simple wireless network
August 15, 2006 9:31 AM Subscribe
I need to set up a wireless network at home. Here are my parameters:
I have one business computer (the main desktop) that is plugged into the cable modem and has many firewalls and will not be on the wireless network.
I want to have a reasonably secure but easy to use wireless router (with good range) that will work for both pc's and mac's hooked up to the cable modem.
What is the best router to use and will I run into trouble with the desktop/firewalls? I've set up a network with an airport before and it was very easy. I'm looking for the same experience.
thanks!
if you've set up an Airport base station before, why not just use one of those? (or did you mean you've set up a network on a computer with an Airport card in it?) the Airport Extreme would be a good choice if you want to put the cash down for it - it's really easy to use. other than that, I'd second the WRT54G.
posted by mrg at 9:53 AM on August 15, 2006
posted by mrg at 9:53 AM on August 15, 2006
Will your ISP give you multiple addresses? If not, then you won't be able to keep the work computer on a separate network without doing some tricky things. You'll need to have a router that will work with multiple segments, or at a minimum, provide VLAN support.
posted by stovenator at 10:45 AM on August 15, 2006
posted by stovenator at 10:45 AM on August 15, 2006
Linksys are significantly easier to set up than Airports, IMHO.
posted by k8t at 10:51 AM on August 15, 2006
posted by k8t at 10:51 AM on August 15, 2006
Your idea of getting a router is right on; not only can you set up a wireless network to make connecting from your portables easier, but you can get that business desktop behind a hardware firewall. You never want to connect a machine directly to your broadband connection if you can avoid it. If you practice smart and safe computing, you might even be able to get rid of the "many firewalls" you claim to be using. They can slow your system significantly. One thing that a software firewall can do that a hardware one won't is alert you when your computer has been compromised and is trying to connect to other machines. But the goal here is to avoid getting hacked in the first place, right? If you decide to continue to use a software firewall, you should disable all but one of them. They can conflict with each other. But using both a hardware firewall and a software firewall is like using a belt with suspenders: it may not be necessary, but there's no harm in doing it.
I should add here that I'm assuming that you trust and maintain every computer that will be on your network. If there's a chance that a computer on your network might get infected with spyware or viruses (are the kids peer-to-peer file sharing on their computer?), or that you might allow a visitor to your home to connect with their own computer (bringing an infection onto your network), you might want to be a little more careful and run firewalls and anti-virus software on all of your computers. Both Apples and Windows machines have built in firewall software, and there are free anti-virus programs for both. Look into ClamWin and ClamXav here for virus protection. And make sure your keep your computers patched with the updates from Apple and Microsoft.
Most home wireless gateway routers will have one or more Ethernet ports where you can connect your business desktop. In this case, it will not be communicating wirelessly, but it will usually be on the same network segment as the wireless computers. This could be a problem if you don't trust the other people on your network, but for business applications, you really should be using encryption anyway. VPN to connect to your office's network, SSL/SSH for email connectivity. If encryption is used on the connections you make from the business desktop, you can feel comfortable having all your computers on the same network.
Other useful features to look out for when you're buying:
From Apple's Site:
"Administration of the AirPort Extreme Base Station requires an AirPort Extreme-enabled or AirPort-enabled computer with AirPort software version 3.1.1 or later running Mac OS X 10.1.5 (plus networking update) or Mac OS X 10.2.7 or later."
If you're always planning on owning a Mac, then this isn't anything to worry about, but for someone who's predominantly a Windows user, Apple's Airport isn't the best choice.
If you want to set up a network that all of your computers can configure and maintain, don't get an Apple router. Linksys, Netgear, D-Link...all of these companies make products that can be configured using a web browser on either a Mac or a Windows PC.
posted by wejones at 3:12 PM on August 15, 2006
I should add here that I'm assuming that you trust and maintain every computer that will be on your network. If there's a chance that a computer on your network might get infected with spyware or viruses (are the kids peer-to-peer file sharing on their computer?), or that you might allow a visitor to your home to connect with their own computer (bringing an infection onto your network), you might want to be a little more careful and run firewalls and anti-virus software on all of your computers. Both Apples and Windows machines have built in firewall software, and there are free anti-virus programs for both. Look into ClamWin and ClamXav here for virus protection. And make sure your keep your computers patched with the updates from Apple and Microsoft.
Most home wireless gateway routers will have one or more Ethernet ports where you can connect your business desktop. In this case, it will not be communicating wirelessly, but it will usually be on the same network segment as the wireless computers. This could be a problem if you don't trust the other people on your network, but for business applications, you really should be using encryption anyway. VPN to connect to your office's network, SSL/SSH for email connectivity. If encryption is used on the connections you make from the business desktop, you can feel comfortable having all your computers on the same network.
Other useful features to look out for when you're buying:
- A port for your printer. If you have a printer that supports network connectivity, you can use another of the spare ethernet ports on your router to make that printer accessible from all of your computers, wired or wirelesss. Some routers even have a built in USB port for printer sharing. (Airport Express and Extreme both have the USB port.)
- Support for WPA Encryption. To make sure that your wireless network is protected, you'll want to move past the basic WEP security to the WPA standard. Some online research should allow you to make sure that all of your computers have what they need to use this encryption type, and to make sure that the products you buy will allow you to use it. For some manufacturers, it might be supplied by a firmware upgrade. (The Apple Airport line supports WPA.)
- External Antennas. If you're really concerned about range, then you'll want to go with a router that has one or more external antennas, or that supports adding them later.
From Apple's Site:
"Administration of the AirPort Extreme Base Station requires an AirPort Extreme-enabled or AirPort-enabled computer with AirPort software version 3.1.1 or later running Mac OS X 10.1.5 (plus networking update) or Mac OS X 10.2.7 or later."
If you're always planning on owning a Mac, then this isn't anything to worry about, but for someone who's predominantly a Windows user, Apple's Airport isn't the best choice.
If you want to set up a network that all of your computers can configure and maintain, don't get an Apple router. Linksys, Netgear, D-Link...all of these companies make products that can be configured using a web browser on either a Mac or a Windows PC.
posted by wejones at 3:12 PM on August 15, 2006
You could get a wired router that has support for a DMZ. Plug the business PC into the router and get a wireless access point to plug into the DMZ port - there's your separate networks. Easy ? Not really, but it works.
posted by madderhatter at 5:52 PM on August 15, 2006
posted by madderhatter at 5:52 PM on August 15, 2006
Media Access Control [MAC] Filtering.
A simpler explanation of MAC addresses from About.com.
MAC address filtering is a handy and often unused way to keep bandwidth leechers off your network. In short, each computer has a MAC address, a "fingerprint" if you will. Identify that fingerprint and allow that computer to have access to the network. MAC addresses are universal - all computers have them. Even printers, Internet phones etc. Anything that has a network card, including wireless.
It is not as hard as it seems. For example, on the DLink and Belkin routers, the router software will identify the computer trying to gain access and allow you to "clone" the address for entry. As the addresses are hexadecimal, it is frustrating to be turning over boxes or running a config program to ID the MAC address. Not all routers have this feature. Unfortunately, some of the more popular routers (with better price/performance ratios) lack this feature. It is an easy way to increase security without a password scheme that most people forget anyway. Also, anytime an approved user wants access, it naturally forces you to examine who is on the "list", which is good as a standard security review method.
Other tips:
- Change the default password on your router: If you don't, then all your efforts are worthless. Just post the router you buy and quite a few people will already know the password until you change it.
- Rename your SSID: Name it something that has nothing to do with the hardware brand and nothing to do with the password.
- Disable remote router administration: Chances are that you will never find the need to access your router from a location outside the network.
- Learn how to default the router: Most, if not all, have a factory reset procedure. Find out what it is and practice it. In doing so, it will wipe out your settings, but you can gain access to the event you forget your password.
- The above being said, print some of the screens from your router config page(s): It will come in handy in the future. Passwords will just appear as asterisks (*).
There are a whole slew of other security procedures (ping blocking and the stuff above in other posts), but to keep it simple and effective, staying with the more standard approaches can be the easiest. Remember, a leecher will go to the easiest network to access. Just about any of the tips listed in this thread will deter the overwhelming majority of unauthorized users. Most leechers don't want to know what is on your network, they just want free internet access.
posted by lampshade at 4:32 AM on August 16, 2006
A simpler explanation of MAC addresses from About.com.
MAC address filtering is a handy and often unused way to keep bandwidth leechers off your network. In short, each computer has a MAC address, a "fingerprint" if you will. Identify that fingerprint and allow that computer to have access to the network. MAC addresses are universal - all computers have them. Even printers, Internet phones etc. Anything that has a network card, including wireless.
It is not as hard as it seems. For example, on the DLink and Belkin routers, the router software will identify the computer trying to gain access and allow you to "clone" the address for entry. As the addresses are hexadecimal, it is frustrating to be turning over boxes or running a config program to ID the MAC address. Not all routers have this feature. Unfortunately, some of the more popular routers (with better price/performance ratios) lack this feature. It is an easy way to increase security without a password scheme that most people forget anyway. Also, anytime an approved user wants access, it naturally forces you to examine who is on the "list", which is good as a standard security review method.
Other tips:
- Change the default password on your router: If you don't, then all your efforts are worthless. Just post the router you buy and quite a few people will already know the password until you change it.
- Rename your SSID: Name it something that has nothing to do with the hardware brand and nothing to do with the password.
- Disable remote router administration: Chances are that you will never find the need to access your router from a location outside the network.
- Learn how to default the router: Most, if not all, have a factory reset procedure. Find out what it is and practice it. In doing so, it will wipe out your settings, but you can gain access to the event you forget your password.
- The above being said, print some of the screens from your router config page(s): It will come in handy in the future. Passwords will just appear as asterisks (*).
There are a whole slew of other security procedures (ping blocking and the stuff above in other posts), but to keep it simple and effective, staying with the more standard approaches can be the easiest. Remember, a leecher will go to the easiest network to access. Just about any of the tips listed in this thread will deter the overwhelming majority of unauthorized users. Most leechers don't want to know what is on your network, they just want free internet access.
posted by lampshade at 4:32 AM on August 16, 2006
This thread is closed to new comments.
posted by JakeWalker at 9:35 AM on August 15, 2006