Brendan’s Blog

There are many options and technologies to consider when planning a wireless network at your home. Products available today are much easier to use, and even less expensive, than in the past. I’ll describe a few factors that I consider to be the most important, and what I happen to use along with them. I will start with an overview of what is needed for a wireless network. A network consists of an Access Point and one or more wireless clients (e.g. Desktop and/or Laptop PC.) In the diagram below, the Access Point is physically connected to a router and modem for Internet connectivity. Frequently router and access point functionality is combined within one device. The modem (cable, DSL, or Satellite) is what connects your network to the rest of the world.

Wireless Compatibility

An international standards organization (IEEE) defines the 802.11 standards that most wireless vendors comply with. You must ensure each of your devices supports the same standards or they will not work together.

The wireless standards most commonly used in the US consumer market are as follows:

The newer protocols offer higher speed and range, but at increased cost. Some products use proprietary enhancements to the standard protocols which are only helpful if all of your equipment is from the same manufacturer. I use a “G” based network, though I may consider upgrading to “N” once I have computers that support it.

Security

Security mechanisms within the wireless network standards are used to both keep data private encryption, and keep unauthorized clients from connecting to your network. Three standards are common, with the newest standard (WPA2) offering the best protection. The WEP standard is very weak, as a malicious user can compromise a network protected only with WEP very quickly.

To provide the greatest protection you should implement the newest standard that all of your devices support. In addition to the access point, all of your wireless clients must support the encryption standard you use. If you have some older devices they may not all support the latest standards.

Home networks generally rely on a pre-shared key (PSK) to control access to an encrypted network. So in addition to specifying the use of WPA or WPA2, you will need to define a “key.” Anyone with this “key” will be able to access your network, and its data. The best keys are long, and not something a neighbor or acquaintance may be able to guess. I recommend one of two options here.

1. A long pass-phrase. A long passphrase is made up of several easy to remember words and/or numbers that would not be easy to guess. For example: “thethreelittlepigsbuilt3houses” Pick something long and unique to you.
2. A long random string. There are several password generation programs and web sites. You can try this one (at GRC) to generate a key such as “7BF9A06F64C3722F70E9173F1CC400C5E2B7″. Since this is more complicated, you will generally save the key electronically, and simply cut/paste it to type it in when needed.

MAC Filtering

Most access points support a feature called MAC filtering. Wireless network interfaces on client PCs are pre-programmed with a unique MAC address. With MAC filtering you tell your access point to ignore traffic from other wireless clients. This may seem like a security setting, but it is possible to bypass this protection by listening for traffic from your home and manually setting another network client to use the same MAC address. MAC filtering isn’t a bad thing, but it should only be used in concert with encryption.

Service Set Identifier (SSID)

When you configure an access point, you are prompted to enter an SSID. The SSID is your “station identifier” or name. This is not a password or a secret. Your access point typically broadcasts this value to advertise the presence of your wireless network. I recommend changing the default value to something else — you can decide if you want a name that lets your neighbors know whose network it is, or if you want to use a word/value that only you find meaningful.

My Network

I use a Linksys WRT54G as my router/firewall. The Linksys firewall is running 3rd party software called DD-WRT to provide enhanced features such as Quality of Service (QOS). I disabled the wireless features of the Linksys, and use a Netgear WPN824 as my wireless access point. I chose the Netgear because the MIMO feature greatly increased the range of my wireless network. Using only the Linksys, the wireless network reliably worked in only two rooms of my house. With the Netgear I can use my network anywhere in my house — I have even used ittwo houses away.