Setting up a Wireless Network this weekend

[bamacre]

This is how my network is set up now...

RoadRunner Work@Home Service coming in through a Zyxel Cable Modem/Router (has a real IP)
Connected to that I have a Linksys BEFSR41 (real ip)
And I have three PC's connected to the Linksys (all 192.168.something)

I purchased a Netgear WGR614 to replace the Linksys and three D-Link AirPlus G (DWL-G510) for the three PC's.

All three PC's will not be very far away from the router, all within two close rooms. The three PC's are running Windows 2000pro (2) and one running Server 2003.

First off, I am NOT a networking genius, in fact my original setup pretty much stretches my networking skills. One thing I am worried about is security, as I live in an apartment complex. I don't want people stealing my internet connection and getting access to my network. Will I be able to set a maximum number of connections to the Netgear router?

Anything else I need to be aware of?

 

[slyedog]

the easiest way to secure your wireless is mac address filtering. you will set it to deny access to everyone not on the mac list. encryption is overkill for a home network. also encryption will slow down your wireless connection. another thing to do is set static ip addresses on each machine and disable dhcp on the router. if you have any questions or problems email me at brian_lemoine@hotmail.com

 

[bamacre]

Thanks a lot for the info, and the offer for further help. Good idea on the mac filtering, I'll definitely look into that.

 

[Matt84]

With wireless networking security is a big issue, especially if you are in an apparment complex. Nearly all methods used to achieve security can be overcome if the intruder determined enough and for this reason MAC filtering on its own will not be sufficient.

Here is what i have done to acheive a near secure wireless network:

SSID Broadcasting Disabled / Change name
MAC Filtering to onlly allow from list and deny all others
WEP 256bit encryption
Signal Strength 25%

By disabling the SSID it means the average user will not be able to recognise that your network exists. If they use Netstumbler then they can still see it. Also change the name to something other than "default."

MAC filtering essentially only allows certain NICs to access the network but a MAC address can be faked so it isn't fool proof.

WEP encryption is known to have flaws but at 256bit, it will keep even a determined intruder busy for a while. Also change your WEP keys weekly and keep them random. Also WEP does not always effect performance. I use 256bit on my 802.11b+ 22mbit/s setup and often get around 8mbit/s with or without WEP enabled. I stream DVD quality video over my link from my computer room to the lounge enterntainment box with no trouble what so ever with WEP encryption enabled.

Signal Strength adjustment can really be handy when your in an appartment complex. Limit the stregnth to what you need and not any more. The only trade off is the weaker the signal, the slower the transfer rate. Set up all your wireless clients in the positions to where they are going the be most oftenly used and set the Signal strength to the lowest value. Then test all your clients for speed/reliability of the connection. Increase the strength until you reach that point of required speed/signal reliability. This will reduce the possibility of you broadcasting your network over the whole appartment block, and also not interfere with any other wireless networks in surrounding appartments that might be on the same channel.

 

[cmetz]

bamacre, use WPA-PSK for security. Go to Windows Update and install the WPA non-critical update if you haven't already, and then install KB826942 (search on MS's site). Now configure your wireless router for WPA-PSK and enter a long pre-shared key phrase, and on your PC. For a Windows how-to, use Google - you're looking to enable TKIP. I don't remember off the top of my head how to walk someone through it...

WPA-PSK fixes the most immediate flaws of WEP, but it's still very easy to use. Most if not all 802.11g equipment supports it.

 

[JoeCDaMan]

I aggree with SpeedKing. Currently I have my wireless network set to 128 bit encryption and although I am in a location where I am not worried about security, I have turned off DHCP and assigned my three PCs statically with MAC filtering on. I have not experienced any performance loses using the encryption.

On another note, with regards to signal strength: I live in a town home and it's only about 1400 sq/ft so I though for sure my wireless router would be able to span the entire house. Unfortunately not, I had two options either I move the router to a central location or I can get a different antenna something that is not omnidirectional. I ended up placing my router centrally and decreased the signal strength.

I was watching techtv and there was a website that gave a simple design to make a WAP shield that would direct the omnidirectional antenna to a more concentrated beam so that you can limit the area that your router is broadcasting. Unfortunately they have changed their website and I can no longer find the link. However if you want to try messing around on your own, the basic idea was a parabolic cone made simply out of construction paper and aluminum foil. Obviously there are better and more expensive ways to accomplish the same thing, but the signal strength did increase with the directed cone, so it might be worth a shot.

 

[bamacre]

Wow, thanks guys for all the recommendations. All of this will be very helpful, and now I'm glad I asked.

Hope you all have a great holiday weekend.

 

[Matt84]

Also JoeCDaMan mentioned Disabling the DHCP server. Well i don't do this because im lazy and want to let the router control all IPs. I do however limit the IP range available to the number of PCs on the network.

The router takes 192.168.0.1 and since i have at most 5 PCs utilizing my network i only allow the DHCP server to assign values between 192.168.0.2 and 192.168.0.6. This means that when all your computers are connected to the network, any intruders cannot use the DHCP server to get a valid IP address because they are all taken. You could go one step further (I don't use this myself) and configure the DHCP server to allocate IPs based on MAC addresses. Think of it as a DHCP assigned IP address that is only ever assigned to a certain NIC that never changes. (semi static) What this will do is if an intruder sniffs a valid MAC address from your network and trys to connect using it, they will be denied access because of an IP clash with real machine with that MAC address. Aslo your router will log this and you will be alerted to the presence of the intruder.