtime will cost the company. I was | mistakenly trying to cut corners and save a few dollars here and | there. That's when I discovered that one of these medical offices was | carrying "downtime insurance", where their insurance carrier would pay | them for losses incurred by downtime: | |

| At the time, we calculated the cost of downtime for 100 users at about | $10,000 per hour. I was told that if my cost cutting was not cost | effective if it meant risking a crash or equipment failure. I ceased | looking at initial costs and started looking at overall cost of | ownership. It works. | | The obvious question also applies to the small business, that | allegedly cannot afford better quality and more expensive hardware. It | doesn't work quite as clearly, but it's still there. One of my nearby | clients is a small hotel. Wireless and networking was originally | considered to be a frill, like cable or satellite TV. They added | wireless rather haphazzardly and without much concern for reliability | or quality. However, that all changed when they started carrying | small conventions, where the participants considered internet access | manditory, necessary, and a major reason for selecting the hotel. | Over the last few years, I have replaced literally every piece of | equipment in their wired and wireless network with better quality | hardware, largely as a result of irate customers and various equipment | and topology failures.

Good example. However, I don't see how this example says that every small business needs to consider routers to be worth the expense when it means everything else has to go a bit further down in financing.

| I recently caused and witnessed the results of a minor failure. I was | working on a coffee shop network and cleverly decided to upgrade the | router firmware during peak business hours. There were only 4 people | using the wireless and I informed them all that the internet would be | down for a few minutes while the flash image was uploaded. | Unfortunately, it didn't work due to a power glitch and it took me | about 10 minutes to recover and bring things back up. When I went to | inform the 4 customers that the internet was back up, all 4 customers | were gone. When I told the coffee shop owner, he was more than irate. | It wasn't the 4 lost customers that bothered him. It was that they | might spread a rumor that the coffee shop internet was "unreliable" | and therefore reduce the effectiveness of wireless as a customer draw.

So, do you have a list of routers that will survive a firmware flash without power? Or did you just recommend buying a UPS?

| I have other examples, but these should suffice. All of the | aformentioned businesses have taken steps to improve their | reliability. While cost was always a consideration, there was no | attempt to only buy the cheapest. In all cases, overall reliability | was far more important than initial cost.

A business actually providing internet access in relation to the business they are doing really does need to consider the business continuity impact of the decisions. But not all businesses are doing that.

| I think I have about 4 customers currently using Sonicwall TZ170w | wireless routers. These are not cheap, but very reliable and very | feature infested. See:

And how many of these customers operate a business in which network access is directly related to the operation of their business?

| |

| for a review. I usually don't like putting almost everything in one | package. In this case, it's where the routeing between devices and | networks (i.e. zones) is best controlled in a single box. Terminating | VPN's in the router is useful, as is bandwidth management. Also, | because a single box is easier to configure and manage. In two of | these systems, I use SNMP to monitor and sometimes manage their | systems. In other words, it does more and does it better. | | Anyway, if you have problems evaluating equipment, try to estimate | what downtime or a failure will cost. Then compare this downtime cost | with the initial hardware costs.

I do that. But I also figure in how they utilize the network. Most of the small businesses won't see much of a short term (e.g. sufficient time to buy a replacement router or otherwise determine what happened) impact.

On 11 Aug 2006 17:23:05 GMT, snipped-for-privacy@ipal.net wrote in :

Isolates the server.

My filter and threshold results in relatively few alerts.

That kind of confidence is almost always misplaced in my experience.

I don't waste my time. I do protect my clients.

snipped-for-privacy@ipal.net hath wroth:

Oh, that's easy. Calculate the maintenance costs of buying bottom of the line equipment versus the capital equipment expenditure required to prevent such maintenance costs. Also, if you look at the pricing on commercial wireless installations, the cost of the hardware is fairly small compared to the cost of the labor involved. If an increase in capital equipment expenses can offset a labor charge, then it might be worth the effort.

Anyway, you've apparently missed my point. This is not about initial hardware expenses. It's about the overall cost of ownership, of which the initial hardware costs are only a small part. If better hardware causes fewer problems, then it's a good investment.

Incidentally, not all businesses run on the bitter edge of bankruptcy, where nickels and dimes are counted. I don't see too many of these as they cannot afford my exorbitant labor rates.

They have a UPS. The power glitch went right through it. Again, you missed my point. This is not about hardware selection. It's about the effects of wireless/internet downtime on a business, and how wireless has gone from a frill to a necessity.

Gibberish. I think you're saying that only wireless ISP's need to consider wireless reliability. Try again. I have a few corporate customers who use wireless to offset the cost of wiring their building. Wireless is most certainly "mission critical".

Three of them. If the wireless goes down, the laptops with the days mobile warehouse updates requires that the drivers remove the laptops from the trucks and drag them inside. Something similar with the other warehouse. The 3rd is a medical office where they could probably live without wireless but it would be a noticeable inconvenience. The 4th is a coffee shop, who wanted to isolate the customer laptops from the internal network. Incidentally, the owner is a former engineering manager who certainly knows his networking but doesn't want to waste his time screwing with it.

I don't see any evidence of that. You don't appear to think like a small business owner, where both the short and long term costs of everything are considered in each decision. If businesses were perpetually on the bitter edge of bankruptcy, and capital equipment expenditures were such an agonizing experience, the SMB (small medium business) sector would have collapsed long ago.

One of the questions I'm always asked is "How long with this thing last before it's obsolete and needs to be replaced" (i.e. life cycle costing). With SMB wireless and computing in general, that's a very real problem, but one which you haven't bothered to even mention in your wireless hardware decision making process.

It's also not easy to estimate downtime costs. I worked for about 30 hours trying to nail down a realistic estimate of what a large medical office recovery will cost in downtime and recovery. I had to revise the numbers about 5 times in as many years. It required that I document various disaster recovery scenarios. One of these scenarios actually happened, and I found myself having underestimated the MTTR (mean time to recover) by an embarrassing margin. I've also done dry run recoveries with the usual surprises. As I said, I don't think you've ever estimated the cost of downtime or failure for a business.

Any small business that can afford my exorbitant service rates, can certainly afford to spend the money on superior hardware to avoid my presence. More simply, I don't see many businesses where wireless is NOT an important part of the business. It's not unusual for me to charge more than the cost of the hardware to fix a system. They pay because they really need the system to work, but they also ask about getting better hardware.

It also applies to home users with wireless. Most can manage without wireless for a while, but I usually get the call within hours of the wireless failing because it's has usually become so much a part of the daily home life, that the inconvenience of not having wireless connectivity through the house is considered a serious problem. It's not unusual for me to arrive and find a brand new wireless router purchased in the hope that it would magically solve the problem. (Two junk routers do not equal one good router). I know that if my neighborhood wireless system goes down, I get phone calls within an hour or two. There may be home users that can live with crappy wireless range and performance, but I don't see those.

A TZ170w is about $750. A cheapo wireless router is about $100. The $650 difference is about 9 hours of my lab our. Ignoring interest charges, if buying a better router can be balanced against my service charges, downtime costs, recovery costs, and early replacement costs over the life of the system, then it's a bargain.

On Sat, 12 Aug 2006 09:15:16 -0700, Jeff Liebermann wrote in :

25 node for $513.00, in stock:

On Sat, 12 Aug 2006 00:16:54 GMT John Navas wrote: | On 11 Aug 2006 17:23:05 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Wed, 09 Aug 2006 14:31:39 GMT John Navas wrote: |>| On Wed, 09 Aug 2006 02:42:28 GMT, John Navas |>| wrote in |>| : |>| |>|>On 8 Aug 2006 21:41:27 GMT, snipped-for-privacy@ipal.net wrote in |>|>: |>| |>|>>So how would you connect a doctor's office to the internet to be in full |>|>>compliance with HIPAA? |>|>

|>|>Isolated network zone, enforced by router and firewall rules. |>| |>| More Complete Answer: My preferred solution is to put the server behind |>| a dedicated firewall and VPN endpoint that only allows connections over |>| authenticated VPN and blocks all outbound connections. The hardware is |>| secured in a locked cabinet which only the administrator can open. Even |>| if the LAN/WLAN were to be breached, the server would remain fully |>| secure behind the firewall, which logs activity and access attempts that |>| are regularly reviewed as part of the ongoing security process. When an |>| intrusion attempt is detected, the administrator is automatically paged. |>| All of this can easily be done on a modest budget -- all it really takes |>| is skill, business and technical. |>

|>How does VPN help an office connect to the internet? | | Isolates the server.

And how does isolating the server have anything to do with VPN?

|>BTW, I used to do intrusion attempts by pager. No longer. The noise level |>is way too high. Intrusion attempts are at such a high level these days |>that if you were to respond to each one, you would get very little else |>done. | | My filter and threshold results in relatively few alerts.

If you block the common points of hacker attacks and don't enable them for alerts, that would work. What is your threshhold? 10,000?

|>What you do is block the access in a sufficiently confident way that |>you don't have to concern yourself with attempts. | | That kind of confidence is almost always misplaced in my experience.

You have to make some sort of tradeoff. You can't be having your pager go off every couple minutes every time someone probes some port.

|>So unless you have access |>to the means to track down and prosecute those who attempt to intrude (e.g. |>you run the FBI network, for example), don't waste your time. | | I don't waste my time. I do protect my clients.

But I wonder if you are getting paged for every intrusion attempt, or if you are just ignoring the bulk of them. With so many going on (rarely do I ever see an hour long period without an attempt), it has to be one or the other. Or are you now using knock-knock access schemes?