What are the advantages of a LAN vs. a WAN? The disadvantages?

Implicit in the naming convention, the selection of a LAN or WAN is driven by the location(s) of the people / equipment to be networked. If everyone is co-located, you're going to implement a L(ocal)AN. If you have a mix of people, co-located as well as separated, you may have to implement both, LAN and W(ide)AN, environments. Therefore, the question becomes one of what are the "implications" of selecting one or the other?

LANs are usually a network created by physically connecting the computers. As such, they are fairly secure and you can achieve a high degree of comfort that as long as outsiders do not have PHYSICAL access to your network (e.g., they can't gain access to any of the physical assets that comprise the LAN), then your information is safe.

Once you decide to connect, or LAN, users, then the fun begins: Connecting local users and equipment dictates that decisions, like which resources are to be shared, must be made. We are now moving from the physical to the logical aspects of creating a LANed environment.

Decisions like who gets access to which printers are usually easy. Data file sharing among the users takes more thought. Which data should be accessible to whom requires some real consideration -- do you really want everyone on the LAN to have access to accounting data? A corollary is, does everyone who needs access to (meaning, can read) a category of data, need the ability to modify (meaning, update or delete) that data? The answers to these types of questions drive the relative sophistication of your LAN implementation and will require becoming familiar with the terms "domain" and "workgroup".

While considering the "logical" configuration of the LAN, a BIG question is whether the users need access to the internet? If the answer is yes, then a new crop of questions must be addressed because internet connections are not a one way street. LANed users who need internet access should be required to use a "shared" route to the internet through a firewall that is accessible via their LAN . A properly configured and maintained firewall is essential to keeping trolls from accessing your LAN and stealing data, destroying data, depositing trojans, etc. The firewall is a piece of equipment and software that will be installed between the cable, DSL, etc. modem that gives your location access to the internet.

The firewall, while pivotal to protecting you from the scavengers who patrol the internet looking for unprotected computers, can only protect you so much since your LAN users may do things that are the internet equivalent of unsafe sex. Therefore, a good realtime anti-viral, anti-spyware intercept application should be licensed, installed and maintained (meaning, regularly -at least daily- updated) on each LANed PC. In other words, consider the firewall to be like the locks on your doors and windows; if someone sleeps with the windows open, the best window locks in the world aren't effective.

After these decisions have been made, the question of letting remote users, including LANed users who may be traveling, access the LANed resources is pertinent. This is where the concept of a W(ide)AN comes into play.

Any user who is at a separate location (from the LAN), and has access to the internet, can be allowed to access the LAN environment. In other words, remote employees can be enabled to connect into the LAN via the firewall: they will identify themselves to the firewall, and if successful, will be allowed to sign onto the LAN. Once signed on to the LAN, they can access whatever data or resources to which their "permissions" allow. The concept is that they "tunnel" into the LAN over the internet using a VPN (virtual private network).

The good news here is that you can create a "virtual" WAN using this technique without any more expense than has already been incurred since software that allows VPN tunnels to be created from a PC are part of current "professional" or business versions of Windows and Macintosh. Professional grade firewalls also should have the ability to turn on and vet inbound VPN traffic.

The only time that you'll really need to consider creating a "physical" WAN is when you have several distinct locations each with sufficient users to warrant a LAN in each location AND those individual LANs need to be interconnected on a relatively constant basis and/or high bandwidth connections are required.

Once you are LANed and WANed, an implication that frequently escapes end users is that most PC applications, especially Microsoft's, are NOT network aware. The implication of that fact is that "how" a user should access a file depends upon where that file resides. For example, suppose a user needs to work with a large excel spreadsheet that resides on the LAN as file "D:\biggie.xls". If the user is on the physical LAN, opening this file using Excel will take a little longer than if the file resided on the actual PC as "C:\biggie.xls". If the user is traveling and accesses the file over the VPN, the time delay before Excel opens the file by loading it across the WAN will be much, much longer. In this situation, the user would be productive much more quickly if s/he first copies the file from "D:" to "C:" and then opens it. If the user changes the file and wants to save it back to the D: drive, it should be saved to "C:" and then copied back to "D:"

This is a productivity and frustration reduction tip. You'd be surprised at how frequently employees "live" with this frustration because they don't know that there is a "better way". Yes, Microsoft and other software vendors could easily rectify this, but it would require them to change the way they address reading and writing data to make I/O more efficient in a networked environment.