Choosing, installing, and securing WiFi Routers
When you need to connect two or more PCs together, and to a broadband connection, the first choice today is a wireless – or WiFi – router. This especially applies at home, though offices may choose a cable LAN for two reasons: it is the standard solution in offices, where people expect to see cables on the walls or even floors; and a cable LAN is intrinsically more secure than a WiFi LAN.

WiFi routers work by radio transmission and don't use cables. They connect PCs or laptops by radio link, both to each other and to an Internet connection. This is almost always a DSL (broadband) connection of some sort, but doesn't have to be – and no Net connection is necessary if the computers simply wish to network together.


Wireless range

Connecting PCs, and also connecting them all to broadband, is so easy by WiFi that it is easy to understand why this method far outsells any other solution now. No cables are required, and PCs or laptops in different rooms can connect. There is a maximum range for the radio transmitter of course, which is determined by distance and the type of walls between the two transceivers – the router and the remote PC. Since the transmission power is extremely low, especially at the PC or laptop end, long ranges cannot be expected. In most offices, with lightweight commercial partition walls and plenty of internal windows (glass doesn't block radio waves), then distances can be longer; with heavy stone castle walls you won't get through one in all probability, though the radio waves bounce and ricochet around and get through doors and so on. Extended ranges can be achieved by specialist solutions, but these are not a mass-market requirement.

As far as houses go, using a standard router, then between adjacent rooms and ground floor to upper floor is almost always viable. To an attic room or other second-floor room is marginal; and to remote rooms may or may not be possible, depending on the type of building and local conditions. For these longer distances a 'long range' model is to be preferred, which is slightly more expensive. There is now a trend among manufacturers to market extra-fast routers, and in some cases these use two radio channels for multi-channel working; these should be avoided in built-up areas since there is a much greater chance of interference between the routers in adjacent buildings, which will slow the traffic down rather than speed it up. This is partly because there are very few channels for working, and partly because routers of each model will all use the same default channels.

WiFi routers only have 11 channels to choose from, and in the event of slow traffic on your LAN you should investigate whether changing the default channel helps to speed things up, since routers all tend to use the same default channels. This means that all BT Voyager or Belkin routers for instance will use the same channel, and as there will tend to be more of the popular models in any one district they may well interfere with each other. In Europe there are theoretically 13 channels, but some of the equipment has major problems recognising the extra channels, so they are best ignored at present. If your router uses channel 9 by default (as many do), then consider going into the Basic Setup and changing it, for example to #5.

In fact all but three of the channels overlap, which is unusual in the radio world, and usually a sign of poor administration (unfortunately not unusual). Keep trying channels until you find one trouble-free. If all else fails there are some other solutions available to radio professionals, though you will undoubtedly be in for expense or extended tinkering.


802 specs

Originally the WiFi specification was 802.11b (say: eight-oh-two-eleven - bee), but now there are progressively faster specs such as 802.11g, and the 2-channel variant. In fact what matters is getting a good signal, either by trying to arrange a near line-of-sight between the router and the PC, or by re-positioning either for the best 'signal bounce' between the two. The radio sigs often bounce around and end up at the other end by going through doors and so on, rather than straight through walls. Floors are slightly more permeable in this respect than walls, since in houses at any rate they won't be made from concrete (or bricks, as the walls often are).

You need to see a 54 Mb rate of communication at the PC for a good result. This shows up by hover on the system tray icon, or in the diagnostics window that opens by right-clicking on the icon. (If you don't understand these terms, then go to: www.pelaginox.com/pc/pc-technobabble1.html, for an explanation.) If communication is poor, then you will see 11 Mb; and very poor, then just 1 or 2 Mb at the PC. This latter rate will in practice be about as fast as a dial-up connection, so really needs to be improved or your Net connection will be misery. Despite the fact that the 1 or 2 mb (megabits) indicated is very much faster than a 56 kb (kilobits) dial-up rate, in fact it must be a great exaggeration because the resulting traffic speed is only about as fast.


Types of router

WiFi APs (access points) can be LAN routers, or DSL modems, or both. In other words, a WiFi router will not necessarily be able to interconnect multiple PCs, or alternatively be able to act as a broadband modem: it needs to state in the title that it is a Wireless DSL Router Modem, or a Wireless ADSL Modem Router, etc. This means that it will not only connect multiple PCs, but also act as a broadband gateway.


Cable broadband

Note very carefully that standard WiFi routers will not work with broadband via cable. They don't tell you this in the cable adverts, despite the fact that 80% of new cable customers, according to TeleWest cable installation central, already have phone line broadband and a WiFi router – which they have to bin. You must search out a specific model for cable broadband, which as you will be aware are not advertised widely. A DSL router for cable does not have the modem built in, since it connects to the cable company's supplied modem; this has a coax cable connection, which obviously the normal DSL modem routers don't have.


Manufacturers

The Rolls-Royce of routers are the more expensive US Robotics models. Their cheaper models are pretty much the same as anyone else's – pay more and get more.

A good choice in the past has been Belkin equipment, but currently they have some major problems: some models of router run very hot, and some run at melting point – before they finally crash. These traits obviously cannot be good for long-term reliability. Some of their PC NICs (network cards) don't work very well at all – changing to another manufacturer's card gives an instant improvement. Recently I have replaced (new) Belkin PCI cards with Linksys cards, and the result was of the order of a 100% signal strength improvement and 100% network access improvement.

Until they recognise these problems and fix them, their routers and NICs are best avoided. The faulty routers can be identified by feeling the baseplate after the router has been on for an hour or so; at most this should be slightly warm, not hot as with some Belkin routers. These should be exchanged for a different maker's. No electronic equipment now, which use chips and not valves after all, should run hot.

Other makes such as Netgear are both reliable and easy to set up. You will find that telephone support for these items, should you need it, varies from good through poor to non-existent. However, this sort of equipment is either trouble-free or returned to the dealer, so the fact that the phone contact is in India (as in the case of Netgear) should not be a problem.

The best buy at the moment are Linksys routers and cards. Their routers are many experts' first choice now. This is because:
1. The routers work well and have excellent range.
    They are easy to set up.
    They have a 200 MHz processor and are therefore faster and cleverer than most.
    They run cool (or cold even).
    They have customisable firmware.

Few routers offer this last facility – Buffalo are another, but try to lock others out from altering it. DD-WRT.com can supply custom firmware for these routers. This means both that they can be adapted for special use, and that they should also have a long service life expectancy.

2. Their PC cards are head and shoulders above the rest:
    They have a bigger aerial.
    They get a bigger received signal strength than many other cards.
    They have a socket for an extension aerial (the supplied aerial is removable).
    Their monitor / diagnostic utility is one of the best.
    They connect first time with no messing about, even on old XP boxes.
    They are probably the easiest to set up a secure network with (when used with a Linksys router).
    And lastly, the cards are available in the UK now at around £15, which is around the cheapest (from Misco.com). Don't pay any more than this – in a big high street chain for instance they are £45.

   I recommend Linksys without hesitation.


Basic backup routers

When you first subscribe to your broadband ISP, you are often given a free router. These connect one PC directly to the Internet. In most cases they are a disaster and should not even be connected for a minute.

This is principally for two reasons: they are often USB devices; and they have no hardware firewall. The reason a USB device is not only useless here, but a CPITA (see Technobabble), is that it disconnects every time you hibernate or shut down. That means you have to go through the old reconnect-to-the-Internet palaver every time you restart, which is one of the reasons you ditched dialup. And just like dialup, sometimes it won't even connect...

If these modems were mains powered, they would be better, since they would maintain the Net connection; but for reasons of absolute minimum cost, they aren't. There is a sneaking suspicion that ISPs probably like them, because of the contention ratio issue. In any case, you'll only use one once, and never again, for the following reason: if you connect on broadband with no hardware firewall, and no efficient software one either, in five minutes you will have received enough viruses to paralyse your PC.

The Net is now thick with them, hunting for unprotected PCs, and a fast connection is an open invitation. One customer of mine hooked up with one of these free modems for five minutes; it took two hours work to remove the viruses that infected the computer. Only a rootkit virus remover will get rid of these new tough viruses; though Prevx1 seems the most efficient otherwise. Nothing else shows so clearly how effective the hardware firewall in a proper router is, and how much you need both that and a software one to make sure you are protected.


Phone line connection

The router ideally needs to be plugged into the main phone socket rather than an extension. All telephones or other equipment must be connected via broadband filters. This applies to answering machines, burglar alarms, and so on. If using a permanently-monitored alarm line connection such as Telecom Red (where the remote monitoring service issues an alarm if the line is cut), then a separate line should be used. There are several reasons for this, but it devolves into simply being less trouble-prone.


Installation

Apart from the WiFi router you'll need a WiFi card in each PC or laptop which will connect to the network. The router has two connections which are necessary, plus one probable, and another optional. These are firstly, it must be connected to mains electricity and to a phone socket with broadband. It will have one or more computers connected by radio link; and it could have a computer or printer connected directly by LAN port. The router probably has two to four LAN cable ports at the back, for a direct cable connection.

These have several uses: a nearby PC can connect by cable for the fastest and most trouble-free operation; a printer can be connected; and a PC or laptop can be plugged in directly if the WiFi setup is proving a problem.

It should be noted that it is not necessary to connect by LAN cable to set up the router, despite the convention (and manufacturers' advice) that it is mandatory: a remote PC is just as capable. The router can therefore be placed in a central position, just needing mains and broadband socket connections, and not a PC plugged directly in. Since a remote PC can set up the router, it is naturally best if the WiFi card is installed in the PC first.


Installing the PC's WiFi card

This is therefore the first job on the list. The card is variously termed a WiFi card, a WiFi PCI card, a wireless network adapter card, a wireless modem card, a wireless NIC, or a wireless expansion card.

Get the WiFi card ready and near the PC, but not yet out of its box. Many circuit board components now are vulnerable to static electricity damage; ideally you should have an anti-static wristband connected to the PC case or a wall socket earth. Since this is unlikely in the case of amateur installations, instead follow this procedure:
   1. First install the software drivers. Cancel any windows that may open, concerned with installing the hardware. Remove the CD. Shut down the PC completely, and don't hibernate it.
   2. Touch the PC's case to earth yourself out, discharge any static, and equalise your potential with that of the case while it is still connected to a mains earth. Don't walk around after this, as doing this can be the best way to generate static electrical charges. ¹
   3. Switch it off at the mains and pull the plug out.
   4. Get down on your hands and knees, and pull the PC's case out from its hole (they usually lurk under a desk). Disconnect any cables necessary.  
   5. Open the case (almost always the left-hand side panel), turn it on its side and lay it down. Remove the blanking strip at the case rear, in the card slot position you choose for the expansion card to sit in; you will probably need to remove a crosshead / Posi screw here; a thumbscrew points up a more expensive case. This can be any available PCI slot; other cards such as the audio card (but not the graphics card, which goes in a different type of slot) will be adjacent. You only need to check that the antenna on the card will be able to be positioned vertically and not obstructed.
   6. Now (and only now) get the WiFi card out of its box and protective plastic sleeve. Handle it only by the blank card edges, and not by touching any chips or the circuit connections on one edge. Carefully insert the card, and press it firmly into the chosen expansion card slot so that it sits in level, all connections are good, and the rear metal strip sits squarely in the ATX case's exterior hole. The antenna needs to stick up vertically, outside the case.
   7. Close the case, turn it back upright, reconnect any cables, plug it back into the mains, and boot up.
   8. Windows should detect the new hardware (the card) and install the drivers (the software you pre-installed but could not be fully linked to since the hardware was not yet present).
   9. If this procedure does not complete successfully, then reboot and try again. If this again fails, then reinstall the CD drivers, if necessary by uninstalling them first. Then, if still no progress, point the hardware wizard toward the CD as the driver source.
   10. If still no joy, then go to Control Panel - Network & Dial-up Connections, and make a new connection using the WiFi card.
   11. Finally, you may need to go to Control Panel - System - Hardware - Device Manager - Network Adapters, to see what the state of play is there.

This should finally fix it. All this should not be necessary but sometimes happens since, generally speaking, the installation and uninstallation routines are the worst-programmed part of any software.

Normally the software and hardware install without too many problems. You will see a new icon in the system tray, which will probably be red – meaning no wireless connection is available yet. If it's green, you can see next door's WiFi router.

  ¹ I did some installation work in a large department store once, and noticed with amusement that on one floor, customers who reached out to press the lift button, sited on an earthed metal plate, used to scream out in shock when a big fat spark jumped from their hand to the plate just before they touched. The poor ladies used to jump, and sometimes scream. The type of carpet was responsible for this – walking across it created the charge. A big spark like this, which jumps across with an audible crack, sometimes reaches 20,000 volts – with hardly any current, of course. This kind of voltage kills electronic components dead; and lower voltages, completely unnoticeable, take years of life off the equipment.


Laptop cards

You may be intending to connect with a laptop first. New laptops almost always have a WiFi connection built-in, so this has already been taken care of. You may need to enable the card, since you might not have used it previously, and it may be disabled until needed. You might find you just need to right-click the system tray icon, and then click on 'Enable'.

To install a new card in a non-WiFi enabled laptop, the procedure is broadly the same as for a PC, except much simpler and straightforward. You'll need a PCMCIA laptop WIFi wireless card (aka a WiFi PC card), which can be plugged straight into a PC card slot without opening the machine up. Follow exactly the same route as previously described for a PC, except that you don't have to worry about static electricity precautions.

If buying a new card for this purpose, always buy one with an extension aerial socket. This is because you may well need more range and power than you can get with the standard tiny aerial built in to the card, especially considering the minute transmission output of 60 mW (that's .06, or point zero-six, of a Watt). The Orinoco and Enterasys Roamabout cards have this feature, and although they may be difficult to locate, are well worth the effort. Otherwise, you may find yourself having to place your laptop on a table near the router. Laptops do not have as good a range to the router as PCs, because the antenna is smaller (and therefore less efficient) than a PC's. Of course, if you can plug an extension antenna into the laptop, you can use a much larger and efficient one and get more range than even a PC. Taking this to an extreme, enthusiasts have achieved 15 miles by using a dish aerial.

These extension-antenna enabled cards work on the older 802.11b system (with which all new routers are backward-compatible), but are no slower in practice; especially since with a bigger aerial plugged in they enjoy the full bandwidth. They will achieve a 54 Mb (megabit) connection, which translates to a 6.75 MB (megabyte) download potential (divide Mb or kb by 8, to get the 'real' speed in MB or kB); since most people are using either standard broadband at half a megabyte – 512 kb, which equals a 'real' speed of 64 kB – or the newer and faster variants at 1 or 2 megabytes (= 125 or 250 kB), there is no speed penalty; and even a great deal in hand as can be seen by the figures. Even though, as has been seen earlier, this figure is for practical purposes an exaggeration, and my personal opinion is that you can divide it by at least ten, you will not experience any speed penalty by using older-spec equipment until you go up to the staggeringly-fast 8 megabyte broadband. And that's only if you can find a server somewhere that will deliver at anything like that sort of speed: most are pegged to around 65 kB, which closely equals the standard 512 kb maximum download speed. A few can deliver at 120 kB, which is at around 1 MB broadband speed. Since a 54 Mb (megabit) connection equals 6.75 MB (megabyte) actual speed (although as we have seen theoretical), there's plenty in hand.

Laptops with all-USB ports and no PC card slots or anything else are a disaster, and of course best avoided. They work well in a small office and are best left there. You can buy a WiFi USB stick for these laptops, but these have the shortest range of any solution. See elsewhere on this site for more reasons why you should avoid all-USB laptops.


Types of cards

Note, when buying a card on the Internet rather than at a store, that both types of network card have similar names:

PC cards, i.e. PCMCIA cards, are for laptops.
PCI cards, or expansion cards, are for PCs – or desktops as we used to call them, only now they are more likely to be desk-unders.


Installing the Router

Now plug the router into the mains, and connect it to the phone socket. Wait a minute for it to initialise, then check your PC's WiFi icon. It may now be green; but nevertheless you should right-click it and go through the setup procedure. Firstly, find the box or window showing Available Networks, or Scan For Available Networks. Read the list of networks the PC can see, or scan the band to find them. In built-up areas you will no doubt see several. These are named by default for their manufacturer, or by users to anything they want; so you might see a list like this:
Belkin
belkin54g
BT Voyager
Netgear
Linksys
Smith House

... for instance – which would mean you're in a busy street! On the other hand, you might not see any listed at all, which means you'll have to adjust the position of your PC or router until they can see each other. The lights on the front of the router indicate that it's on and getting power; that it has one or more PCs connected; and also in some cases, working on the Net.


Setup

The first job, then, is to make sure the router and PC can see each other. Having done that, you now need to change the default settings to something more useful and more secure. To explain: all computerised equipment of every type comes with manufacturer's basic settings, by default. These settings enable the equipment to work, and may be sufficient for most users. However, they will not provide the best solution in many circumstances. We need to change them for two reasons: to make the equipment easier to use, and to make it more secure.

Router management is achieved by communicating with it from your PC, whether by radio link or by direct LAN cable, by using a browser interface. In other words you connect by using Internet Explorer, Firefox, or whichever browser you prefer, and type commands into the text boxes the router interface provides you with. This is a simple and easy system, and gives you all the options you need. It is not necessary to connect directly by cable to the router.

You first need to be able to find the router on your browser: you must enter its URL in the address bar. All routers have an address on the local network, which by default is set to one of few options. It will be found in your router's instructions, either in a leaflet in the box, or in the on-screen manual on the CD. (I don't use the term 'online manual' because to an engineer 'online' means either 'working correctly' (which would not be applicable in a user help manual situation), or 'when connected via landline or wireless', so it's current use for a CD or hard disk helpfile seems highly inappropriate to me – unless of course it refers to a website resource; which would of course be pointless here since the router might not yet be connected to the Net.

The address is likely to be one of the following:
192.168.0.1
192.168.1.1
192.168.2.1
192.168.1.100
... or something very similar, often a variation of 1 or 2 as the last two numbers. Again, you'll find it in the manual (when all else fails, RTFM); or if you've lost that then go to the manufacturer's website and see if they tell you there (most do); or go to a router info website such as those that specialise in port-forwarding tutes – Google it. Note that it will not be 127.0.0.1, an IP sometimes seen, as this is a local machine address – an address used when a server or webapp is set up on your own PC.

To change the settings we must go into the router management. This means of course that you must first be able to see the router on your WiFi connection; and have a good enough signal to communicate with it. Therefore:
   1. Check the Networks Available box, in your WiFi connection diagnostics, via the system tray icon as discussed before.
   2. Click on the name of your router.
   3. In a busy area where there may be more than one version of your router visible, see if you can find a diagnostic screen that gives you the relative signal strengths of the two identically-named routers, and pick the one with the strongest signal strength, which will probably be yours; or click on them in turn and see which has the stronger signal.
   4. Start up your browser (IE for instance), and type the router address into the address bar. Click the Go button on your browser, or hit Enter on your keyboard, and you should see the router's index page appear. If not, try variations on the IP address. Just type the numbers in as given, don't add http, www, or anything else. In the old days you had to type http://192.168.0.1/, but this hasn't been required for years.
   5. First you need to login. Routines vary here but these are popular variants:
       i. Leave the password box blank and just hit the Submit button (Belkin).
       ii. Enter <password> in the box and hit Submit.
       iii. Enter <username>, or <administrator>, in the username box, and <password> in the next one, then click Enter or Login.
       iv. Leave the username box blank, put <admin> as a password, hit Submit.

   Just type all these in directly (characters between the < and > signs are typed). These are the default settings, believe it or not, for many routers, and of course must be changed since otherwise anyone can log on to your router and lock you out by changing them. There's a get-out, of course, but you'd be crazy to leave it on default.
   6. Click on the submit or log in button and you should then get a large navigation menu on the left of the screen.
   7. Go to Basic Setup (variously named, and can be under for instance Utilities – System Settings, and enter your ISP's details. If you find other details already entered, then you have logged on to someone else's router in a busy area; logout and pick another with the same name. Choose any one of the three or four Belkins you can see... When you've found yours (one with no current Internet connection, and no user details yet entered), then enter the username and password your broadband ISP has given you, and a network address if provided. Your username is frequently the email address the ISP has allocated you. Other details are best left on the default settings, unless your ISP has given you specific instructions as to their alteration. For instance, leave PPoE on its default setting, DHCP Server enabled, and so on.
   8. Find the Connect button, which when you click connects the router to the Internet. Wait till the info changes from 'Disconnected', in red, to 'Connected', in green (for instance).
   9. Find the menu item such as Basic Settings, that features the username and password change options. Change the password to something very simple such as <bingo>.
   10. Save the change, and logout of the router management 'website'.
   11. Go to another website. Pick one from your list of favourites; or go to www.google.com; or try www.pelaginox.com.
   12.  Log back in to the router.

Now you know your router works, it has a valid broadband connection, the default password has been changed, and you can login with the new password.

   13. Now change the password (and the username if your router has this) to something more appropriate. Log out and log back in to check all's well. Log out and shut down.

You know the score: don't put Jane as the username if that's your name, as the kid next door will easily get that; and passwords are either weak, medium-strength, or strong. A weak password is short, all lower-case, and a word found in any dictionary – example: dog. A medium-strength password is longer, has a number or symbol, but is still a recognised word – example: alsatian2. A strong password is long, not found in any dictionary, has numbers and symbols, and has both upper and lower-case letters – example: %roverMutt2$. It only needs to be recognisable to you in order to be able to be typed from memory; which some strong passwords such as 5$7yTuq%O8PkLx2 for example may not be. Passwords can be cracked by various methods, but strong ones take a lot of computing power and time.

Now, the router is working, you have a working connection, and the router management is locked to you. Time for a cup of tea before the next stage.


Cable DSL

Setting-up a WiFi router on a cable connection can be more difficult than on a standard phone line. The router is not a modem, i.e. it doesn't communicate with the ISP's equipment online: it is connected to a cable modem, which is supplied and installed by the cable company. This might for instance be a Motorola Surfboard cable modem. These modems have a coaxial connecter for the cable line.

The first thing you need to do when ordering cable DSL is get a list of the router setup parameters, from the cable company. Normally they don't supply this, as their liability is restricted to providing the cable modem. One PC can hook up to this by LAN or USB cable and get online; the cable company have then fulfilled their obligation. However, this is not satisfactory now, and you will need to hook up your WiFi router to the modem: this connection can be tricky, and may require the parameters to be input before they will talk to each other. Alternatively, get one of the excellent Linksys WRT54GS routers – these feature a setup routine that interrogates the cable modem and ISP, and sets up all parameters correctly without any inputs needed at all.

There are probably people with a cable DSL connection who have had to connect to the modem with one PC, and then network other PCs through the first PC as a gateway. This is not the best way...


Basic security

Before we go any further we need to discuss security. The hardware firewall in the router will be protecting you, and these are now very efficient as they work in 'stealth' mode; that is, they ensure that your network is invisible to the Internet. If you connect a PC directly with a basic modem, as we have seen, it is not only visible but crying out to be infected.

Nevertheless you need additional protection on the PC: a software firewall, an antivirus program, and an anti-spyware app (or three). You can find more info on these on this site, but the short answer is to get hold of the following free programs, which all work fine. You can Google the names to get the download sites.

Firewall: ZoneAlarm free version, from Zone Labs.
Antivirus: AVG free version, from Grisoft.
Anti-spyware: Spyware Blaster, and Spyware Search & Destroy are both good free apps.

Naturally, you get better protection by paying for it, but these free apps will get you started. If you like them, you can pay for an upgrade. This is a good solution since the app is already installed, you know how it works, and you won't need to uninstall it and start again. That's why the software houses supply free versions. The worst programs rarely have a free version, since after trying them free you would hardly be likely to pay for an upgrade (from grim, to just not very good?).

If you wish to pay from the outset, then the best programs can be found on this site in the appropriate PC-related articles. Personally, I don't recommmend this, since the best apps normally need an expert's touch to set up and work well enough that they are then truly the best. The apps mentioned are just fine for you just now.

Make sure you are fully-protected in these three areas, by downloading, installing, and running these three sets of programs before you go any further. Ignore the fact that Windows XP is supposed to have a firewall in it; just shut that down and get a proper one.


Router security

A WiFi router is not essentially a secure way of running: it is a radio network with your broadband connection on, that anyone can connect to. Running a WLAN with no security has been nicely compared to dangling a network cable and socket out of the window down to the carpark.

Of course, we can and should change that. You can make your network slightly secure, very secure, or extremely secure, depending on how much work you want to do now, and how much aggro you are prepared to tolerate in the future with additional PCs or guest laptops wishing to connect; and with the glitches that can be expected with any computer equipment and especially networks.

The more secure you want your router and network, the longer it takes to set up, and the more likely a problem might be in the future. That's why 50% of WiFi networks are open and unprotected. Talking to people with open networks, their answer is: "Well, how bad is that anyway? What harm can someone do? If they connect on my broadband I wouldn't even notice." Fair enough; as far as most are concerned that's probably true. But in order to stop people stealing your bandwidth, or possibly launching an email blitz from your address, or even trying to get into your PC the easy way – you might as well take one or two steps to make it a little more difficult for them.

Stage 1: Just a little work here, and a slight chance of future headaches for the technically-nonfunctional. This is the minimum acceptable stage, and the network is still open. It's just a basic step for people who hate and don't understand computerised equipment.

You must change the admin username (if required) and the password, to a different value. We looked at this earlier. You must ensure that the hardware firewall built into the router is switched on (as it should be by default). It will not conflict with your PC's software firewall – you need both. We also need to give the network a personal name, and try to make it less visible.

Go into the router settings (via Internet Explorer, as before), and change the SSID Name. Change this to any personal name that you can relate to, but not one that identifies it to your house or office. For instance, don't use <Smith House> or something like this that obviously puts it at your address; use <madhouse> or anything you like that doesn't identify you. You should never use an attributable name, whether naming your network, your PC, or anything else.

Now switch off ESSID Broadcast: find the check box and fill it. Save these three changes and log out. These measures together mean that your network is safer from unwanted admin changes, has a personal name so that neighbours are unlikely to want to connect, and has disappeared from most other PC's view in any case. You will find that as soon as you log out, your Internet connection will cut out. You can't see the router anymore. What you need to do is go into your PC's WiFi settings and reset the network name to 'madhouse' or whatever you called it on the router; click Connect and you should be back on. Guests, arriving with a laptop, will have to do the same.

Stage 2: Next, you can (and should) turn on Encryption. Again, you are raising the aggro level, but Stage 2 is probably the minimum safe level to aim for. Encryption, though, doesn't work well with poor signal strength at the PC. There are several levels of encryption currently available, the most basic being WEP (or actually WEP 64-bit). Turn this on in the router settings. There are a couple of ways of creating an encryption key that your PC will need in order to connect; either use the keys presented to you, or to avoid having to type this complex set of letters and numbers into the PC, you can use a passphrase. This is the same as a password but longer; try <we 2 are Loony> or something similar, with those routers and cards that have this facility. This is input at the PC's settings to ensure that PC and router can talk to each other. Alternatively, if both PC and router support it, use the next level up: WEP 128-bit encryption.

When you log out of the router admin, your connection will of course go down, as once again the new router settings have locked out the PC; setting-up the PC with the correct key should re-enable it.

An easier alternative here is to set up negative MAC filtering. This is the easiest security measure for those routers that support it, and provides the lowest-possible aggro level or future problem creation. To do this, find the MAC address filter in your router (for those that support this), and enter the MAC addresses of PCs you can see connected but are not in your house / office. You'll find these listed under Local Client List, DHCP Table, Connected Devices, or some such. All PCs currently or recently connected are listed here; you can check this list periodically. You then enable the list and set it bar (not allow) the machines listed. This method bars next door's computers while allowing yours, and is the most successful method for those who want no problems to fix; but it is not available on some routers. It is of course available on Linksys routers. There is more on this subject in Stage 4: MAC Address Filtering, which discusses the positive filter method.

Stage 3: The next level of encryption is WPA. This is more secure, if all PCs can use it. Older WiFi cards in PCs, and laptop cards especially, cannot use this newer mode. It's more secure, if you can all connect with it.

Linksys routers and PC cards automatically connect via WPA with a one-button click solution.

Stage 4: And now we're getting into the clever stuff. As an alternative security method, especially if encryption will not work with one of the PCs to be connected (as sometimes happens), we can limit the computers connecting, to named PCs only. This is called MAC address filtering.

Go to the Security section in the router admin to find this, and type in the MAC address of all computers that need to connect. There are two ways to find these: have them all switched on and connected to the router, and then find the section with Connected Devices. This lists the MAC address of all the PCs on the network currently. Alternatively, you will have to examine the sticker on each machine to get the number. On WiFi pre-enabled laptops, it will be underneath; on PCs, on the WiFi card itself. Every laptop plug-in card or PC's WiFi card has an address and a sticker.
If, as sometimes happens, you find there are more PCs connected than exist in your home or office – this is common now – then you'll have to identify yours by their computer names (if shown), or by the stickers, in order to disconnect next door's.

Stage 5: Finally, if you have enabled MAC Address filtering, you can turn off the DHCP Server – you'll find this in one of the admin options. This means that the router will not broadcast a signal, or accept connections from any machines except those with allocated MAC addresses. You can also combine the last two measures with encryption.

Please bear in mind that all and every one of these security levels can be defeated by the determined, with enough time, and enough technical resources. People have hacked the Pentagon, remember. If you really cannot afford the risk of someone breaking into your network, then don't use a WiFi one.


Port Forwarding

Some applications require ports opened which are by default closed on most routers. The most common of these now are P2P (filesharing) apps, though occasionally FTP and email can play up. You might find that an Internet program that previously worked no longer does; or it may be restricted in some way. Firstly, check your software firewall, for these tend to cause more problems in this line: turn it off briefly to check if this is the case. If not, you need ports opened on the router's hardware firewall: this is called port-forwarding, as you want the machine to 'forward' traffic through normally-closed ports. Ports are just resource addresses that machines use for traffic; they don't physically exist. There are more than 65,000 of them on every PC and router. They are like a virtual gateway.

You can perform this task in the router's admin, as with most other things like this. For instructions, see the router's manual, or elsewhere on this site, or Google it for more resources – there are websites that specialise just in router port-forwarding tutes.


DMZ

As a last resort, and mainly just to see if closed ports are causing the particular problem you are experiencing, you can assign one PC to a DMZ. This means you put your PC in a demilitarised or unprotected zone briefly; all ports are wide open. You can do this by entering its MAC address or local IP in the appropriate place in router admin. This takes the PC out from behind the hardware firewall. Your software firewall must be A1 to do this, and even then it isn't good practice for more than a few minutes: a broadband connection needs both hardware and software firewalls online.


Troubleshooting

If you mess up and lock yourself out of the router, there are two ways back in. You don't have to chuck it out the window and buy a new one just yet. Firstly, you can connect via LAN cable; secondly; you can perform a reset.

With a LAN cable you can just link directly to one of the LAN ports on the back of the router. You need a LAN port on your PC or laptop to do this, plus a cable. Note that the LAN plugs look similar to but are different from a US phone plug; the RJ45 and RJ11 plugs are not the same (though they fit one way around but you can't make a proper connection).

A PC therefore needs a LAN card installed; a laptop may come pre-enabled with a LAN port, or could have a LAN card plugged instead of the WiFi one. With this direct cable connection you can see the router's admin index page directly in your browser, without having to go through the WiFi setup. The network can easily lock out a WiFi connection, but not so easily a direct cable one.

Alternatively, and especially if you don't have a standard LAN capability on the PC or laptop, then you can do a reset to return the router to its factory defaults. This will put it back into the same state it was in when you took it out of the box. Saved!

There are usually two forms of reset: a soft and hard reset. These approximate to rebooting a PC, or powering-down and removing the mainboard CMOS battery, in order to clear a problem.

A 'soft reset' is usually done by rebooting the router (disconnecting then reconnecting the power), or by clicking a pinhole reset button with a pencil end. You'll find this tiny hole on the back, if provided. Laptops often have the same arrangement, to avoid having to take the battery out. The soft reset clears many problems.

A 'hard reset' will return the machine to defaults, and get rid of your wrong MAC address input or whatever. Switch off at the mains, wait 10 seconds, then switch back on while keeping the pinhole button depressed for 10 seconds or more. This clears all memories. Hard reset methods vary by make and model.


Dead Network

In the case of a router that has been running OK for some time but suddenly quits, and resets don't seem to work, consider the case of your ISP's network having gone down. I've seen this before: a customer pulling their hair out and no broadband; but a phone call to the ISP revealed the whole area had gone dead out on the street. No solution to that.


NetStumbler

Network Stumbler is a useful tool for diagnosing WiFi problems. It's a free download – Google it. It shows lots of things your PC's card diagnostics won't. Geeks use NetStumbler together with – believe it or not – a GPS and mapping software, to create pretty maps of WiFi LANs, which they upload to specialist sites on the Net. I'm not sure what the point is but it's probably something like trainspotting. But anyway, NetStumbler will often help you sort something out. There are an awful lot of wireless 'tools' out there, but mostly they're things you don't need if you're respectable, and not working in the field commercially. A locksmith needs master keys and lockpicks, but you'd be in trouble if they were found in your pocket.









^ TOP ^
 
 
PC FAQ's:
WiFi LANs and Routers