Saturday 16 July 2005

,

Home networking is child's play

Low-end, though perfectly adequate, computers are so cheap these days it's feasible for each member of the household to have their own, dramatically reducing incidences of arguing, hair pulling and death threats.

Even so, shelling out for one-off hardware purchases is only the beginning - everyone will want to have unfettered access to the internet, and this is where your running costs can truly begin to spiral if you're not prudent. Only a few years ago, making this a reality would have involved having a separate phone line installed, and setting up individual ISP accounts, for each computer.

Not any longer! This being the age of inexpensive broadband, it makes sense to do away with personal net access in favour of sharing a high-speed connection via a single ADSL-enabled phone line. See, there's a communist in all of us if you look close enough!

You'll need to splash out on some more kit - a router and several network interface cards (NICs) / network adaptors - but don't worry, these will pay for themselves in no time at all. If you already have a modem you may like to save some money by buying a stand-alone router. On the other hand, if you haven't yet taken the broadband plunge, you'd be better off getting a combined modem-router unit. Actually this is recommended either way since most ISP-supplied modems are of the more troublesome USB variety, while a good modem-router box will be ethernet-based. Ethernet-based routers are more robust, partly because they do not require the installation of drivers.

As strange as it may seem, security experts advocate the use of a router even for independent, non-networked computers. This is because they come equipped with a sturdy, built-in, hardware firewall which cannot be remotely disabled by hackers, unlike flimsy, largely superfluous software equivalents such as Zone Alarm. Sorry to shatter any cosy illusions of online safety you may have invested in such protection mechanisms, but they are practically useless - the first task any self-respecting trojan or virus will perform is to shutdown your software firewall.

Routers can be either wired, wireless, or both. Whichever type you settle on you will need to equip each computer in your network with either an internal PCI network card or a USB network adaptor. Taking the internal route is more efficient as NICs communicate with the router without hogging a precious USB port. The USB adaptor method is ideal for people who aren't comfortable tinkering with their computer's innards (or can't because they are laptop or Mac Mini users) or who regularly transfer network connectivity between different systems. PCI network cards can be hooked up to both wired and wireless networks (some are outfitted with an ethernet port, others have an antenna, some have both). Most USB adaptors are designed only to provide wireless support, though it is possible to purchase USB ethernet adaptors which mimic the modus operandi of wired NICs.

Wired networks are strung together via RJ45 network cable - one end is inserted into the ethernet port of your adapter while the other is inserted into one of your router's free LAN ports. Conversely, wireless nodes talk to one another via radio waves based on the 802.11a, 802.11b or 802.11g WLAN standard. Briefly, these differ in terms of transfer speed, wireless range and frequency, 802.11g (Super G even) being the most advanced to date. The precise specifications of each are detailed in this Speed Guide article.

What prompted me to write this post was getting my own home network established. My challenge was to provide high-speed internet access for two Dell PCs and a Mac Mini sharing a single ADSL internet account. Because the computers are situated in opposite corners of the house, up and downstairs, going wireless was the only sane option. I thoroughly researched a raft of viable solutions and came to the conclusion that the Netgear DG834GT router coupled with two Netgear WG111T USB adaptors was the best way to go (the fact that one adaptor came free with the router helped to swing my decision somewhat).

As the router requires no drivers, it can be considered 'platform-independent'. The USB adaptors do require drivers and only Windows ones are available. This meant that the router would have to be attached to the Mac. The router is connected to the Mini's ethernet port via a length of RJ45 network cable. Subsequently communication with my ISP is mediated via a phone cable - intercepted by a DSL filter - plugged into the phone socket. The broadband filter allows you to connect a phone and computer to the same line, use both simultaneously, and filter out the distortion introduced whenever a phone line is converted to accept broadband connections. Power is sourced via an adaptor plugged into a mains socket. Conveniently all these components are included as standard in the router kit.

The router is configured through a web page, located by entering a series of digits separated by dots known as an IP address (192.168.0.1 for Netgear and several other routers). There are many baffling ISP-specific settings the router needs to take into account before you can get onto the net, but luckily, if everything goes according to plan, these can be automatically detected. In my case the procedure executed flawlessly - impressive stuff! All I had to do was enter my ISP username and password and apply the changes.

Getting the two Dells online was just as simple. I installed the drivers, plugged in the USB adapters and they sniffed out the router pretty much by themselves. Providing you (initially at least) choose to broadcast the name (SSID) of your wireless network, your adaptors will automatically detect and connect to it. If for some reason your neighbour's wireless signal is stronger than yours, you could even find yourself 'borrowing' their bandwidth - assuming they haven't enabled their router's security features. Tapping into open wireless networks (knowingly or otherwise) is illegal in some countries so paying attention to the name of the network you are joining is advisable.

Once you have established a connection to the net, to prevent other people piggybacking your internet account, getting up to no good and leaving you to face the consequences, you must take the time to lock down your network. The first thing you should do is enable 'access control'. This allows you to selectively permit access to your router by specifying the MAC (Media Access Control) addresses of your USB adaptors/NICs. These are simply serial numbers used to identify each node in a network.

Having determined that each computer in your network is on good speaking terms with your router, it is also recommended that you disable SSID broadcasting. This prevents snoopers from automatically detecting your signal and exploiting your resources, advancing their nefarious schemes and whatnot. If you opt to obscure your internet access point in this way you will have to manually enter the SSID of your router into the configuration menu associated with each of your nodes.

Remember to change the default SSID - disabling SSID broadcasting is useless if anyone with half a brain can guess the name of your router!

While you're at it, remember to change your router's default password to prevent people from tampering with your settings, disabling your firewall and so on. Tip: use a random password generator to create a super-secure, long-winded, unguessable string of gibberish.
Changing your SSID and disabling SSID broadcasting does not provide uncrackable protection, however, will deter casual, amateur delinquents from throwing a spanner in the works.

More sophisticated security features I would urge you to take advantage of (or at least familiarise yourself with) include:-

WEP (Wired Equivalent Privacy)
WPA-PSK (Wi-Fi Protected Access Pre-Shared Key)
WPA-802.1x

Each of these techniques offers varying degrees of encryption for data transmitted over radio waves.
WEP is a first-generation wireless security mechanism which has been rendered worthless by the widespread availability of idiot-proof hacking tools. Don't give it the time of day.

Second-generation WPA wireless protection is much more dependable. It comes in two flavours; PSK for home users and 802.1x for larger scale business deployments. All you really need to know is that by generating a string of ASCII gibberish between 8 and 63 characters long and saving them in your router's control panel you can protect yourself from the most dedicated eavesdroppers. Again, use a random password generator to ensure your WLAN is super-secure. Don't forget to enter the same key in the security control panel of each node before attempting to connect to your newly locked down network. That'll be why it's called a 'pre-shared key' then. Clever!

802.1x won't be of much interest to you unless you're a network manager or ISP administrator. Even if you wanted to employ this higher grade authentication system on your home network, you'd be out of luck unless you happened to have a spare 'RADIUS' (remote authentication dial-in user service) server kicking around. Checked the closet? None to be found? OK, let's move on.

Of course if your router supports both wired and wireless connections, but you only intend to use it as a wired base station, you can bypass all of the above by simply disabling your router's WAP (wireless access point) capability. Wired networks are inherently more secure than wireless ones, though are nowhere near as versatile. For instance, connecting your laptop to your network via a 100m coil of network cable so it can be used out in the garden isn't exactly ideal. Similarly, lugging about a cable so you can plug your laptop into Starbuck's network isn't very practical either - do they even support that?

Whoa horsy, now there's a wacky phenomenon. Personally I've never understood the attraction of public, mobile computing. How are you supposed to get any work done when you're forever looking over your shoulder to check if anyone is approaching you with a swag bag? If conveying some piece of information or other is so earth-shatteringly critical to their continued existence people feel compelled to setup their office in a coffee shop and go online on route to their high-faluting business meeting, why wouldn't they simply use their mobile?

Then you've got the ones who's world won't crumble if they don't send someone an email there and then while they slurp their overpriced Slopuccino, yet somehow feel it necessary to surf the web for, oh I don't know, to shop for new sandals. It won't kill you to detach yourself from the net while you take a fifteen minute break you know! You may miss the opportunity to be the first person to comment on Slashdot's latest 'hamster learns UNIX' exclusive, but believe me, you'll survive.
Even Bill Gates takes time out to reacquaint himself with reality from time to time. He uses his downtime to whip the army of Filipino children enslaved in the rat infested Microsoft dungeons, but you get my point.

I'm convinced the only people who sit in coffee shops and McDonald's 'restaurants' tapping away on their laptops are either models posing for hi-tech magazine photo shoots, or exhibitionists who want the world to know they've just bought a top-of-the-line Sony XZS569 laptop with built-in plasma screen and dishwasher.

Phew! That rant has been brewing for a while. I feel much better having got it off my chest. Now where were we?

With the preliminaries taken care of, you may like to setup a shared drive or enable remote access to a printer. To share a printer, open the 'printers' window from within your control panel and right-click on the icon representing the printer you wish to share. Now select 'share this printer' and when the printer's properties dialog box puts in an appearance, select the 'sharing' tab. From this menu click on 'share name', enter an appropriate moniker and OK your decision.

To send data to your new network printer from a remote computer you would add a new printer in the usual way, but rather than selecting a local device you would browse the network for connected printers and select the one you've just elected to share.

Sharing folders is just as simple. You would locate the folder or drive you wish to make available, right-click on it and select 'sharing and security'. From within the 'sharing' tab you would opt to 'share this folder'. You are given the option to name the shared folder or drive at this juncture - whatever you enter will be used to identify this area of the hard drive within your network, without actually changing the label on the host system.

See, child's play like I said. I accomplished all that without an MCSE certificate, or safety net! I can tell you, I felt pretty silly cancelling two dial-up ISP accounts online and ringing up BT to arrange for two phone lines to be disconnected. Wireless networking wasn't invented last week, but until now I've been too busy watching knee-slappingly frolicsome movie clips of dolphins getting hit in the crotch with a football to make the transition.

0 comments: