Wireless Home Network

Sorry for so many posts in a row. It's late and I tend to remember things I need to ask at the last moment right before I go to bed

So the school year is almost over now, and soon I will be returning home to work in my father's office for another 4 months. I don't mind, it brings in the money.

Anyway, I'll be bringing my own PC home, but now we have cable at my parent's house. So I have no other way to connect to the internet while I'm there. It's great that they got rid of their lousy modem (a 56K that only got them 28).

So my dad wants to set up a wireless network. Exactly how do we go about doing this? We've basically got one computer hooked up to a cable modem, and need to hook up another on a different floor, so wireless was the only thing we could think of. What do we do??

Let's see how many of your questions I can answer. :P


First, you'll need a WAP (Wireless Access Point). The one I'd recommend going with if you don't already have a hub or switch is the BEFW11S4 from Linksys. You could also go with a WAP11 if you're planning on using another switch, or hub and you don't need the DHCP. Although, for the extra few bucks i'd definitely say it's worth it. (Might want to read this post just for the extra info)

Second, you'll need a wireless card for the machine that will not be directly connected to the WAP. There are a lot of good cards out at the moment. The type of card to buy is the first thing you're going to have to consider. If you're going to be connecting it to a laptop, then a PCMCIA card like the Orinoco Gold, or the D-Link DWL-650 is what you need. If it's going to be connected to a desktop, then you've got a few choices: 1) a wireless PCI card like the WMP11, or the DWL-520, 2) a PCI adapter with a PC card, like a WDT11 and a WPC11, or 3) a wireless USB Adapter like the WUSB11. The easiest one to install of those is the wireless USB adapter (which, I forgot to mention, could also be used with a laptop).

I'm sure there's more information that others could give you, or you can find by searching the web, but that should give you a pretty good start and a good idea of what it's going to cost.

Hope that helps.....

Wow! Full of info tonight, aren't we?

Thanks! I'll run that past my dad and see what he would like to do.

No problem.

What about the D-Link Systems, Inc.
11Mbps Wireless LAN Access Point it's a bit more expensive but looks like it might be cool. I'm asking because I've messed with these at work but have no idea about other alternatives.

I guess my question is, would this be better? No better than the Linksys? Worse? Basically I've used these and it's extrememly simple to set up.... how would it compare in functionality to the linksys?

I can't see the back of the Dlink one, but it doesn't look like it has an external antenna like the linsys. The external antennas can be attached to high gain amplified antennas for increased reception range.

Wow.... actually found it Here for much less!

good post ricin.
Having seen the Linksys wireless router in action I can confirm that it will do what you need, and plenty more.
I personally use the non-wirelass version (in the days when we were tethered) and set up is easy as good clear instructions are included.

it does have a small external antenna... and provides a decent bit of range... it's very good about pulling DHCP and stability...

There's a good deal of information at http://www.practicallynetworked.com

I have an SMC 7004AWBR which has been great. It's a 3 port hub, router/firewall 802.11b and print server. I haven't been keeping up with things but I can vouch for this little unit. The only thing I do know is that there were some printer snafus with XP, but I haven't got XP anyplace so I don't know the details.

-Zeke

You can actually just do NAT/ICS on that main computer if you're okay with leaving it on all the time that you need internet access upstairs. Putting in a wireless card will be cheaper than an access point.

- Trevor

I have used Cisco Aironet and Linksys wireless access points and while the Cisco Aironet is more configureable and a great product the Linksys works just fine and is more than adequate for home use. The Linksys BEFW11S4 is a good choice as a router for your cable modem or DSL service and serves as a wireless access point. The Cisco and Linksys wireless products use the same special TNC antenna connector. I would not purchase a unit without the capability of connecting an external antenna. Wireless coverage is often quoted for ideal conditions, that is free space. Walls, cabinets, furniture, and foilage can all make good coverage difficult to achieve in the basement, backyard or patio. Careful placement of the access point (near the center of your desired coverage area) and an external antenna can make a very big difference in signal strength to your wireless clients.

I have used Cisco Aironet, D-Link, Linksys and Orinoco Gold PCMCIA and PCI clints. I believe the Orinoco cards have an edge in performance. I have not had a compatibility problem in mixing equipment from these manufacturers.

Go with 128 bit encryption security as opposed to 64 bit or 40 bit. It is not perfect but it is better than nothing. The main thing is to actually setup and use the security offered in these products. I have a feeling most systems, particularly in homes, are left wide open.

Michael

PS--While I have not used SMC wireless gear I have heard good reports about it. I have used inexpensive SMC routers and switches with good results and reliability.

>>Go with 128 bit encryption security as opposed to 64 bit or 40 bit. It is not perfect but it is better than nothing

Actually, 128 bit WEP encryption is exactly as secure (from an attacker's viewpoint) as 40 bit, as a brute force attack is actually unnecessary to get access. If RC4 was a good algorithm then this wouldn't be the case, but the current attacks against WEP all go for the weak keys.

Current recommended practice from a few reputable security specialists is to disable WEP altogether (as it leaks information) and use IPSec (preferred) or one of the vendor specific solutions (PEAP, EAP, LEAP, Kerberos etc) along with MAC filtering and a firewall.

Of course it all depends on the security classification of your data, and how concerned you are with letting attackers onto your network.

Am I right in thinking that if traffic is very low on my wireless LAN that it serves as sort of a partial security measure against WEP attacks ? The reason I ask is that the attacks seem to require collecting millions of packets and my wireless LAN tends to only send 100,000 or so a day. Does this mean than an attacker would have to hang around for weeks sniffing traffic to attack ? Or can the attacker convince other devices on the network to transmit data to up the number of packets ?

Hi Andy,

Yes, the attacks rely on grabbing enough weak keys. In general, it is a purely passive attack so if you have low traffic on your LAN it will take ages. I have seen corporate WLAN's where it took a couple of days. Most attackers will see the acquisition speed and give up, unless they reckon you are a very worthwhile target.

In general, I guess it depends on how paranoid you are. I tend to err on the very paranoid when setting security standards for my clients, because then they can lower the level of security if they want but they have some understanding of where they could go to if circumstances require it.

Yes, the attacks rely on grabbing enough weak keys. In general, it is a purely passive attack so if you have low traffic on your LAN it will take ages. I have seen corporate WLAN's where it took a couple of days. Most attackers will see the acquisition speed and give up, unless they reckon you are a very worthwhile target.

Great, that means I have a little time to sort things out.

In general, I guess it depends on how paranoid you are. I tend to err on the very paranoid when setting security standards for my clients, because then they can lower the level of security if they want but they have some understanding of where they could go to if circumstances require it.

Agreed. I will secure my WLAN when I get time, but it is complicated by the way I have it set up. My LAN is a mixture of Linux, Win2k Pro and Win2k server. My WLAN has three devices on it: a Win2k Pro desktop with a PCI card in it (which is also connected to my main Ethernet segment), a Win2k Pro laptop with a PC card and a Netgear AP (which my Rio Receiver is plugged into). There are some other machines, including my Win2k Server plugged into the main Ethernet segment.

Ideally I would:

- start using IPSEC on the laptop and the other Win2k boxes
- move the PCI WLAN card to the Linux box to make use of ipchains/iptables

However, I have never used IPSEC and it looks like it could be interesting to setup. I also don't fancy the prospect of getting the PCI card WLAN adapter to work in the Linux box (because it is one of those PCCARD adapter things, which means getting all the Linux PCMCIA stuff working, yuck).

I should really also get IPSEC working on the Linux box I guess as well, seeing as the laptop currently uses POP3 to get mail from it sometimes...

If only they could have got WEP right...

There is a lot of work being done to 'fix' WEP - Cisco's LEAP is pretty good (and considerably easier to implement than IPSec) but their kit is always expensive. Symbol now use Kerberos. The main players use EAP which allows for a reasonable security level for a home network - dynamic key allocation helps, although it still relies on RC4.

The 802.1x standard looks good, and most of the vendors are buying in to it, preparing their firmware for upgrading as and when it happens.

Thats sounds good. I have three different bits of WLAN kit from three different manufacturers, so just getting 128bit WEP up and running was interesting. Any upgrade could be challenging...