Wireless LANs (Wi-Fi)

Wireless networks in homes and offices offer two advantages:

Freedom of movement;

No cables to install.

But, there are serious disadvantages:

Each wireless link is slower than a wired link.

Each wireless user slows down the other wireless users.

Planning a new network

Plan on cabling as much of a new network as possible. In many cases, cables will suffice for all connections. This offers much better security and speed than wireless connections.

Important Security Tip: If you're not using a router's wireless access capability, turn off its wireless access point.

Wi-Fi exposes all PCs to attack.

Networks that connect to the Internet reside behind at least one firewall that prevents malicious users from entering your network. However, if you have an unsecured wireless access point, you've opened a backdoor to all of your computers.

Remember that your Wi-Fi access point resides behind your firewall. Anyone can connect wirelessly to your network and attack your computers -- wireless and wired -- and try to download, damage, or delete your files.

Theoretical Speeds:

802.11b – 11 Mbps at 2.4 GHz

802.11a – 54 Mbps at 5.0 GHz

802.11g – 54 Mbps at 2.4 GHz

802.11n – 288 Mbps at 2.4 GHz

802.11ac – 346 Mbps at 5 GHz

As a rule of thumb, count on Wi-Fi links having real world throughputs of about a tenth of those of wired links.

Distance will vary from tens of feet to hundreds of feet.

Wi-fi network

Your Wi-Fi link won’t be 54 Mbps.

Some Wi-Fi components are advertised to work at up to 54 Mbps (megabits per second). This is an inflated number that excludes real world overhead. The maximum theoretical throughput for 802.11b (11 Mbps data rate) is only about 4.5 Mbps and for 54 Mbps 802.11a/g service it's about 24 Mbps.

In the real world, Wi-Fi throughputs are much less. Reasons for further throughput reduction:

Multi-path signal distortion

'Foreign' signal interference

Path loss

Packet collisions

Electrical noise

Communications are half-duplex (only one node may transmit at a time)

Packet collisions occur on multi-station wireless networks because all wireless stations on an access point share a single Ethernet segment. (On a modern switched and cabled network, packet collisions are dramatically reduced.)

Luckily, Wi-Fi specs include error correction methods, but the process of correcting errors reduces throughput. Users don't see packet collision and dropped packet reports, but they do perceive them as a slowing of their network.

Finally, Wi-Fi communications are half-duplex: first the wireless access point transmits while the wireless user's station receives, then the wireless user's station transmits while the wireless access point receives. At any moment, only one station (or wireless access point) may transmit. Everybody else must listen.

The IEEE 802.11 ("WiFi") specification is evolving:
Wireless Authentication 8021X Overview

Setting up a secure Wi-Fi wireless link

We must walk before we can run. I recommend that first, you create a wired link between your router and the PC in question. Make sure that you have communication in both directions. (You may need to temporarily place the PC near the router to connect a Category 5 100baseT LAN cable between the router and the PC.) Then, create an unsecured wireless link. Finally, secure the wireless link.

Modern routers usually include a built-in web server which allows you to manage the router from a web browser such as Internet Explorer. Usually you access this by first connecting an ethernet cable from your computer to the router and then, from within your web browser, logging unto the router's default IP address. If you don't have the documentation for your router, try http://192.168.0.1, http://192.168.0.254, http://192.168.1.1, or http://192.168.1.254.

Your router may challenge you to enter a username and password. Find the defaults for these in your router's documentation. If you don't have documentation, note that many routers are shipped with username admin and no password, so try that first. Otherwise, find your router's default username/password here or here.

From within your router's configuration screens, you should enable wireless security. WEP (Wired Equivalent Privacy), while based on a good algorithm, is weak. With the right software, a hacker can break it within a few minutes. Don't use WEP if WPA is available.

I recommend WPA (Wi-Fi Protected Access) or WPA2. When used with a strong passphrase it's very difficult to break. (From Microsoft: Strong passwords: How to create and use them)

You'll need to configure your wireless computers so that they and your router's wireless access point agree on the encryption scheme and password.

While configuring your router, create a "whitelist" of computers that are allowed to use your wireless link. Each computer will be defined in this whitelist by its MAC (Media Access Control) address. You can configure your wireless access point to exclude all other computers. (Note: This step alone won't suffice. It's possible for a hacker to sniff your wireless link and spoof a whitelisted computer's MAC address. Think of it as a "soft" barrier that can be easily cracked.)

Some routers allow "WAN administration". Make sure that if yours does, that it is disabled. Otherwise, a hacker anywhere on the Internet can bang away at the router's password prompt until he hits the right one.

Finish by creating a password to protect the router's admin account.