Safely Share Your Access Point

By Aaron Weiss

January 25, 2008

Thinking of sharing your home (or small business) WLAN? Aimed at first-timers, this thorough primer on Wi-Fi basics explains security, routers, the various flavors of 802.11, and other essentials.

Ten years ago, sharing an Internet connection was practically an act of rebellion. I vividly remember a debate with my cable ISP (who shall remain nameless), who refused to allow subscribers to "share" their connection among several machines. But, with the first generation of turnkey routers already in big-box stores, and wireless networking just emerging, it seemed even then that this provider was on the wrong side of inertia.

Of course, today network sharing is commonplace. So common, in fact, that some of the basics are already taken for granted. If you're new to sharing an Internet connection—in your house, your office, or even with your neighbors—it might seem like there's a lot of mumbo jumbo to sort through to get everything working.

First, we have to start with some assumptions. The first assumption is that you already have broadband service that you want to share. For most people, this means either a DSL or cable Internet connection. Other possibilities include wireless and satellite broadband.

On the other hand, dial-up and cellular data connections are a different breed—although shareable, the equipment and methods differ from what we’ll cover in this tutorial.

Assess your situation

This much is true: to share your connection wirelessly, you're going to need a wireless router. You might even already have one, as supplied by your broadband provider. These days, some DSL and cable connections include combination modems/wireless routers. Most wireless routers have visible antennas sticking up, so it should be pretty obvious if you already have one where your Internet connection is plugged in.

Depending on your Internet provider and level of service, you might have only a broadband modem, or a broadband modem combined with a wired router, but without wireless broadcasting (no antenna). In either case, you'll need to buy a wireless router. There are a plethora of retailers online, but let's assume you're driving down to your nearest big-box electronics store. Everyone loves a road trip, and you can pick up a Cinnabon while at the mall. [Full disclosure: this paragraph was not sponsored by Cinnabon.]

When choosing a wireless router, the two primary factors to consider for your needs are speed and range. (Security is important, too, but most new routers support the same levels of security. We'll talk more about securing your network later.)

Today, there are three wireless technologies you may find on store shelves. Informally we call these "b", "g", and "n"—all shorthand for the technical names 802.11b, 802.11g, and 802.11n, which you will probably see printed on the box in either long or short form.

One significant difference between the three wireless types is speed. Wireless b is the slowest (and oldest). Although it is fast enough to share the average broadband connection, there is little point in purchasing a wireless b router today.

Wireless g is about five times faster than b, and today is your best bet or sweet spot for price and performance. It is likely that most of the products you find on the shelf support wireless g.

Wireless n is the newest technology and vendors are starting to push it hard. But be warned—you still pay a premium for wireless n, and the performance of these early generation units falls far short of their maximum theoretical capabilities. Don't be fooled by the "300Mbps!" speed ratings you see on wireless n products—rarely do they actually reach these speeds, although they are faster than wireless g.

Know your LAN

All the machines that will share your Internet connection are together known as your LAN, or “local area network.” Your LAN might consist of a set number of machines, or a variable number, if there are mobile computers that come and go.

It takes two to tango—for the best performance, the wireless card either built-in or inserted into your mobile or desktop PC needs to support the same wireless standard as your router.

The good news is, thanks to backwards compatibility, if you connect to a wireless g router from a wireless b PC, you will not have any trouble—but you will only achieve wireless b speeds. Generally speaking, any PC with wireless b, g, or n can connect to any wireless router b, g, or n (except in some cases when high security is used), but the connection will only be as fast as the slower technology.

Need for speed

Any speed difference between wireless g and n is mostly noticed only when transferring files between machines inside your LAN. For example, copying a large video file from your mobile to your desktop PC will probably be faster on a wireless n network than g, assuming good signal strength. But, remember that your PC will need a wireless n card to take advantage of this speed.

Wireless vendors have also added their own enhancements to wireless g to add extra speed. Some of these enhancements go by names like "Super G" and "Turbo G" and "Speedbooster" and can as much as double the speed of a wireless g network. Remember that this will mainly affect transferring files within your own LAN. Also remember, the speed boost will only be available when both your wireless router and your PC support the same technology—a router with "Super G" will only hit maximum speed when paired with a PC with "Super G."

The added cost of premium speed enhancements, and possibly the need to buy new wireless receivers for your PC, may or may not be worth it depending how much data you move within your LAN.

All the range

Going wireless isn't much use if you can't go where you need to go. The range of a wireless network can vary, sometimes dramatically, depending on both physical and technological factors.

Wireless signals travel very well through open spaces, but degrade when passing through walls, floors, windows, and roofs. Building materials like concrete, steel, and aluminum exact a greater penalty than wood, glass, and vinyl.

The design of your wireless router can affect range, too. You will see models with one, two, or even three antennas. Some wireless routers might not appear to have any antennas, but they do—they just happen to be hidden inside the plastic case. I prefer external antennas because they can be positioned to maximize signal strength and, in some models, replaced with stronger substitutes.

As with speed enhancements, some wireless routers are marketed with improved range innovations, under names like "Rangemax" and "TrueMIMO." These technologies use multiple antennas to decrease signal loss. Like their speed-enhancing counterparts, they also work best when paired with wireless receivers supporting the same technology. However, range-enhanced wireless routers do usually provide some benefit to all wireless connections, particularly in signal-challenged situations like basements.

To enjoy the best range from your wireless router, try to position it in an elevated open space. If you had to choose, for example, between a second story or a basement, the second story will usually provide better range throughout the home or building.

Doubling up

Sometimes your wireless router will just not provide a good signal to the outer reaches of your space. One way to extend wireless coverage is to add a second wireless router, positioned in a weak coverage area.

You can add a second (or third or fourth) wireless router with or without cabling. To extend your range using a physical cable, you would need to run a cable from one of the network ports on your primary wireless router to one of the network ports on your additional router. The "extension" router will need to be configured to behave as a simple access point (AP) rather than a full-fledged router, so that the two routers do not conflict with each other.

Many wireless routers also support a feature called WDS, or wireless distribution system. If both your wireless routers support WDS, they can be configured to extend the range of your wireless network without using any physical cabling. When in WDS mode, the extension routers will essentially receive and rebroadcast the signal from your primary router, letting you reach more nooks and crannies.

Secure that signal

You want to share your Internet connection wirelessly, but you don't want to share it with everyone and anyone. Those wireless signals can contain sensitive information—your passwords to Web sites, for example. Nor do you want strangers sharing your Internet connection. For one thing, your connection provides a finite amount of speed. Speed that you pay for and freeloaders do not. (There are ways to regulate the amount of speed that legitimate sharers can consume, which we will look at it in a separate tutorial on creating a wireless hotspot.)

Worse still, freeloaders on your Internet connection could engage in malicious or illegal activity, like sending spam and viruses, which could ultimately be traced back to your Internet service. Not cool.

If you live on a farm without any neighbors for more than half a mile, wireless security might not be a major concern. But, if you live in a more populous area—unless you know and trust everyone who comes and goes within a few hundred yards of your home or office—you will want to secure your wireless router in three ways:

Security level one—change the password to your wireless router. Out-of-the-box, every wireless router has a default login that you use to access the Web-based administration screen. These defaults are widely available on the Web, meaning that anyone within wireless earshot can log in to your router and change your settings, potentially even locking you out of our own Internet service. Your manual will describe how to set a custom password. As always, when choosing a password, select a non-obvious phrase and write it down somewhere safe.

Security level two—encryption. When configuring your wireless router's broadcasting options, you will have the choice to choose a type of encryption. Many new routers offer three types: WEP, WPA, and WPA2.

WEP is the least secure encryption and should only be used if you must connect a PC with an older wireless card that does not support WPA. Better yet, upgrade the wireless card in the PC, because WEP is relatively easy for hackers to break.

Either WPA or WPA2 are good choices. Support for WPA is more widespread among wireless receivers. Some routers will let you select either/or mode, using WPA or WPA2 depending on the capability of the wireless receiver. Much more important than your choice between WPA and WPA2 is the passphrase you select. For maximum security, you should create a passphrase that uses the maximum length of 64 characters and includes letters, numbers, and symbols (like * and !), but at minimum your passphrase should be at least 20 characters. It helps to use an online passphrase generator to create a very secure combination.

Creating a strong WPA passphrase does come at a cost of convenience—you will have to plug this in to any wireless PC that tries to connect to your network. Each PC will let you save the password so you don't have to re-type it every time it connects.

Security level three (optional)—whitelist. Most wireless routers support a security feature called a "MAC address list." Every wireless receiver has a unique identification code called a MAC address. You can find the MAC address for your mobile or desktop PC using a variety of methods.

When you plug in these approved MAC address into your wireless router's MAC address list configuration, it will only allow connections from these wireless receivers—like a bouncer who lets only approved VIP's into the club.

A MAC address whitelist is a useful additional layer of protection if the computers in your LAN don't change very often. It may not be feasible to update the whitelist frequently if your network constantly hosts new visitors.

If, for whatever reason, you cannot or choose not to use encryption security, you can still create a MAC address whitelist to provide some level of protection to your wireless network. Note, though, that MAC addresses can be faked by savvy intruders.

Little things mean a lot

These basic tenets for soundly and securely sharing your Internet connection with a wireless network are simple, but often overlooked. 

The most common problem with wireless range, for example, is locating the wireless router in a basement, closet, or other isolated or shielded location. And, as any hacker can tell you, you can hardly throw a stick in any city without hitting a wireless router sporting a default password and no encryption.

Common sense, as they say, isn't always so common.

Aaron Weiss is a frequent contributor to Wi-FiPlanet.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.