Quick ? about networking/wireless

[Capricorn]

Thanks for the note on the limited range, Capricorn. My bedroom, which is where the router will be, is off limits to him (as his quarters are to me), but my room borders the dining room and the living room; no reason he can't take his laptop in one of these rooms if he wants optimal rates. That would only be for local transfers (to and from the external HD) as my DSL is only 1.5Mbps, and once I build my computer, I'm capping him down to like 256k/40k (5KB/s) so I can use eMule without whatever he's doing causing me to get lowID and capped downloading.

Don't let me scare you too much. I would bet that you'll be fine as it doesn't sound like you've got a palace there. Also, remember, the radio on your wireless travels in all directions, so your neighbors that are above, below, left and right (if any) will also get your signal as well.

Oh yeah, as "host" or whatever, can I cap his bandwidth? While I'm still using my laptop and not on eMule, I'd just cap it at like 1Mbps and 64Kbps (2/3 of down, half of up) because all I use the Net for on the laptop is message boards, and I know he uses mIRC.

Bandwidth shaping is not something I've seen on any of the small all-in-a-tiny-box home routers. I've seen that on Linux-based firewalls and higher-end (i.e, expensive) router/firewalls.

 

[Oceanb0rn]

Oh yeah, that's another thing. How would I prevent neighbors from getting on my Net? Wouldn't I be able to somewhere designate a username/password for my roommate to be able to get onto the Net? My DSL requires authentication. No password, no entry. The fact that my laptop has it stored in the Windows PPPoE/DUN client is beside the point; a neighbor shouldn't be able to get at it. It's not like my friend's cable internet where you're always connected, no password.

So could, theoretically, a prankster hide out under my window, send anonymous email via a wireless laptop, say, threatening the President, then Secret Service traces them to my IP, and next thing I know I got a gun in my face? Surely wireless Internet is more secure than that. I know if you're in airports or Net cafes, they'll have wireless, but you have to pay for a login/pass, and it's timed, so if you don't keep paying, you're booted when your time is up.

In any case, wireless is really interesting. I need a wireless card in my laptop, if it's going to be this cool.

Maybe when I build my computer (desktop), that WILL be on 24/7 and have Norton's firewall up... Could I use that as a server somehow, and my laptop and his laptop could get onlne through the desktop? Is that an option?

 

[hilowe]

Surely wireless Internet is more secure than that.

Unfortuneately, it can be exactly this insecure. Taking an access point or wireless router straight out of the box, they are setup to make it very easy to connect to them. If it's easy for you to connect to, though, it's also easy for your neighbor to connect to.

You can do certain things to make it more difficult to connect to.

1. Disable the option to "Broadcast SSID." I learned that with my Orinoco wireless card in my laptop, I can easily connect to any access point that is broadcasting the SSID. If you turn this off, you have to tell the computer to look for exactly that SSID.

2. Turn off DHCP, and use static IP addresses. If DHCP is turned on, once someone connects to your access point, they can use your network, and sent that threatening email to the president.

3. Filter MAC addresses. I do this on my network at home, to try and ensure that only my equipment can access the network.

4. Don't use defaults. Programs like Netstumbler will sometimes tell you the brand of access point that is being used. The default passwords and settings for most brands are found very easily on the internet. So, if you use the default password for a Linksys box, I could possibly log onto it and change your settings.

 

[Capricorn]

5. Use at least WEP encryption with 128 bit being slightly better than 64 bit and either better than nothing against your typical neighbor. If you suspect you've got a real hacker next door, look into something stronger.

For #3, that hilowe mentioned, my Linksys router will tell you what wireless cards (by MAC address) it detects in range. You can then click on the ones you want to give access to and add them to the list. If you turn on the option to only allow cards in the list to access your WLAN, that keeps outsiders from using your wireless, but not monitoring it. #5, keeps them from spying on your network trying to catch passwords, credit card numbers and other personal info.

 

[hilowe]

Just remember that WEP encryption is not perfect. There are programs available that will look at the packets that are sent through the air, and eventually crack the WEP key that is input.

Personally, I've had more problems with WEP than I believe it to be worth, which is why I didn't add it to my list of things to do. People can at least try it, and see if they can get it to work, because it is better than nothing.

By the way, that list is the things that I do to my access point to secure it against outsiders.

Capricorn, thank you for expanding on filtering MAC addresses. I haven't had to mess with it for quite a while, and didn't rememeber how I had set it up.

 

[Roshi229]

if you are worried about it, you can log into the router's web interface and see who's connected. and/or change the wep key every week or so, you can add protections, but for the average home network this is more than enough.

enjoy