Company claims hardwire connections are a security issue

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
82
down vote

favorite
5












Someone to whom I am related is at a study camp for their desired profession. This person, let's call her Jane, is supposed to be studying rigorously for two months. The housing provided offers wireless internet connections, which are spotty and don't allow for fluid streaming of even low-quality video, or other useful tasks to studying.
Being that Jane wants to study in her down-time and look up resources as a reference to the material, she needs to access these materials and suffer with a slow connection. There are no provided modems or other ways to connect via Ethernet, and the student is expected to have some form of wireless connection computer, presumably.



Now, I want Jane to have the best possible studying experience, and I understand that they might deem this experience "the best to study in," so I called and claimed that I was interested in attending the camp myself, but I only have a desktop computer with no wireless card, and I expect a wired connection. After a few hours, I received a response saying the following:




"We do not provide hard wire connections to our network because of viruses and stuff"




It was clear to me the information I was being relayed was second-hand, but acknowledging that I wouldn't be able to change anyone's mind about this policy, I come here to posit this question:



Exactly what security benefits could be gained by only offering a Wireless connection?



In this case, I'm assuming that the answer given to me was genuine and not just an excuse for them to not do extra work or anything of the sort.










share|improve this question



















  • 89




    Well, to use highly official terms, Viruses and stuff are very bad for computers. I honestly hope that wasn't IT who responded (:
    – Redwolf Programs
    Aug 28 at 23:05







  • 56




    Did they really say "viruses and stuff"?
    – Schwern
    Aug 28 at 23:47






  • 32




    That's not the stupidest thing I've ever heard someone say in IT (I'm old, there's a /lot/ to choose from) but it's well up there...
    – Shadur
    Aug 29 at 10:50






  • 3




    I've been in ho(s)tels where they told a similar story. They usually have a good reason but a terrible explanation.
    – Mast
    Aug 29 at 11:22






  • 16




    @Schwern yes they did, I had to stifle a laugh on call with them.
    – Erin B
    Aug 29 at 13:19
















up vote
82
down vote

favorite
5












Someone to whom I am related is at a study camp for their desired profession. This person, let's call her Jane, is supposed to be studying rigorously for two months. The housing provided offers wireless internet connections, which are spotty and don't allow for fluid streaming of even low-quality video, or other useful tasks to studying.
Being that Jane wants to study in her down-time and look up resources as a reference to the material, she needs to access these materials and suffer with a slow connection. There are no provided modems or other ways to connect via Ethernet, and the student is expected to have some form of wireless connection computer, presumably.



Now, I want Jane to have the best possible studying experience, and I understand that they might deem this experience "the best to study in," so I called and claimed that I was interested in attending the camp myself, but I only have a desktop computer with no wireless card, and I expect a wired connection. After a few hours, I received a response saying the following:




"We do not provide hard wire connections to our network because of viruses and stuff"




It was clear to me the information I was being relayed was second-hand, but acknowledging that I wouldn't be able to change anyone's mind about this policy, I come here to posit this question:



Exactly what security benefits could be gained by only offering a Wireless connection?



In this case, I'm assuming that the answer given to me was genuine and not just an excuse for them to not do extra work or anything of the sort.










share|improve this question



















  • 89




    Well, to use highly official terms, Viruses and stuff are very bad for computers. I honestly hope that wasn't IT who responded (:
    – Redwolf Programs
    Aug 28 at 23:05







  • 56




    Did they really say "viruses and stuff"?
    – Schwern
    Aug 28 at 23:47






  • 32




    That's not the stupidest thing I've ever heard someone say in IT (I'm old, there's a /lot/ to choose from) but it's well up there...
    – Shadur
    Aug 29 at 10:50






  • 3




    I've been in ho(s)tels where they told a similar story. They usually have a good reason but a terrible explanation.
    – Mast
    Aug 29 at 11:22






  • 16




    @Schwern yes they did, I had to stifle a laugh on call with them.
    – Erin B
    Aug 29 at 13:19












up vote
82
down vote

favorite
5









up vote
82
down vote

favorite
5






5





Someone to whom I am related is at a study camp for their desired profession. This person, let's call her Jane, is supposed to be studying rigorously for two months. The housing provided offers wireless internet connections, which are spotty and don't allow for fluid streaming of even low-quality video, or other useful tasks to studying.
Being that Jane wants to study in her down-time and look up resources as a reference to the material, she needs to access these materials and suffer with a slow connection. There are no provided modems or other ways to connect via Ethernet, and the student is expected to have some form of wireless connection computer, presumably.



Now, I want Jane to have the best possible studying experience, and I understand that they might deem this experience "the best to study in," so I called and claimed that I was interested in attending the camp myself, but I only have a desktop computer with no wireless card, and I expect a wired connection. After a few hours, I received a response saying the following:




"We do not provide hard wire connections to our network because of viruses and stuff"




It was clear to me the information I was being relayed was second-hand, but acknowledging that I wouldn't be able to change anyone's mind about this policy, I come here to posit this question:



Exactly what security benefits could be gained by only offering a Wireless connection?



In this case, I'm assuming that the answer given to me was genuine and not just an excuse for them to not do extra work or anything of the sort.










share|improve this question















Someone to whom I am related is at a study camp for their desired profession. This person, let's call her Jane, is supposed to be studying rigorously for two months. The housing provided offers wireless internet connections, which are spotty and don't allow for fluid streaming of even low-quality video, or other useful tasks to studying.
Being that Jane wants to study in her down-time and look up resources as a reference to the material, she needs to access these materials and suffer with a slow connection. There are no provided modems or other ways to connect via Ethernet, and the student is expected to have some form of wireless connection computer, presumably.



Now, I want Jane to have the best possible studying experience, and I understand that they might deem this experience "the best to study in," so I called and claimed that I was interested in attending the camp myself, but I only have a desktop computer with no wireless card, and I expect a wired connection. After a few hours, I received a response saying the following:




"We do not provide hard wire connections to our network because of viruses and stuff"




It was clear to me the information I was being relayed was second-hand, but acknowledging that I wouldn't be able to change anyone's mind about this policy, I come here to posit this question:



Exactly what security benefits could be gained by only offering a Wireless connection?



In this case, I'm assuming that the answer given to me was genuine and not just an excuse for them to not do extra work or anything of the sort.







network antivirus wireless anti-exploitation






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Aug 28 at 18:32

























asked Aug 28 at 18:14









Erin B

512128




512128







  • 89




    Well, to use highly official terms, Viruses and stuff are very bad for computers. I honestly hope that wasn't IT who responded (:
    – Redwolf Programs
    Aug 28 at 23:05







  • 56




    Did they really say "viruses and stuff"?
    – Schwern
    Aug 28 at 23:47






  • 32




    That's not the stupidest thing I've ever heard someone say in IT (I'm old, there's a /lot/ to choose from) but it's well up there...
    – Shadur
    Aug 29 at 10:50






  • 3




    I've been in ho(s)tels where they told a similar story. They usually have a good reason but a terrible explanation.
    – Mast
    Aug 29 at 11:22






  • 16




    @Schwern yes they did, I had to stifle a laugh on call with them.
    – Erin B
    Aug 29 at 13:19












  • 89




    Well, to use highly official terms, Viruses and stuff are very bad for computers. I honestly hope that wasn't IT who responded (:
    – Redwolf Programs
    Aug 28 at 23:05







  • 56




    Did they really say "viruses and stuff"?
    – Schwern
    Aug 28 at 23:47






  • 32




    That's not the stupidest thing I've ever heard someone say in IT (I'm old, there's a /lot/ to choose from) but it's well up there...
    – Shadur
    Aug 29 at 10:50






  • 3




    I've been in ho(s)tels where they told a similar story. They usually have a good reason but a terrible explanation.
    – Mast
    Aug 29 at 11:22






  • 16




    @Schwern yes they did, I had to stifle a laugh on call with them.
    – Erin B
    Aug 29 at 13:19







89




89




Well, to use highly official terms, Viruses and stuff are very bad for computers. I honestly hope that wasn't IT who responded (:
– Redwolf Programs
Aug 28 at 23:05





Well, to use highly official terms, Viruses and stuff are very bad for computers. I honestly hope that wasn't IT who responded (:
– Redwolf Programs
Aug 28 at 23:05





56




56




Did they really say "viruses and stuff"?
– Schwern
Aug 28 at 23:47




Did they really say "viruses and stuff"?
– Schwern
Aug 28 at 23:47




32




32




That's not the stupidest thing I've ever heard someone say in IT (I'm old, there's a /lot/ to choose from) but it's well up there...
– Shadur
Aug 29 at 10:50




That's not the stupidest thing I've ever heard someone say in IT (I'm old, there's a /lot/ to choose from) but it's well up there...
– Shadur
Aug 29 at 10:50




3




3




I've been in ho(s)tels where they told a similar story. They usually have a good reason but a terrible explanation.
– Mast
Aug 29 at 11:22




I've been in ho(s)tels where they told a similar story. They usually have a good reason but a terrible explanation.
– Mast
Aug 29 at 11:22




16




16




@Schwern yes they did, I had to stifle a laugh on call with them.
– Erin B
Aug 29 at 13:19




@Schwern yes they did, I had to stifle a laugh on call with them.
– Erin B
Aug 29 at 13:19










7 Answers
7






active

oldest

votes

















up vote
198
down vote



accepted










Warning: Conjecture, because none of us know their actual setup.



It is very likely that the organization has their own network, which is hard-wired, as well as a guest network, which is wireless-only. The two are separate networks. This is a common layout because laying wire to desks is expensive, but worth it, for your own employees; broadcasting wireless is cheap, and worth every penny of it, for your guests.



When you asked about a hard-wired connection, they are answering the question of which network you'd be on rather than how you connect to the network. And as the two are intertwined in their minds ("hard-wire is our network, wireless is guest network") they are answering very simply.



From their point of view, they don't want non-organization machines on their network, only on the guest network - because of viruses and stuff. We can all understand that we wouldn't want random visitors on our internal networks, right? So that would be a context in which their answer makes sense.



I would suggest explaining your concern to them and seeing if they can come up with a solution, instead of asking them about the solution you would expect to work. It may be that they only expect guests to need enough connectivity for email and light web browsing. If you explain that Jane needs more bandwidth for her study needs, and can convince them that it's a reasonable request, they're likely to find some way to help - even if it's just moving Jane to a room closer to the Wireless AP.






share|improve this answer


















  • 19




    I once managed to take down the Moscone Center (convention center in San Francisco) about 10 years ago because they didn't isolate their office network from the hard drops they'd set up for people. I asked why the hell they did that, and their excuse was that when Cisco and others were there, they needed full access. To the outside world, maybe ... but you secure your office network. (I was sending DHCP, and their machines were getting bad IP addresses)
    – Joe
    Aug 29 at 17:04






  • 5




    @ErinB: More to the point, the ability of the employees to access all the equipment on the internal network is infinitely more important than the customers' needs to do likewise, since the latter is zero.
    – supercat
    Aug 29 at 18:25






  • 13




    @ErinB being an important customer wouldn't mean being handed a key to every locked room or safe that employees routinely are given access to, no?
    – rackandboneman
    Aug 30 at 7:18






  • 4




    This is speculation ... but plausible speculation.
    – Jay
    Aug 30 at 16:46






  • 3




    @Joe Very strange. I was IT for a convention center management organization and the network for the organization (which was located in the convention center) was completely separate from the networking available on the show floors - even with separate internet connections. On top of that, the only outside organization that got unfettered access to whatever they wanted was the US Secret Service.
    – Todd Wilcox
    Aug 31 at 16:49

















up vote
28
down vote













It really depends on how they have set up their network, so we can only speculate. But I can provide a similar anecdote.



My local library has a wifi that you can log into using your library card. Several rooms have ethernet ports in the wall, but when I asked if I could plug in, I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers.



It's common practice to keep separate networks for "trusted" machines that are using corporate-supplied anti-virus, etc, and a separate network for the public to use. I guess wifi vs ethernet is as good a way as any to split that.






share|improve this answer
















  • 34




    "[...] I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers." <- ...That's... disconcerting; I hope they whitelist MACs?
    – redyoshi49q
    Aug 29 at 3:47






  • 12




    @redyoshi49q Doubt it. I assume whoever designed the networks assumed there would only be ethernet drops in the offices, not in public areas.
    – Mike Ounsworth
    Aug 29 at 4:12






  • 2




    @redyoshi49q Hopefully those ports are not connected on the patch panel.
    – Andrew Morton
    Aug 29 at 12:54






  • 11




    Out of curiosity -- did you ever try to plug into those spots in the rooms? They may only be "meant" for staff, but I'm intensely curious if there's any auth or security aside from "does or does not have Ethernet cable"....
    – RoboBear
    Aug 29 at 20:15






  • 15




    @RoboBear Yup, internet was waaayy faster than the wifi. Then a librarian told me not to. I guess I shouldn't tell you where I live ...
    – Mike Ounsworth
    Aug 29 at 21:16

















up vote
11
down vote













I'm going to come at this from a network-engineering point-of-view (full disclosure: CCNA / N+, I work on enterprise-level network systems which include complex topics that we'll discuss here, as well as having done network-engineering for a private university).



Every network is different, and every network-device is different, but there are some commonalities:



  • Many enterprise-level devices (switches) offer some sort of "VLAN" ("Virtual-LAN"), for those unfamiliar, think of it as a way of saying that "This switchport is in LAN X, whereas this other switchport is in LAN Y.", this allows us to separate devices logically, so that you and I can be plugged into the same switch, but not even see each other through MAC targeting;

  • Many enterprise-level devices (switches) offer SNMP targeting / triggering / "trap"ping to switch ports between different VLAN's based on things like MAC-addresses and the like;

Here's the thing about Ethernet / RJ-45 / 100M/1000M connections: we typically use lower-end devices for this, because we often "just" need a basic connection back to the router. Often they're less advanced, and don't offer good-quality features of the above. (You'll typically find "VLAN" segregation on just about every switch now-a-days, but the SNMP triggering and targeting is substantially more difficult to find for a good price-point.)



When I worked for the University we used a software that would look at a switchport and the MAC-address (a unique hardware-identifier for your Ethernet port) which would decide what "VLAN" you were on: Guest, Staff, Faculty, Student, Lab, etc. This was extraordinarily expensive, both in licensing and implementation. While there are good, free tools out there to do this, it's still difficult to setup, and may not be worth it depending on what the goals of the company are. (This software is notoriously unreliable.) Another problem is that, with sufficient work, a MAC Address can be spoofed, which makes it about as secure as using someone's full name.



So, we have to make a decision, support hard-wired connections that may be unstable, insecure, and leak access to privileged resources, or not?



No network is perfectly secure, even if we have all the resources on the "protected" network locked down, there's still a risk of connection a foreign device to the network. Therefore, we often make decisions like "any BYOD connects to this wireless network." We can turn the wireless network into a "Guest"/"Secured" network, via different SSID's and authentication mechanisms. This means we can have both the guests and employees connected to one wireless access point. Infrastructure cost is lower, and we get the same security benefit.



Like this other answers, this is conjecture or speculation, but from my (professional) experience this would be the likely explanation. The infrastructure cost to support hard-wired connections was too high to be justified. (And since almost all devices people use have wireless capability these days, it's tough to justify.) Considering even Apple is dropping Ethernet ports off the MacBook Pro by default, we get into a "is it even worth it?" situation.




TL;DR;: Ethernet is too expensive to do across the board and secure properly, whereas Wireless is becoming much more commonplace, secure and easier to distribute access for.






share|improve this answer


















  • 2




    @ErinB Well, you have to ask yourself: how do you know the Wifi speeds are poor? If you're asking about streaming videos and such, how many other people on the Wifi do you think are streaming videos? Typically, in these environments, we use multi-channel roaming access-points, which means that we can load balance them, but it just may be that the Wifi/internet connections are being taxed by the number of users. (All speculation / hypothetical, but offers another explanation.)
    – 202_accepted
    Aug 29 at 14:46






  • 1




    And it makes sense that this would be the case, but then, wouldn't you expect this as any IT department worth its salt? If your customers are unable to do the one thing they are attending your company for, that seems like a largely negative impact to business. Providing accommodations (like say, Ethernet connections) would be a suitable measure in this instance.
    – Erin B
    Aug 29 at 14:51







  • 2




    @ErinB Aha, you've gotten into the "what trade-offs do we make". I've been on the Business side of it as well (I'm typically the bridge between Network / Software Engineering and business), and we always get a "well nevermind, we don't want to do that because ", where '' is almost always $$$. Running Ethernet is expensive, securing it is expensive, do we value the benefits from those expenses? Sure, but is there enough value in it? More Ethernet = more hardware, more maintenance, a lifetime of it.
    – 202_accepted
    Aug 29 at 14:53






  • 2




    @ErinB I just realized that comment formatted weird, replace because ", where '' is with because <x>", where <x> is.
    – 202_accepted
    Aug 29 at 14:59






  • 1




    I'm no CCNE, but I'd have imagined that all the ports in the dorm rooms would be connected to a switch which was on the guest VLAN. Why would guest bedrooms need anything else? Therefore, no need of VLAN switching or even MAC registrations - you plug in there, you're in the guest network (no exceptions). In the case where there's a CCTV camera or something, then that specific port could be assigned a VLAN (or put onto the VLAN-switching technology). However, as noted, wiring up the rooms is more expensive than throwing in a wireless AP.
    – Ralph Bolton
    Aug 31 at 10:56

















up vote
9
down vote













Looks like this is solved, but I wanted to inject discussion of "Wireless AP Isolation" which is a one-button click on most vendors' small-to-mid scale deployments such as small schools and hotels.



I could easily see a "summer camp" relying on AP isolation, rather than hardware network segmentation to keep out "viruses and stuff."



What I don't know is whether this is actually a good defense, or whether this is easily broken out of.






share|improve this answer




















  • Meraki has network isolation on by default. It's actually quite nice because it protects users from each other. It's nice until you try to create a print share or some other shared resource then they hit you up for an upgrade.
    – jorfus
    Aug 30 at 0:25

















up vote
0
down vote













I suspect that the REAL answer is not any security concern about "viruses and stuff", but rather that it is too difficult and expensive to run ethernet cable to all the campers. Setting up a wifi router is pretty cheap and simple: you run one cable from the modem to the router, put it someplace where it gives a good signal throughout the desired area, and you're done. Stringing ethernet cable is a lot of work: you have to run a cable to every workstation. Depending on how pretty you want the results to be that can mean tearing out walls to string the cable.



Wifi has the inherent security hole that anyone who can get within the signal range with a computer could conceivably hack into your network. I pick up signals from a dozen of my neighbors whenever I turn on my computer. With a wired-only network, they'd have to break into your building. I can't think of any reason why ethernet would be LESS secure than wifi, though I confess I am not a security expert.



Several others have mentioned that they might have a wired network with greater access than the wifi network. Possible. The issue there is not really wire vs wifi, but that one network "coincidentally" has greater access than another, but it's certainly possible that that's what someone was thinking of when they answered the question.






share|improve this answer



























    up vote
    0
    down vote













    If plugging in the physical cable is a bypass for the wireless connection password as other posters mentioned, then have a physical cable connect to a wireless router in a locked box just for that location. This way you have both the reliability and extensibility of a wired connection but the security (pending items below) of no-physical-access. You can thus also easily serve many other users within that more remote area.



    Of course wired connections have vulnerabilities such as physical (cable) interception and vulnerable routers/ hubs/ etc.






    share|improve this answer





























      up vote
      -1
      down vote













      My immediate thought when I read the OP was PHYSICAL ACCESS. (The OP was looking for possible scenarios where copper (UTP cable) could be more of a security risk than WiFi...)



      The first thing (well, one of the first things) you learn about IT security is that physical network devices need to be placed where they cannot be accessed by "just anyone."



      The reason for this, generally, is because there are nasty things you can do to a device (like bring down the entire network) if you can "physically touch it." Things you cannot do over a remote connection.



      Example: On a brand new Cisco device, you must physically connect to the device via a "console cable" to begin the basic configuration process. Basics like setting up remote access, setting passwords, etc. You can also just as easily wipe out the entire IOS image, delete the running-config, etc.



      So, to reduce certain security risks, you put your devices behind locked doors and grant access to the devices only to those who need it.



      So coming back to the OP's question, you could say that you'd need physical access to a device in order to plug in a patch cable, whereas you wouldn't need physical access to make a wireless connection.



      In that most basic scenario, wireless connectivity would pose less of a security risk.




      And yeah, yeah, yeah..., I know that most physical connections are made via wall jack and therefore you don't need direct access to the network device itself, but I'm providing a SIMPLE scenario which fulfills the OP's original question.






      share|improve this answer






















      • meta.stackexchange.com/questions/28005/…
        – schroeder♦
        Sep 5 at 23:22










      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "162"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f192521%2fcompany-claims-hardwire-connections-are-a-security-issue%23new-answer', 'question_page');

      );

      Post as a guest






























      7 Answers
      7






      active

      oldest

      votes








      7 Answers
      7






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      198
      down vote



      accepted










      Warning: Conjecture, because none of us know their actual setup.



      It is very likely that the organization has their own network, which is hard-wired, as well as a guest network, which is wireless-only. The two are separate networks. This is a common layout because laying wire to desks is expensive, but worth it, for your own employees; broadcasting wireless is cheap, and worth every penny of it, for your guests.



      When you asked about a hard-wired connection, they are answering the question of which network you'd be on rather than how you connect to the network. And as the two are intertwined in their minds ("hard-wire is our network, wireless is guest network") they are answering very simply.



      From their point of view, they don't want non-organization machines on their network, only on the guest network - because of viruses and stuff. We can all understand that we wouldn't want random visitors on our internal networks, right? So that would be a context in which their answer makes sense.



      I would suggest explaining your concern to them and seeing if they can come up with a solution, instead of asking them about the solution you would expect to work. It may be that they only expect guests to need enough connectivity for email and light web browsing. If you explain that Jane needs more bandwidth for her study needs, and can convince them that it's a reasonable request, they're likely to find some way to help - even if it's just moving Jane to a room closer to the Wireless AP.






      share|improve this answer


















      • 19




        I once managed to take down the Moscone Center (convention center in San Francisco) about 10 years ago because they didn't isolate their office network from the hard drops they'd set up for people. I asked why the hell they did that, and their excuse was that when Cisco and others were there, they needed full access. To the outside world, maybe ... but you secure your office network. (I was sending DHCP, and their machines were getting bad IP addresses)
        – Joe
        Aug 29 at 17:04






      • 5




        @ErinB: More to the point, the ability of the employees to access all the equipment on the internal network is infinitely more important than the customers' needs to do likewise, since the latter is zero.
        – supercat
        Aug 29 at 18:25






      • 13




        @ErinB being an important customer wouldn't mean being handed a key to every locked room or safe that employees routinely are given access to, no?
        – rackandboneman
        Aug 30 at 7:18






      • 4




        This is speculation ... but plausible speculation.
        – Jay
        Aug 30 at 16:46






      • 3




        @Joe Very strange. I was IT for a convention center management organization and the network for the organization (which was located in the convention center) was completely separate from the networking available on the show floors - even with separate internet connections. On top of that, the only outside organization that got unfettered access to whatever they wanted was the US Secret Service.
        – Todd Wilcox
        Aug 31 at 16:49














      up vote
      198
      down vote



      accepted










      Warning: Conjecture, because none of us know their actual setup.



      It is very likely that the organization has their own network, which is hard-wired, as well as a guest network, which is wireless-only. The two are separate networks. This is a common layout because laying wire to desks is expensive, but worth it, for your own employees; broadcasting wireless is cheap, and worth every penny of it, for your guests.



      When you asked about a hard-wired connection, they are answering the question of which network you'd be on rather than how you connect to the network. And as the two are intertwined in their minds ("hard-wire is our network, wireless is guest network") they are answering very simply.



      From their point of view, they don't want non-organization machines on their network, only on the guest network - because of viruses and stuff. We can all understand that we wouldn't want random visitors on our internal networks, right? So that would be a context in which their answer makes sense.



      I would suggest explaining your concern to them and seeing if they can come up with a solution, instead of asking them about the solution you would expect to work. It may be that they only expect guests to need enough connectivity for email and light web browsing. If you explain that Jane needs more bandwidth for her study needs, and can convince them that it's a reasonable request, they're likely to find some way to help - even if it's just moving Jane to a room closer to the Wireless AP.






      share|improve this answer


















      • 19




        I once managed to take down the Moscone Center (convention center in San Francisco) about 10 years ago because they didn't isolate their office network from the hard drops they'd set up for people. I asked why the hell they did that, and their excuse was that when Cisco and others were there, they needed full access. To the outside world, maybe ... but you secure your office network. (I was sending DHCP, and their machines were getting bad IP addresses)
        – Joe
        Aug 29 at 17:04






      • 5




        @ErinB: More to the point, the ability of the employees to access all the equipment on the internal network is infinitely more important than the customers' needs to do likewise, since the latter is zero.
        – supercat
        Aug 29 at 18:25






      • 13




        @ErinB being an important customer wouldn't mean being handed a key to every locked room or safe that employees routinely are given access to, no?
        – rackandboneman
        Aug 30 at 7:18






      • 4




        This is speculation ... but plausible speculation.
        – Jay
        Aug 30 at 16:46






      • 3




        @Joe Very strange. I was IT for a convention center management organization and the network for the organization (which was located in the convention center) was completely separate from the networking available on the show floors - even with separate internet connections. On top of that, the only outside organization that got unfettered access to whatever they wanted was the US Secret Service.
        – Todd Wilcox
        Aug 31 at 16:49












      up vote
      198
      down vote



      accepted







      up vote
      198
      down vote



      accepted






      Warning: Conjecture, because none of us know their actual setup.



      It is very likely that the organization has their own network, which is hard-wired, as well as a guest network, which is wireless-only. The two are separate networks. This is a common layout because laying wire to desks is expensive, but worth it, for your own employees; broadcasting wireless is cheap, and worth every penny of it, for your guests.



      When you asked about a hard-wired connection, they are answering the question of which network you'd be on rather than how you connect to the network. And as the two are intertwined in their minds ("hard-wire is our network, wireless is guest network") they are answering very simply.



      From their point of view, they don't want non-organization machines on their network, only on the guest network - because of viruses and stuff. We can all understand that we wouldn't want random visitors on our internal networks, right? So that would be a context in which their answer makes sense.



      I would suggest explaining your concern to them and seeing if they can come up with a solution, instead of asking them about the solution you would expect to work. It may be that they only expect guests to need enough connectivity for email and light web browsing. If you explain that Jane needs more bandwidth for her study needs, and can convince them that it's a reasonable request, they're likely to find some way to help - even if it's just moving Jane to a room closer to the Wireless AP.






      share|improve this answer














      Warning: Conjecture, because none of us know their actual setup.



      It is very likely that the organization has their own network, which is hard-wired, as well as a guest network, which is wireless-only. The two are separate networks. This is a common layout because laying wire to desks is expensive, but worth it, for your own employees; broadcasting wireless is cheap, and worth every penny of it, for your guests.



      When you asked about a hard-wired connection, they are answering the question of which network you'd be on rather than how you connect to the network. And as the two are intertwined in their minds ("hard-wire is our network, wireless is guest network") they are answering very simply.



      From their point of view, they don't want non-organization machines on their network, only on the guest network - because of viruses and stuff. We can all understand that we wouldn't want random visitors on our internal networks, right? So that would be a context in which their answer makes sense.



      I would suggest explaining your concern to them and seeing if they can come up with a solution, instead of asking them about the solution you would expect to work. It may be that they only expect guests to need enough connectivity for email and light web browsing. If you explain that Jane needs more bandwidth for her study needs, and can convince them that it's a reasonable request, they're likely to find some way to help - even if it's just moving Jane to a room closer to the Wireless AP.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Aug 28 at 19:03

























      answered Aug 28 at 18:37









      gowenfawr

      50.3k10107153




      50.3k10107153







      • 19




        I once managed to take down the Moscone Center (convention center in San Francisco) about 10 years ago because they didn't isolate their office network from the hard drops they'd set up for people. I asked why the hell they did that, and their excuse was that when Cisco and others were there, they needed full access. To the outside world, maybe ... but you secure your office network. (I was sending DHCP, and their machines were getting bad IP addresses)
        – Joe
        Aug 29 at 17:04






      • 5




        @ErinB: More to the point, the ability of the employees to access all the equipment on the internal network is infinitely more important than the customers' needs to do likewise, since the latter is zero.
        – supercat
        Aug 29 at 18:25






      • 13




        @ErinB being an important customer wouldn't mean being handed a key to every locked room or safe that employees routinely are given access to, no?
        – rackandboneman
        Aug 30 at 7:18






      • 4




        This is speculation ... but plausible speculation.
        – Jay
        Aug 30 at 16:46






      • 3




        @Joe Very strange. I was IT for a convention center management organization and the network for the organization (which was located in the convention center) was completely separate from the networking available on the show floors - even with separate internet connections. On top of that, the only outside organization that got unfettered access to whatever they wanted was the US Secret Service.
        – Todd Wilcox
        Aug 31 at 16:49












      • 19




        I once managed to take down the Moscone Center (convention center in San Francisco) about 10 years ago because they didn't isolate their office network from the hard drops they'd set up for people. I asked why the hell they did that, and their excuse was that when Cisco and others were there, they needed full access. To the outside world, maybe ... but you secure your office network. (I was sending DHCP, and their machines were getting bad IP addresses)
        – Joe
        Aug 29 at 17:04






      • 5




        @ErinB: More to the point, the ability of the employees to access all the equipment on the internal network is infinitely more important than the customers' needs to do likewise, since the latter is zero.
        – supercat
        Aug 29 at 18:25






      • 13




        @ErinB being an important customer wouldn't mean being handed a key to every locked room or safe that employees routinely are given access to, no?
        – rackandboneman
        Aug 30 at 7:18






      • 4




        This is speculation ... but plausible speculation.
        – Jay
        Aug 30 at 16:46






      • 3




        @Joe Very strange. I was IT for a convention center management organization and the network for the organization (which was located in the convention center) was completely separate from the networking available on the show floors - even with separate internet connections. On top of that, the only outside organization that got unfettered access to whatever they wanted was the US Secret Service.
        – Todd Wilcox
        Aug 31 at 16:49







      19




      19




      I once managed to take down the Moscone Center (convention center in San Francisco) about 10 years ago because they didn't isolate their office network from the hard drops they'd set up for people. I asked why the hell they did that, and their excuse was that when Cisco and others were there, they needed full access. To the outside world, maybe ... but you secure your office network. (I was sending DHCP, and their machines were getting bad IP addresses)
      – Joe
      Aug 29 at 17:04




      I once managed to take down the Moscone Center (convention center in San Francisco) about 10 years ago because they didn't isolate their office network from the hard drops they'd set up for people. I asked why the hell they did that, and their excuse was that when Cisco and others were there, they needed full access. To the outside world, maybe ... but you secure your office network. (I was sending DHCP, and their machines were getting bad IP addresses)
      – Joe
      Aug 29 at 17:04




      5




      5




      @ErinB: More to the point, the ability of the employees to access all the equipment on the internal network is infinitely more important than the customers' needs to do likewise, since the latter is zero.
      – supercat
      Aug 29 at 18:25




      @ErinB: More to the point, the ability of the employees to access all the equipment on the internal network is infinitely more important than the customers' needs to do likewise, since the latter is zero.
      – supercat
      Aug 29 at 18:25




      13




      13




      @ErinB being an important customer wouldn't mean being handed a key to every locked room or safe that employees routinely are given access to, no?
      – rackandboneman
      Aug 30 at 7:18




      @ErinB being an important customer wouldn't mean being handed a key to every locked room or safe that employees routinely are given access to, no?
      – rackandboneman
      Aug 30 at 7:18




      4




      4




      This is speculation ... but plausible speculation.
      – Jay
      Aug 30 at 16:46




      This is speculation ... but plausible speculation.
      – Jay
      Aug 30 at 16:46




      3




      3




      @Joe Very strange. I was IT for a convention center management organization and the network for the organization (which was located in the convention center) was completely separate from the networking available on the show floors - even with separate internet connections. On top of that, the only outside organization that got unfettered access to whatever they wanted was the US Secret Service.
      – Todd Wilcox
      Aug 31 at 16:49




      @Joe Very strange. I was IT for a convention center management organization and the network for the organization (which was located in the convention center) was completely separate from the networking available on the show floors - even with separate internet connections. On top of that, the only outside organization that got unfettered access to whatever they wanted was the US Secret Service.
      – Todd Wilcox
      Aug 31 at 16:49












      up vote
      28
      down vote













      It really depends on how they have set up their network, so we can only speculate. But I can provide a similar anecdote.



      My local library has a wifi that you can log into using your library card. Several rooms have ethernet ports in the wall, but when I asked if I could plug in, I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers.



      It's common practice to keep separate networks for "trusted" machines that are using corporate-supplied anti-virus, etc, and a separate network for the public to use. I guess wifi vs ethernet is as good a way as any to split that.






      share|improve this answer
















      • 34




        "[...] I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers." <- ...That's... disconcerting; I hope they whitelist MACs?
        – redyoshi49q
        Aug 29 at 3:47






      • 12




        @redyoshi49q Doubt it. I assume whoever designed the networks assumed there would only be ethernet drops in the offices, not in public areas.
        – Mike Ounsworth
        Aug 29 at 4:12






      • 2




        @redyoshi49q Hopefully those ports are not connected on the patch panel.
        – Andrew Morton
        Aug 29 at 12:54






      • 11




        Out of curiosity -- did you ever try to plug into those spots in the rooms? They may only be "meant" for staff, but I'm intensely curious if there's any auth or security aside from "does or does not have Ethernet cable"....
        – RoboBear
        Aug 29 at 20:15






      • 15




        @RoboBear Yup, internet was waaayy faster than the wifi. Then a librarian told me not to. I guess I shouldn't tell you where I live ...
        – Mike Ounsworth
        Aug 29 at 21:16














      up vote
      28
      down vote













      It really depends on how they have set up their network, so we can only speculate. But I can provide a similar anecdote.



      My local library has a wifi that you can log into using your library card. Several rooms have ethernet ports in the wall, but when I asked if I could plug in, I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers.



      It's common practice to keep separate networks for "trusted" machines that are using corporate-supplied anti-virus, etc, and a separate network for the public to use. I guess wifi vs ethernet is as good a way as any to split that.






      share|improve this answer
















      • 34




        "[...] I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers." <- ...That's... disconcerting; I hope they whitelist MACs?
        – redyoshi49q
        Aug 29 at 3:47






      • 12




        @redyoshi49q Doubt it. I assume whoever designed the networks assumed there would only be ethernet drops in the offices, not in public areas.
        – Mike Ounsworth
        Aug 29 at 4:12






      • 2




        @redyoshi49q Hopefully those ports are not connected on the patch panel.
        – Andrew Morton
        Aug 29 at 12:54






      • 11




        Out of curiosity -- did you ever try to plug into those spots in the rooms? They may only be "meant" for staff, but I'm intensely curious if there's any auth or security aside from "does or does not have Ethernet cable"....
        – RoboBear
        Aug 29 at 20:15






      • 15




        @RoboBear Yup, internet was waaayy faster than the wifi. Then a librarian told me not to. I guess I shouldn't tell you where I live ...
        – Mike Ounsworth
        Aug 29 at 21:16












      up vote
      28
      down vote










      up vote
      28
      down vote









      It really depends on how they have set up their network, so we can only speculate. But I can provide a similar anecdote.



      My local library has a wifi that you can log into using your library card. Several rooms have ethernet ports in the wall, but when I asked if I could plug in, I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers.



      It's common practice to keep separate networks for "trusted" machines that are using corporate-supplied anti-virus, etc, and a separate network for the public to use. I guess wifi vs ethernet is as good a way as any to split that.






      share|improve this answer












      It really depends on how they have set up their network, so we can only speculate. But I can provide a similar anecdote.



      My local library has a wifi that you can log into using your library card. Several rooms have ethernet ports in the wall, but when I asked if I could plug in, I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers.



      It's common practice to keep separate networks for "trusted" machines that are using corporate-supplied anti-virus, etc, and a separate network for the public to use. I guess wifi vs ethernet is as good a way as any to split that.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Aug 28 at 18:39









      Mike Ounsworth

      36.2k1485128




      36.2k1485128







      • 34




        "[...] I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers." <- ...That's... disconcerting; I hope they whitelist MACs?
        – redyoshi49q
        Aug 29 at 3:47






      • 12




        @redyoshi49q Doubt it. I assume whoever designed the networks assumed there would only be ethernet drops in the offices, not in public areas.
        – Mike Ounsworth
        Aug 29 at 4:12






      • 2




        @redyoshi49q Hopefully those ports are not connected on the patch panel.
        – Andrew Morton
        Aug 29 at 12:54






      • 11




        Out of curiosity -- did you ever try to plug into those spots in the rooms? They may only be "meant" for staff, but I'm intensely curious if there's any auth or security aside from "does or does not have Ethernet cable"....
        – RoboBear
        Aug 29 at 20:15






      • 15




        @RoboBear Yup, internet was waaayy faster than the wifi. Then a librarian told me not to. I guess I shouldn't tell you where I live ...
        – Mike Ounsworth
        Aug 29 at 21:16












      • 34




        "[...] I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers." <- ...That's... disconcerting; I hope they whitelist MACs?
        – redyoshi49q
        Aug 29 at 3:47






      • 12




        @redyoshi49q Doubt it. I assume whoever designed the networks assumed there would only be ethernet drops in the offices, not in public areas.
        – Mike Ounsworth
        Aug 29 at 4:12






      • 2




        @redyoshi49q Hopefully those ports are not connected on the patch panel.
        – Andrew Morton
        Aug 29 at 12:54






      • 11




        Out of curiosity -- did you ever try to plug into those spots in the rooms? They may only be "meant" for staff, but I'm intensely curious if there's any auth or security aside from "does or does not have Ethernet cable"....
        – RoboBear
        Aug 29 at 20:15






      • 15




        @RoboBear Yup, internet was waaayy faster than the wifi. Then a librarian told me not to. I guess I shouldn't tell you where I live ...
        – Mike Ounsworth
        Aug 29 at 21:16







      34




      34




      "[...] I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers." <- ...That's... disconcerting; I hope they whitelist MACs?
      – redyoshi49q
      Aug 29 at 3:47




      "[...] I was told that the ethernet goes straight to the back-end network with access to the library's databases, printers, etc. Not intended for customers." <- ...That's... disconcerting; I hope they whitelist MACs?
      – redyoshi49q
      Aug 29 at 3:47




      12




      12




      @redyoshi49q Doubt it. I assume whoever designed the networks assumed there would only be ethernet drops in the offices, not in public areas.
      – Mike Ounsworth
      Aug 29 at 4:12




      @redyoshi49q Doubt it. I assume whoever designed the networks assumed there would only be ethernet drops in the offices, not in public areas.
      – Mike Ounsworth
      Aug 29 at 4:12




      2




      2




      @redyoshi49q Hopefully those ports are not connected on the patch panel.
      – Andrew Morton
      Aug 29 at 12:54




      @redyoshi49q Hopefully those ports are not connected on the patch panel.
      – Andrew Morton
      Aug 29 at 12:54




      11




      11




      Out of curiosity -- did you ever try to plug into those spots in the rooms? They may only be "meant" for staff, but I'm intensely curious if there's any auth or security aside from "does or does not have Ethernet cable"....
      – RoboBear
      Aug 29 at 20:15




      Out of curiosity -- did you ever try to plug into those spots in the rooms? They may only be "meant" for staff, but I'm intensely curious if there's any auth or security aside from "does or does not have Ethernet cable"....
      – RoboBear
      Aug 29 at 20:15




      15




      15




      @RoboBear Yup, internet was waaayy faster than the wifi. Then a librarian told me not to. I guess I shouldn't tell you where I live ...
      – Mike Ounsworth
      Aug 29 at 21:16




      @RoboBear Yup, internet was waaayy faster than the wifi. Then a librarian told me not to. I guess I shouldn't tell you where I live ...
      – Mike Ounsworth
      Aug 29 at 21:16










      up vote
      11
      down vote













      I'm going to come at this from a network-engineering point-of-view (full disclosure: CCNA / N+, I work on enterprise-level network systems which include complex topics that we'll discuss here, as well as having done network-engineering for a private university).



      Every network is different, and every network-device is different, but there are some commonalities:



      • Many enterprise-level devices (switches) offer some sort of "VLAN" ("Virtual-LAN"), for those unfamiliar, think of it as a way of saying that "This switchport is in LAN X, whereas this other switchport is in LAN Y.", this allows us to separate devices logically, so that you and I can be plugged into the same switch, but not even see each other through MAC targeting;

      • Many enterprise-level devices (switches) offer SNMP targeting / triggering / "trap"ping to switch ports between different VLAN's based on things like MAC-addresses and the like;

      Here's the thing about Ethernet / RJ-45 / 100M/1000M connections: we typically use lower-end devices for this, because we often "just" need a basic connection back to the router. Often they're less advanced, and don't offer good-quality features of the above. (You'll typically find "VLAN" segregation on just about every switch now-a-days, but the SNMP triggering and targeting is substantially more difficult to find for a good price-point.)



      When I worked for the University we used a software that would look at a switchport and the MAC-address (a unique hardware-identifier for your Ethernet port) which would decide what "VLAN" you were on: Guest, Staff, Faculty, Student, Lab, etc. This was extraordinarily expensive, both in licensing and implementation. While there are good, free tools out there to do this, it's still difficult to setup, and may not be worth it depending on what the goals of the company are. (This software is notoriously unreliable.) Another problem is that, with sufficient work, a MAC Address can be spoofed, which makes it about as secure as using someone's full name.



      So, we have to make a decision, support hard-wired connections that may be unstable, insecure, and leak access to privileged resources, or not?



      No network is perfectly secure, even if we have all the resources on the "protected" network locked down, there's still a risk of connection a foreign device to the network. Therefore, we often make decisions like "any BYOD connects to this wireless network." We can turn the wireless network into a "Guest"/"Secured" network, via different SSID's and authentication mechanisms. This means we can have both the guests and employees connected to one wireless access point. Infrastructure cost is lower, and we get the same security benefit.



      Like this other answers, this is conjecture or speculation, but from my (professional) experience this would be the likely explanation. The infrastructure cost to support hard-wired connections was too high to be justified. (And since almost all devices people use have wireless capability these days, it's tough to justify.) Considering even Apple is dropping Ethernet ports off the MacBook Pro by default, we get into a "is it even worth it?" situation.




      TL;DR;: Ethernet is too expensive to do across the board and secure properly, whereas Wireless is becoming much more commonplace, secure and easier to distribute access for.






      share|improve this answer


















      • 2




        @ErinB Well, you have to ask yourself: how do you know the Wifi speeds are poor? If you're asking about streaming videos and such, how many other people on the Wifi do you think are streaming videos? Typically, in these environments, we use multi-channel roaming access-points, which means that we can load balance them, but it just may be that the Wifi/internet connections are being taxed by the number of users. (All speculation / hypothetical, but offers another explanation.)
        – 202_accepted
        Aug 29 at 14:46






      • 1




        And it makes sense that this would be the case, but then, wouldn't you expect this as any IT department worth its salt? If your customers are unable to do the one thing they are attending your company for, that seems like a largely negative impact to business. Providing accommodations (like say, Ethernet connections) would be a suitable measure in this instance.
        – Erin B
        Aug 29 at 14:51







      • 2




        @ErinB Aha, you've gotten into the "what trade-offs do we make". I've been on the Business side of it as well (I'm typically the bridge between Network / Software Engineering and business), and we always get a "well nevermind, we don't want to do that because ", where '' is almost always $$$. Running Ethernet is expensive, securing it is expensive, do we value the benefits from those expenses? Sure, but is there enough value in it? More Ethernet = more hardware, more maintenance, a lifetime of it.
        – 202_accepted
        Aug 29 at 14:53






      • 2




        @ErinB I just realized that comment formatted weird, replace because ", where '' is with because <x>", where <x> is.
        – 202_accepted
        Aug 29 at 14:59






      • 1




        I'm no CCNE, but I'd have imagined that all the ports in the dorm rooms would be connected to a switch which was on the guest VLAN. Why would guest bedrooms need anything else? Therefore, no need of VLAN switching or even MAC registrations - you plug in there, you're in the guest network (no exceptions). In the case where there's a CCTV camera or something, then that specific port could be assigned a VLAN (or put onto the VLAN-switching technology). However, as noted, wiring up the rooms is more expensive than throwing in a wireless AP.
        – Ralph Bolton
        Aug 31 at 10:56














      up vote
      11
      down vote













      I'm going to come at this from a network-engineering point-of-view (full disclosure: CCNA / N+, I work on enterprise-level network systems which include complex topics that we'll discuss here, as well as having done network-engineering for a private university).



      Every network is different, and every network-device is different, but there are some commonalities:



      • Many enterprise-level devices (switches) offer some sort of "VLAN" ("Virtual-LAN"), for those unfamiliar, think of it as a way of saying that "This switchport is in LAN X, whereas this other switchport is in LAN Y.", this allows us to separate devices logically, so that you and I can be plugged into the same switch, but not even see each other through MAC targeting;

      • Many enterprise-level devices (switches) offer SNMP targeting / triggering / "trap"ping to switch ports between different VLAN's based on things like MAC-addresses and the like;

      Here's the thing about Ethernet / RJ-45 / 100M/1000M connections: we typically use lower-end devices for this, because we often "just" need a basic connection back to the router. Often they're less advanced, and don't offer good-quality features of the above. (You'll typically find "VLAN" segregation on just about every switch now-a-days, but the SNMP triggering and targeting is substantially more difficult to find for a good price-point.)



      When I worked for the University we used a software that would look at a switchport and the MAC-address (a unique hardware-identifier for your Ethernet port) which would decide what "VLAN" you were on: Guest, Staff, Faculty, Student, Lab, etc. This was extraordinarily expensive, both in licensing and implementation. While there are good, free tools out there to do this, it's still difficult to setup, and may not be worth it depending on what the goals of the company are. (This software is notoriously unreliable.) Another problem is that, with sufficient work, a MAC Address can be spoofed, which makes it about as secure as using someone's full name.



      So, we have to make a decision, support hard-wired connections that may be unstable, insecure, and leak access to privileged resources, or not?



      No network is perfectly secure, even if we have all the resources on the "protected" network locked down, there's still a risk of connection a foreign device to the network. Therefore, we often make decisions like "any BYOD connects to this wireless network." We can turn the wireless network into a "Guest"/"Secured" network, via different SSID's and authentication mechanisms. This means we can have both the guests and employees connected to one wireless access point. Infrastructure cost is lower, and we get the same security benefit.



      Like this other answers, this is conjecture or speculation, but from my (professional) experience this would be the likely explanation. The infrastructure cost to support hard-wired connections was too high to be justified. (And since almost all devices people use have wireless capability these days, it's tough to justify.) Considering even Apple is dropping Ethernet ports off the MacBook Pro by default, we get into a "is it even worth it?" situation.




      TL;DR;: Ethernet is too expensive to do across the board and secure properly, whereas Wireless is becoming much more commonplace, secure and easier to distribute access for.






      share|improve this answer


















      • 2




        @ErinB Well, you have to ask yourself: how do you know the Wifi speeds are poor? If you're asking about streaming videos and such, how many other people on the Wifi do you think are streaming videos? Typically, in these environments, we use multi-channel roaming access-points, which means that we can load balance them, but it just may be that the Wifi/internet connections are being taxed by the number of users. (All speculation / hypothetical, but offers another explanation.)
        – 202_accepted
        Aug 29 at 14:46






      • 1




        And it makes sense that this would be the case, but then, wouldn't you expect this as any IT department worth its salt? If your customers are unable to do the one thing they are attending your company for, that seems like a largely negative impact to business. Providing accommodations (like say, Ethernet connections) would be a suitable measure in this instance.
        – Erin B
        Aug 29 at 14:51







      • 2




        @ErinB Aha, you've gotten into the "what trade-offs do we make". I've been on the Business side of it as well (I'm typically the bridge between Network / Software Engineering and business), and we always get a "well nevermind, we don't want to do that because ", where '' is almost always $$$. Running Ethernet is expensive, securing it is expensive, do we value the benefits from those expenses? Sure, but is there enough value in it? More Ethernet = more hardware, more maintenance, a lifetime of it.
        – 202_accepted
        Aug 29 at 14:53






      • 2




        @ErinB I just realized that comment formatted weird, replace because ", where '' is with because <x>", where <x> is.
        – 202_accepted
        Aug 29 at 14:59






      • 1




        I'm no CCNE, but I'd have imagined that all the ports in the dorm rooms would be connected to a switch which was on the guest VLAN. Why would guest bedrooms need anything else? Therefore, no need of VLAN switching or even MAC registrations - you plug in there, you're in the guest network (no exceptions). In the case where there's a CCTV camera or something, then that specific port could be assigned a VLAN (or put onto the VLAN-switching technology). However, as noted, wiring up the rooms is more expensive than throwing in a wireless AP.
        – Ralph Bolton
        Aug 31 at 10:56












      up vote
      11
      down vote










      up vote
      11
      down vote









      I'm going to come at this from a network-engineering point-of-view (full disclosure: CCNA / N+, I work on enterprise-level network systems which include complex topics that we'll discuss here, as well as having done network-engineering for a private university).



      Every network is different, and every network-device is different, but there are some commonalities:



      • Many enterprise-level devices (switches) offer some sort of "VLAN" ("Virtual-LAN"), for those unfamiliar, think of it as a way of saying that "This switchport is in LAN X, whereas this other switchport is in LAN Y.", this allows us to separate devices logically, so that you and I can be plugged into the same switch, but not even see each other through MAC targeting;

      • Many enterprise-level devices (switches) offer SNMP targeting / triggering / "trap"ping to switch ports between different VLAN's based on things like MAC-addresses and the like;

      Here's the thing about Ethernet / RJ-45 / 100M/1000M connections: we typically use lower-end devices for this, because we often "just" need a basic connection back to the router. Often they're less advanced, and don't offer good-quality features of the above. (You'll typically find "VLAN" segregation on just about every switch now-a-days, but the SNMP triggering and targeting is substantially more difficult to find for a good price-point.)



      When I worked for the University we used a software that would look at a switchport and the MAC-address (a unique hardware-identifier for your Ethernet port) which would decide what "VLAN" you were on: Guest, Staff, Faculty, Student, Lab, etc. This was extraordinarily expensive, both in licensing and implementation. While there are good, free tools out there to do this, it's still difficult to setup, and may not be worth it depending on what the goals of the company are. (This software is notoriously unreliable.) Another problem is that, with sufficient work, a MAC Address can be spoofed, which makes it about as secure as using someone's full name.



      So, we have to make a decision, support hard-wired connections that may be unstable, insecure, and leak access to privileged resources, or not?



      No network is perfectly secure, even if we have all the resources on the "protected" network locked down, there's still a risk of connection a foreign device to the network. Therefore, we often make decisions like "any BYOD connects to this wireless network." We can turn the wireless network into a "Guest"/"Secured" network, via different SSID's and authentication mechanisms. This means we can have both the guests and employees connected to one wireless access point. Infrastructure cost is lower, and we get the same security benefit.



      Like this other answers, this is conjecture or speculation, but from my (professional) experience this would be the likely explanation. The infrastructure cost to support hard-wired connections was too high to be justified. (And since almost all devices people use have wireless capability these days, it's tough to justify.) Considering even Apple is dropping Ethernet ports off the MacBook Pro by default, we get into a "is it even worth it?" situation.




      TL;DR;: Ethernet is too expensive to do across the board and secure properly, whereas Wireless is becoming much more commonplace, secure and easier to distribute access for.






      share|improve this answer














      I'm going to come at this from a network-engineering point-of-view (full disclosure: CCNA / N+, I work on enterprise-level network systems which include complex topics that we'll discuss here, as well as having done network-engineering for a private university).



      Every network is different, and every network-device is different, but there are some commonalities:



      • Many enterprise-level devices (switches) offer some sort of "VLAN" ("Virtual-LAN"), for those unfamiliar, think of it as a way of saying that "This switchport is in LAN X, whereas this other switchport is in LAN Y.", this allows us to separate devices logically, so that you and I can be plugged into the same switch, but not even see each other through MAC targeting;

      • Many enterprise-level devices (switches) offer SNMP targeting / triggering / "trap"ping to switch ports between different VLAN's based on things like MAC-addresses and the like;

      Here's the thing about Ethernet / RJ-45 / 100M/1000M connections: we typically use lower-end devices for this, because we often "just" need a basic connection back to the router. Often they're less advanced, and don't offer good-quality features of the above. (You'll typically find "VLAN" segregation on just about every switch now-a-days, but the SNMP triggering and targeting is substantially more difficult to find for a good price-point.)



      When I worked for the University we used a software that would look at a switchport and the MAC-address (a unique hardware-identifier for your Ethernet port) which would decide what "VLAN" you were on: Guest, Staff, Faculty, Student, Lab, etc. This was extraordinarily expensive, both in licensing and implementation. While there are good, free tools out there to do this, it's still difficult to setup, and may not be worth it depending on what the goals of the company are. (This software is notoriously unreliable.) Another problem is that, with sufficient work, a MAC Address can be spoofed, which makes it about as secure as using someone's full name.



      So, we have to make a decision, support hard-wired connections that may be unstable, insecure, and leak access to privileged resources, or not?



      No network is perfectly secure, even if we have all the resources on the "protected" network locked down, there's still a risk of connection a foreign device to the network. Therefore, we often make decisions like "any BYOD connects to this wireless network." We can turn the wireless network into a "Guest"/"Secured" network, via different SSID's and authentication mechanisms. This means we can have both the guests and employees connected to one wireless access point. Infrastructure cost is lower, and we get the same security benefit.



      Like this other answers, this is conjecture or speculation, but from my (professional) experience this would be the likely explanation. The infrastructure cost to support hard-wired connections was too high to be justified. (And since almost all devices people use have wireless capability these days, it's tough to justify.) Considering even Apple is dropping Ethernet ports off the MacBook Pro by default, we get into a "is it even worth it?" situation.




      TL;DR;: Ethernet is too expensive to do across the board and secure properly, whereas Wireless is becoming much more commonplace, secure and easier to distribute access for.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Aug 29 at 17:54









      Michael Kjörling

      6,20612241




      6,20612241










      answered Aug 29 at 14:33









      202_accepted

      363311




      363311







      • 2




        @ErinB Well, you have to ask yourself: how do you know the Wifi speeds are poor? If you're asking about streaming videos and such, how many other people on the Wifi do you think are streaming videos? Typically, in these environments, we use multi-channel roaming access-points, which means that we can load balance them, but it just may be that the Wifi/internet connections are being taxed by the number of users. (All speculation / hypothetical, but offers another explanation.)
        – 202_accepted
        Aug 29 at 14:46






      • 1




        And it makes sense that this would be the case, but then, wouldn't you expect this as any IT department worth its salt? If your customers are unable to do the one thing they are attending your company for, that seems like a largely negative impact to business. Providing accommodations (like say, Ethernet connections) would be a suitable measure in this instance.
        – Erin B
        Aug 29 at 14:51







      • 2




        @ErinB Aha, you've gotten into the "what trade-offs do we make". I've been on the Business side of it as well (I'm typically the bridge between Network / Software Engineering and business), and we always get a "well nevermind, we don't want to do that because ", where '' is almost always $$$. Running Ethernet is expensive, securing it is expensive, do we value the benefits from those expenses? Sure, but is there enough value in it? More Ethernet = more hardware, more maintenance, a lifetime of it.
        – 202_accepted
        Aug 29 at 14:53






      • 2




        @ErinB I just realized that comment formatted weird, replace because ", where '' is with because <x>", where <x> is.
        – 202_accepted
        Aug 29 at 14:59






      • 1




        I'm no CCNE, but I'd have imagined that all the ports in the dorm rooms would be connected to a switch which was on the guest VLAN. Why would guest bedrooms need anything else? Therefore, no need of VLAN switching or even MAC registrations - you plug in there, you're in the guest network (no exceptions). In the case where there's a CCTV camera or something, then that specific port could be assigned a VLAN (or put onto the VLAN-switching technology). However, as noted, wiring up the rooms is more expensive than throwing in a wireless AP.
        – Ralph Bolton
        Aug 31 at 10:56












      • 2




        @ErinB Well, you have to ask yourself: how do you know the Wifi speeds are poor? If you're asking about streaming videos and such, how many other people on the Wifi do you think are streaming videos? Typically, in these environments, we use multi-channel roaming access-points, which means that we can load balance them, but it just may be that the Wifi/internet connections are being taxed by the number of users. (All speculation / hypothetical, but offers another explanation.)
        – 202_accepted
        Aug 29 at 14:46






      • 1




        And it makes sense that this would be the case, but then, wouldn't you expect this as any IT department worth its salt? If your customers are unable to do the one thing they are attending your company for, that seems like a largely negative impact to business. Providing accommodations (like say, Ethernet connections) would be a suitable measure in this instance.
        – Erin B
        Aug 29 at 14:51







      • 2




        @ErinB Aha, you've gotten into the "what trade-offs do we make". I've been on the Business side of it as well (I'm typically the bridge between Network / Software Engineering and business), and we always get a "well nevermind, we don't want to do that because ", where '' is almost always $$$. Running Ethernet is expensive, securing it is expensive, do we value the benefits from those expenses? Sure, but is there enough value in it? More Ethernet = more hardware, more maintenance, a lifetime of it.
        – 202_accepted
        Aug 29 at 14:53






      • 2




        @ErinB I just realized that comment formatted weird, replace because ", where '' is with because <x>", where <x> is.
        – 202_accepted
        Aug 29 at 14:59






      • 1




        I'm no CCNE, but I'd have imagined that all the ports in the dorm rooms would be connected to a switch which was on the guest VLAN. Why would guest bedrooms need anything else? Therefore, no need of VLAN switching or even MAC registrations - you plug in there, you're in the guest network (no exceptions). In the case where there's a CCTV camera or something, then that specific port could be assigned a VLAN (or put onto the VLAN-switching technology). However, as noted, wiring up the rooms is more expensive than throwing in a wireless AP.
        – Ralph Bolton
        Aug 31 at 10:56







      2




      2




      @ErinB Well, you have to ask yourself: how do you know the Wifi speeds are poor? If you're asking about streaming videos and such, how many other people on the Wifi do you think are streaming videos? Typically, in these environments, we use multi-channel roaming access-points, which means that we can load balance them, but it just may be that the Wifi/internet connections are being taxed by the number of users. (All speculation / hypothetical, but offers another explanation.)
      – 202_accepted
      Aug 29 at 14:46




      @ErinB Well, you have to ask yourself: how do you know the Wifi speeds are poor? If you're asking about streaming videos and such, how many other people on the Wifi do you think are streaming videos? Typically, in these environments, we use multi-channel roaming access-points, which means that we can load balance them, but it just may be that the Wifi/internet connections are being taxed by the number of users. (All speculation / hypothetical, but offers another explanation.)
      – 202_accepted
      Aug 29 at 14:46




      1




      1




      And it makes sense that this would be the case, but then, wouldn't you expect this as any IT department worth its salt? If your customers are unable to do the one thing they are attending your company for, that seems like a largely negative impact to business. Providing accommodations (like say, Ethernet connections) would be a suitable measure in this instance.
      – Erin B
      Aug 29 at 14:51





      And it makes sense that this would be the case, but then, wouldn't you expect this as any IT department worth its salt? If your customers are unable to do the one thing they are attending your company for, that seems like a largely negative impact to business. Providing accommodations (like say, Ethernet connections) would be a suitable measure in this instance.
      – Erin B
      Aug 29 at 14:51





      2




      2




      @ErinB Aha, you've gotten into the "what trade-offs do we make". I've been on the Business side of it as well (I'm typically the bridge between Network / Software Engineering and business), and we always get a "well nevermind, we don't want to do that because ", where '' is almost always $$$. Running Ethernet is expensive, securing it is expensive, do we value the benefits from those expenses? Sure, but is there enough value in it? More Ethernet = more hardware, more maintenance, a lifetime of it.
      – 202_accepted
      Aug 29 at 14:53




      @ErinB Aha, you've gotten into the "what trade-offs do we make". I've been on the Business side of it as well (I'm typically the bridge between Network / Software Engineering and business), and we always get a "well nevermind, we don't want to do that because ", where '' is almost always $$$. Running Ethernet is expensive, securing it is expensive, do we value the benefits from those expenses? Sure, but is there enough value in it? More Ethernet = more hardware, more maintenance, a lifetime of it.
      – 202_accepted
      Aug 29 at 14:53




      2




      2




      @ErinB I just realized that comment formatted weird, replace because ", where '' is with because <x>", where <x> is.
      – 202_accepted
      Aug 29 at 14:59




      @ErinB I just realized that comment formatted weird, replace because ", where '' is with because <x>", where <x> is.
      – 202_accepted
      Aug 29 at 14:59




      1




      1




      I'm no CCNE, but I'd have imagined that all the ports in the dorm rooms would be connected to a switch which was on the guest VLAN. Why would guest bedrooms need anything else? Therefore, no need of VLAN switching or even MAC registrations - you plug in there, you're in the guest network (no exceptions). In the case where there's a CCTV camera or something, then that specific port could be assigned a VLAN (or put onto the VLAN-switching technology). However, as noted, wiring up the rooms is more expensive than throwing in a wireless AP.
      – Ralph Bolton
      Aug 31 at 10:56




      I'm no CCNE, but I'd have imagined that all the ports in the dorm rooms would be connected to a switch which was on the guest VLAN. Why would guest bedrooms need anything else? Therefore, no need of VLAN switching or even MAC registrations - you plug in there, you're in the guest network (no exceptions). In the case where there's a CCTV camera or something, then that specific port could be assigned a VLAN (or put onto the VLAN-switching technology). However, as noted, wiring up the rooms is more expensive than throwing in a wireless AP.
      – Ralph Bolton
      Aug 31 at 10:56










      up vote
      9
      down vote













      Looks like this is solved, but I wanted to inject discussion of "Wireless AP Isolation" which is a one-button click on most vendors' small-to-mid scale deployments such as small schools and hotels.



      I could easily see a "summer camp" relying on AP isolation, rather than hardware network segmentation to keep out "viruses and stuff."



      What I don't know is whether this is actually a good defense, or whether this is easily broken out of.






      share|improve this answer




















      • Meraki has network isolation on by default. It's actually quite nice because it protects users from each other. It's nice until you try to create a print share or some other shared resource then they hit you up for an upgrade.
        – jorfus
        Aug 30 at 0:25














      up vote
      9
      down vote













      Looks like this is solved, but I wanted to inject discussion of "Wireless AP Isolation" which is a one-button click on most vendors' small-to-mid scale deployments such as small schools and hotels.



      I could easily see a "summer camp" relying on AP isolation, rather than hardware network segmentation to keep out "viruses and stuff."



      What I don't know is whether this is actually a good defense, or whether this is easily broken out of.






      share|improve this answer




















      • Meraki has network isolation on by default. It's actually quite nice because it protects users from each other. It's nice until you try to create a print share or some other shared resource then they hit you up for an upgrade.
        – jorfus
        Aug 30 at 0:25












      up vote
      9
      down vote










      up vote
      9
      down vote









      Looks like this is solved, but I wanted to inject discussion of "Wireless AP Isolation" which is a one-button click on most vendors' small-to-mid scale deployments such as small schools and hotels.



      I could easily see a "summer camp" relying on AP isolation, rather than hardware network segmentation to keep out "viruses and stuff."



      What I don't know is whether this is actually a good defense, or whether this is easily broken out of.






      share|improve this answer












      Looks like this is solved, but I wanted to inject discussion of "Wireless AP Isolation" which is a one-button click on most vendors' small-to-mid scale deployments such as small schools and hotels.



      I could easily see a "summer camp" relying on AP isolation, rather than hardware network segmentation to keep out "viruses and stuff."



      What I don't know is whether this is actually a good defense, or whether this is easily broken out of.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Aug 29 at 14:07









      dnavinci

      911




      911











      • Meraki has network isolation on by default. It's actually quite nice because it protects users from each other. It's nice until you try to create a print share or some other shared resource then they hit you up for an upgrade.
        – jorfus
        Aug 30 at 0:25
















      • Meraki has network isolation on by default. It's actually quite nice because it protects users from each other. It's nice until you try to create a print share or some other shared resource then they hit you up for an upgrade.
        – jorfus
        Aug 30 at 0:25















      Meraki has network isolation on by default. It's actually quite nice because it protects users from each other. It's nice until you try to create a print share or some other shared resource then they hit you up for an upgrade.
      – jorfus
      Aug 30 at 0:25




      Meraki has network isolation on by default. It's actually quite nice because it protects users from each other. It's nice until you try to create a print share or some other shared resource then they hit you up for an upgrade.
      – jorfus
      Aug 30 at 0:25










      up vote
      0
      down vote













      I suspect that the REAL answer is not any security concern about "viruses and stuff", but rather that it is too difficult and expensive to run ethernet cable to all the campers. Setting up a wifi router is pretty cheap and simple: you run one cable from the modem to the router, put it someplace where it gives a good signal throughout the desired area, and you're done. Stringing ethernet cable is a lot of work: you have to run a cable to every workstation. Depending on how pretty you want the results to be that can mean tearing out walls to string the cable.



      Wifi has the inherent security hole that anyone who can get within the signal range with a computer could conceivably hack into your network. I pick up signals from a dozen of my neighbors whenever I turn on my computer. With a wired-only network, they'd have to break into your building. I can't think of any reason why ethernet would be LESS secure than wifi, though I confess I am not a security expert.



      Several others have mentioned that they might have a wired network with greater access than the wifi network. Possible. The issue there is not really wire vs wifi, but that one network "coincidentally" has greater access than another, but it's certainly possible that that's what someone was thinking of when they answered the question.






      share|improve this answer
























        up vote
        0
        down vote













        I suspect that the REAL answer is not any security concern about "viruses and stuff", but rather that it is too difficult and expensive to run ethernet cable to all the campers. Setting up a wifi router is pretty cheap and simple: you run one cable from the modem to the router, put it someplace where it gives a good signal throughout the desired area, and you're done. Stringing ethernet cable is a lot of work: you have to run a cable to every workstation. Depending on how pretty you want the results to be that can mean tearing out walls to string the cable.



        Wifi has the inherent security hole that anyone who can get within the signal range with a computer could conceivably hack into your network. I pick up signals from a dozen of my neighbors whenever I turn on my computer. With a wired-only network, they'd have to break into your building. I can't think of any reason why ethernet would be LESS secure than wifi, though I confess I am not a security expert.



        Several others have mentioned that they might have a wired network with greater access than the wifi network. Possible. The issue there is not really wire vs wifi, but that one network "coincidentally" has greater access than another, but it's certainly possible that that's what someone was thinking of when they answered the question.






        share|improve this answer






















          up vote
          0
          down vote










          up vote
          0
          down vote









          I suspect that the REAL answer is not any security concern about "viruses and stuff", but rather that it is too difficult and expensive to run ethernet cable to all the campers. Setting up a wifi router is pretty cheap and simple: you run one cable from the modem to the router, put it someplace where it gives a good signal throughout the desired area, and you're done. Stringing ethernet cable is a lot of work: you have to run a cable to every workstation. Depending on how pretty you want the results to be that can mean tearing out walls to string the cable.



          Wifi has the inherent security hole that anyone who can get within the signal range with a computer could conceivably hack into your network. I pick up signals from a dozen of my neighbors whenever I turn on my computer. With a wired-only network, they'd have to break into your building. I can't think of any reason why ethernet would be LESS secure than wifi, though I confess I am not a security expert.



          Several others have mentioned that they might have a wired network with greater access than the wifi network. Possible. The issue there is not really wire vs wifi, but that one network "coincidentally" has greater access than another, but it's certainly possible that that's what someone was thinking of when they answered the question.






          share|improve this answer












          I suspect that the REAL answer is not any security concern about "viruses and stuff", but rather that it is too difficult and expensive to run ethernet cable to all the campers. Setting up a wifi router is pretty cheap and simple: you run one cable from the modem to the router, put it someplace where it gives a good signal throughout the desired area, and you're done. Stringing ethernet cable is a lot of work: you have to run a cable to every workstation. Depending on how pretty you want the results to be that can mean tearing out walls to string the cable.



          Wifi has the inherent security hole that anyone who can get within the signal range with a computer could conceivably hack into your network. I pick up signals from a dozen of my neighbors whenever I turn on my computer. With a wired-only network, they'd have to break into your building. I can't think of any reason why ethernet would be LESS secure than wifi, though I confess I am not a security expert.



          Several others have mentioned that they might have a wired network with greater access than the wifi network. Possible. The issue there is not really wire vs wifi, but that one network "coincidentally" has greater access than another, but it's certainly possible that that's what someone was thinking of when they answered the question.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Aug 30 at 16:54









          Jay

          83955




          83955




















              up vote
              0
              down vote













              If plugging in the physical cable is a bypass for the wireless connection password as other posters mentioned, then have a physical cable connect to a wireless router in a locked box just for that location. This way you have both the reliability and extensibility of a wired connection but the security (pending items below) of no-physical-access. You can thus also easily serve many other users within that more remote area.



              Of course wired connections have vulnerabilities such as physical (cable) interception and vulnerable routers/ hubs/ etc.






              share|improve this answer


























                up vote
                0
                down vote













                If plugging in the physical cable is a bypass for the wireless connection password as other posters mentioned, then have a physical cable connect to a wireless router in a locked box just for that location. This way you have both the reliability and extensibility of a wired connection but the security (pending items below) of no-physical-access. You can thus also easily serve many other users within that more remote area.



                Of course wired connections have vulnerabilities such as physical (cable) interception and vulnerable routers/ hubs/ etc.






                share|improve this answer
























                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  If plugging in the physical cable is a bypass for the wireless connection password as other posters mentioned, then have a physical cable connect to a wireless router in a locked box just for that location. This way you have both the reliability and extensibility of a wired connection but the security (pending items below) of no-physical-access. You can thus also easily serve many other users within that more remote area.



                  Of course wired connections have vulnerabilities such as physical (cable) interception and vulnerable routers/ hubs/ etc.






                  share|improve this answer














                  If plugging in the physical cable is a bypass for the wireless connection password as other posters mentioned, then have a physical cable connect to a wireless router in a locked box just for that location. This way you have both the reliability and extensibility of a wired connection but the security (pending items below) of no-physical-access. You can thus also easily serve many other users within that more remote area.



                  Of course wired connections have vulnerabilities such as physical (cable) interception and vulnerable routers/ hubs/ etc.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Sep 2 at 12:26









                  schroeder♦

                  65.3k25139176




                  65.3k25139176










                  answered Sep 2 at 8:08









                  SaltySub2

                  1012




                  1012




















                      up vote
                      -1
                      down vote













                      My immediate thought when I read the OP was PHYSICAL ACCESS. (The OP was looking for possible scenarios where copper (UTP cable) could be more of a security risk than WiFi...)



                      The first thing (well, one of the first things) you learn about IT security is that physical network devices need to be placed where they cannot be accessed by "just anyone."



                      The reason for this, generally, is because there are nasty things you can do to a device (like bring down the entire network) if you can "physically touch it." Things you cannot do over a remote connection.



                      Example: On a brand new Cisco device, you must physically connect to the device via a "console cable" to begin the basic configuration process. Basics like setting up remote access, setting passwords, etc. You can also just as easily wipe out the entire IOS image, delete the running-config, etc.



                      So, to reduce certain security risks, you put your devices behind locked doors and grant access to the devices only to those who need it.



                      So coming back to the OP's question, you could say that you'd need physical access to a device in order to plug in a patch cable, whereas you wouldn't need physical access to make a wireless connection.



                      In that most basic scenario, wireless connectivity would pose less of a security risk.




                      And yeah, yeah, yeah..., I know that most physical connections are made via wall jack and therefore you don't need direct access to the network device itself, but I'm providing a SIMPLE scenario which fulfills the OP's original question.






                      share|improve this answer






















                      • meta.stackexchange.com/questions/28005/…
                        – schroeder♦
                        Sep 5 at 23:22














                      up vote
                      -1
                      down vote













                      My immediate thought when I read the OP was PHYSICAL ACCESS. (The OP was looking for possible scenarios where copper (UTP cable) could be more of a security risk than WiFi...)



                      The first thing (well, one of the first things) you learn about IT security is that physical network devices need to be placed where they cannot be accessed by "just anyone."



                      The reason for this, generally, is because there are nasty things you can do to a device (like bring down the entire network) if you can "physically touch it." Things you cannot do over a remote connection.



                      Example: On a brand new Cisco device, you must physically connect to the device via a "console cable" to begin the basic configuration process. Basics like setting up remote access, setting passwords, etc. You can also just as easily wipe out the entire IOS image, delete the running-config, etc.



                      So, to reduce certain security risks, you put your devices behind locked doors and grant access to the devices only to those who need it.



                      So coming back to the OP's question, you could say that you'd need physical access to a device in order to plug in a patch cable, whereas you wouldn't need physical access to make a wireless connection.



                      In that most basic scenario, wireless connectivity would pose less of a security risk.




                      And yeah, yeah, yeah..., I know that most physical connections are made via wall jack and therefore you don't need direct access to the network device itself, but I'm providing a SIMPLE scenario which fulfills the OP's original question.






                      share|improve this answer






















                      • meta.stackexchange.com/questions/28005/…
                        – schroeder♦
                        Sep 5 at 23:22












                      up vote
                      -1
                      down vote










                      up vote
                      -1
                      down vote









                      My immediate thought when I read the OP was PHYSICAL ACCESS. (The OP was looking for possible scenarios where copper (UTP cable) could be more of a security risk than WiFi...)



                      The first thing (well, one of the first things) you learn about IT security is that physical network devices need to be placed where they cannot be accessed by "just anyone."



                      The reason for this, generally, is because there are nasty things you can do to a device (like bring down the entire network) if you can "physically touch it." Things you cannot do over a remote connection.



                      Example: On a brand new Cisco device, you must physically connect to the device via a "console cable" to begin the basic configuration process. Basics like setting up remote access, setting passwords, etc. You can also just as easily wipe out the entire IOS image, delete the running-config, etc.



                      So, to reduce certain security risks, you put your devices behind locked doors and grant access to the devices only to those who need it.



                      So coming back to the OP's question, you could say that you'd need physical access to a device in order to plug in a patch cable, whereas you wouldn't need physical access to make a wireless connection.



                      In that most basic scenario, wireless connectivity would pose less of a security risk.




                      And yeah, yeah, yeah..., I know that most physical connections are made via wall jack and therefore you don't need direct access to the network device itself, but I'm providing a SIMPLE scenario which fulfills the OP's original question.






                      share|improve this answer














                      My immediate thought when I read the OP was PHYSICAL ACCESS. (The OP was looking for possible scenarios where copper (UTP cable) could be more of a security risk than WiFi...)



                      The first thing (well, one of the first things) you learn about IT security is that physical network devices need to be placed where they cannot be accessed by "just anyone."



                      The reason for this, generally, is because there are nasty things you can do to a device (like bring down the entire network) if you can "physically touch it." Things you cannot do over a remote connection.



                      Example: On a brand new Cisco device, you must physically connect to the device via a "console cable" to begin the basic configuration process. Basics like setting up remote access, setting passwords, etc. You can also just as easily wipe out the entire IOS image, delete the running-config, etc.



                      So, to reduce certain security risks, you put your devices behind locked doors and grant access to the devices only to those who need it.



                      So coming back to the OP's question, you could say that you'd need physical access to a device in order to plug in a patch cable, whereas you wouldn't need physical access to make a wireless connection.



                      In that most basic scenario, wireless connectivity would pose less of a security risk.




                      And yeah, yeah, yeah..., I know that most physical connections are made via wall jack and therefore you don't need direct access to the network device itself, but I'm providing a SIMPLE scenario which fulfills the OP's original question.







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited Sep 5 at 23:23









                      schroeder♦

                      65.3k25139176




                      65.3k25139176










                      answered Sep 1 at 2:22









                      spam spam bacon spam

                      1




                      1











                      • meta.stackexchange.com/questions/28005/…
                        – schroeder♦
                        Sep 5 at 23:22
















                      • meta.stackexchange.com/questions/28005/…
                        – schroeder♦
                        Sep 5 at 23:22















                      meta.stackexchange.com/questions/28005/…
                      – schroeder♦
                      Sep 5 at 23:22




                      meta.stackexchange.com/questions/28005/…
                      – schroeder♦
                      Sep 5 at 23:22

















                       

                      draft saved


                      draft discarded















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f192521%2fcompany-claims-hardwire-connections-are-a-security-issue%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?