Hi all, I know that this is not strictly DIY but I have read with interest some of the google searches that I have done and some of the replies have been from this group. I have got myself confused as to whether I need a router or an access point. I have fixed broadband line downstairs connected to Pc running windows XP. Kids want internet access in the beds so thought I could drop two wi fi cards in both their comps. What is the best thing for my computer downstairs to send them the signals. TIA
You need a router and an access point by the sound of it. Such things come in an all- in -one- box unit made by netgear and Linksys.
It will split your cablemodem or ADSL out so that many PC's can use it and gives a valuable protection against random hacking attempts by network address translation.....
You don't say what kind of "broadband" line it is.
Is it ADSL - in which case do you have an external modem with ethernet interface or one with a USB connection plugging in to the PC?
Is it a cable TV provided solution? This normally has an ethernet connection for the main PC.
It is not a good idea to use the primary PC as a gateway for other PCs. First of all it affects the performance of the main PC, secondly if you reboot, the connections go away for the secondary PCs, and thirdly, using a PC with Windows as a means of security control (which you should have) is not a good implementation.
If you have an ADSL connection via phone line, then a good choice would be a combined ADSL modem, router, firewall, switch and wireless access point. Linksys WAG54G is an example of this with street price about £70
If it's cable modem or if you already have an ADSL modem with ethernet interface, then a WRT54G (about £45) would be reasonable.
In your primary PC, if you want to wire it directly to the device, you need an ethernet card - e.g. LNE100TX.
For the kid's PCs wireless LAN cards such as WMP54G (about £30), and you could put one in the primary PC if you wanted instead of the wired connection.
There are other reasonable manufacturers of this type of equipment such as SMC and DLink who have similar products. I wouldn't buy the very cheapest OEM stuff because software updates with fixes and new features don't typically happen.
The above are all 54Mbit products which have become quite cheap so it is probably not worth going for the 11Mbit ones now unless you are on a tight budget.
If you do go for wireless, at least remember to enable 128bit WEP security. It willl give you some level of protection from people spying and neighbours hitching free access.
I'd suggest a wireless router access point - i.e. all in one. Linksys make one that allows you to subscribe to a special website blocking service that allows you to fairly effectively stop your kids getting to unsuitable content be accident - not sure how old your kids are but this is well worth considering. Think it's the WRT54G model but check first to be sure. Whatever your broadband is, you'll need a modem with an ethernet connector to plug this into. (i.e. it won't connect to a USB port on your modem be it ADSL or Cable). Then you'll need adaptors for the kid's pcs. You should be able to pick up USB adaptors cheap which don't involve taking their PCs apart. Also, if you're only doing this to get them on the web and you don't need high speed comunications between their PCs (file transfers etc), you could go for cheaper 802.1b wifi adaptors for their PCs, though the range and speed is less. I have above router and am using 802.1b cards with 2 laptops happily. hope the above helps, if you need any more info let me know - I'm a network engineer! Thanks, Matthew
Thanks for the replies so far. To try and answer some of the questions. I have an ISDL line connected to my modem which in turn is connected to the PC. Security is an issue and from what I can gather the combined router/ access point/ modem seems to be a good idea. Are all modern routers combined with an access point? I like the additional security featues (firewall). The two girls are 10 and 13 so I would hope that they would not be getting up to no good. But in essence some parental control would be advantageous. I have looked at the linksys and their router/ AP does seem quite decent. My initial budget of approx £100 would certainely buy the router and one PC adapter although their adapters seem dear at Circa £35 compared to Asus at circa £18. Could I mix and match? and still be able to simply implement parental controls/ and enable the wep security features?
Nope. There are numerous different permutations so read the specs carefully as o what you get.
Yes you could. The Linksys stuff that I mentioned is standard 54Mbit
802.11g and should be compatible with other makes of this as well as
11Mbit 802.11b. There is a variation in quality, range and sometimes performance between vendors, so be careful if you go for the very cheapest stuff.
Vital. Just as an example....I do keep a fairly watchful eye on the internet activity of my 13-year-old daughter although I trust her at least, oh,
99.9%. Couple of weeks ago I intercepted some emails between her and a friend, from which it emerged that the friend (a girl, 12) was planning to meet a "16-year-old boy" she'd met in a chatroom, and was asking my daughter for advice on how to go about this without the parents finding out, as she was sure they'd forbid it (and guess what - the parents did find out, shortly after I found this.) I'm sure it was all very innocent but as far as I'm concerned, with kids of that age you don't muck about.
I installed the Linksys router and have been very pleased with it. It operates fine with 11Mbit stuff as Andy says. It needs one physical connection (for management) and I have used another two (of the total 4) for a PC in my son's bedroom next door and a cheap Ethernet print server. This means I have a central printer available to all machines whether or not the "main" PC is on or not. I use the wifi connection exclusively (at present) for a laptop which can then be used anywhere in the house.The Linksys router is in one upstairs corner of the house and I can use the laptop (just) in the opposite corner downstairs behind one large chimney (low signal strength) - the worst location.
Do enable the security - I can see a neighbour's network which is completely unsecured. It wont cost you anything immediately if someone uses your router (apart from bandwidth) but, if they download illegal material, it will be traced to your router.
How secure is WiFi security in fact, providing it's enabled of course? I'm looking into adding a WiFi point to my home network for use by our laptop, and am now trying to learn a bit about it. Does it come into the class of "several-supercomputers-working flat-out-for-several-days-could-crack-it-but-it-would-certainly-keep-out-but
-highly-motivated/equipped-criminals" which would be OK by me?
If the main PC is on when your children will be using the internet, I'd consider wireless network adapter with a software firewall like Kerio Personal edition which is free and very good IMHO. The free edition doesn't do ICS (internet connection) sharing so this could be done with something like AnalogX Proxy+, which has basic site logging.
There is also something called '602 Lan suite' which is a firewall and does both NAT and proxy ICS free for up to 5 users, but I don't have first hand experience of it. It might be possible to use the ICS in in conjunction with Kerio.
If your main PC is off most of the time, or rebooted a lot, or a slow
486, or your childrens internet access must be 100%, then a hardware router is the way to go. If not I'd try the above as they don't cost anything, if not suitable they can be uninstalled and a router used instead.
Also look into parental control software, I've no idea on this but there must be a lot available. I'm sure the fans of hardware firewall/routers can give some details of those options...
Generally using Windows to do this type of thing is not a particularly good idea because a) the performance is affected, b) Windows is a lousy and unreliable platform for security control and c) it goes away if the PC is rebooted.
Considering that you can get everything in the router/AP for next to nothing and with none of these issues, there's really no point in doing software connection sharing and firewalling. It's better to let the HW router do one level and then to implement a software firewall if you want extra protection and certainly antivirus etc.
Summarywise, it's like an ordinary house alarm: enough of a nuisance to make the 40% or more of wireless LANs which don't even turn on the WEP thing more attractive targets to the casual, far from effective protection against someone determined (maybe the bored teenager across the way whose parents are peed off at the phone bills on dialup ;-), show that you don't intend providing service to the casual passer-by, and (again like the house alarm) present you with some degree of inconvenience - there's a little more setup involved in telling each device wanting to use the WiFi point what the key-of-the-month is, and then changing the key-of-the-month every few months ;-)
WEP can be broken by passive listening only; it needs a non-trivial volume of traffic (tens, maybe hundreds of migglibytes) to accumulate enough data to be cracked, but if the attacker has a way of sending bogus traffic through the access point (e.g. pinging the router on its non-WiFi side) they can generate that volume of traffic in a shorter time. The software to do the cracking is widely available and requires only point-n-click 'skills' to use; time to run once the data's gathered is under an hour (sometimes much less) on an ordinary PC/laptop.
That's for WEP, the older (and dominant in installed base) standard. Its upgrade is WPA, which fixes most of the glaring idiocies in WEP, though still doesn't protect you from using an idiotically-guessable passphrase in pre-shared key mode. Both WEP and WPA cover only the 'link level' between the access point and the wireless 'client' devices; if you want beefier encryption, you can augment both of them with an IPSEC tunnel - wot the marketroids call a VPN. The combination of both certainly makes the great majority of other wireless networks easier to break into than yours...
I wouldn't trust anything from Redmond in the area of networking.
If the main PC were running FreeBSD, Linux etc. then it's a different story, but trying to build anything with a security content on Windows is asking for trouble.
There were plenty of links to products from Linksys, DLink, SMC who all have adequate products for the purpose.
Software that is brain-dead easy to operate. I was messing around with various linux tools on my laptop, including "kismet" which is a wifi network mapper (finds them and notes them, along with bits of interesting data such as the ESSID - and "airsnort" which is one of the war-drivers favorites. The latter finds nets, gathers data and cracks WEP keys given a chance (ie enough data as Stefek says).
Mostly because I am preparing myself in case I need to find rouge AP's at work which is likely, given our lot are quite capable of running Windows on WIFI whilst having the ethernet plugged in *and* configuring internet connection sharing, causing routing anomolies and rough DHCP repsonses. Yuk.
Any, I decided to experiment on the train home, purely in the interests of science *cof*. Discovered a stack of WIFI in Tonbridge and a dozen+ in the immediate vincinity of London Bridge station. And in both cases, at least one AP in both places had an ESSID along the lines of "default" (exact wording varies).
So, I'm after some WIFI so do naughty things through and get the AP owner blamed - guess where I'm going to start. I wouldn't even need to bother cracking WEP, let alone WPA.
Or you could do what I do and not care that much... I lock mine down to accepting certain MAC addresses only. That's actually pretty feeble as you can clone the MAC address and in fact (despite the apparant problems) actually have two clients using the same MAC simultaneously on the same IP in the particular case of WIFI, due to it being a bus connection.
TCP is remarkably robust.
In the end, all my critical stuff goes over https or ssh or some other SSL enabled protocol. Everyone can see what web pages I'm browsing and the odd slightly clever person can borrow some bandwidth. As I live in a quiet cul-de-sac, it's not really a problem for me.
So part of your decision is down to risk assessment. Though not ethe point about getting the AP owner blamed above!
That's interesting because originally I was looking at the Dlink products but thought that I would get clarification from this group first. Most of the recommendations have been pointing to the Linksys products which I have now been looking at, and although I considered mixing brands I would prefer to keep to one brand. I originally was tempted by the Dlink as it includes software for parental control which is desirable. I now also appreciate that what would be better for me is a modem router as the other Pc's could access the internet without relying on my computer being on. My motherboard fortunately has a 10/100 card in it so I was going to cable my computer to the router. In fact I am probably being lazy in looking at wireless in as much that i could hardwire both comps to downstairs anyway. Off putting as the cable routes would be mostly external and on display and I hate looking at wires. Remotely possible to cable internally but with massive upheavel and a quite difficult access above my office as it has a false ceiling suspended under the main bedroom floor. The issues of security have somewhat surprised me. Being that we are non estate I would suspect that a limited number of neighbours would receive the signals. Is there not a way of reducing the signal strength to reduce the distance that these devices operate over? My immediate neigbours certainely do not concern me. In any event if other neighbours had wi fi would I see there signals as an option to connect to so I at least now if others are operating wi fi in my vicinity. One last concern is that it has been mentioned that my web pages accessed would be transmitted by the router. Would this still be the case if my computer is directly connected, wired, to the router?
Regards and thanks for all the informative advice. Legin
What is needed in this case is a router with a modem built in, or one that can be connected directly to the modem. If the latter check it supports your modem.
Using wireless with WPA encryption will put you out of the reach of bedroom hackers without a doubt.
No... at least, not if the box has been programmed semicompetently and hasn't been built super-cheaply! The "routing" function within the box has (in the case of an all-in-one DSLinterface-WiFiInterface-EthernetInterface router) those three interfaces. It would be a bizarre piece of silly cost-reduction or really sloppy (or black-helicopter-inspired!) programming for the traffic which is only of interest to the DSL and Ethernet interfaces to also appear on the WiFi interface...
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.