1.18.2010

Wireless Broadband


How quickly things change. Last year, broadband was the thing. Now that's history: wireless broadband is where it's at. And it's hardly surprising. Wireless connection - and a fast wireless Internet connection in particular - is fabulously convenient. Move your PCs to wherever you want them without worrying about trailing network cables everywhere; make Voice-over IP calls from the bathroom; surf from the sofa; stream music around your house wherever you want it.

Text "Haiti" to 90999 to donate to the Red Cross for Haiti relief. 100% of your $10 donation passes through.

The last time we looked at how to set up a wireless network, there were several qualifications, problems and caveats. Many new wireless devices simply didn't work properly out of the box - if at all - and Windows XP's wireless configuration boxes had the unfortunate habit of leading you round in circles.

All this is changing, though. And while the nature of radio waves is that you may occasionally suffer connection problems, things have moved apace in the last year. The advent of MIMO devices, which provide greater range and speed by using the radio waves that bounce off obstacles, is a huge step forward for the reliability of connections. And Windows XP Service Pack 2's much-improved wireless network support means there's really very little effort required to get yourself up and running.

There's one thing you should be aware of, though: security. You need to secure your new wireless network as soon as possible. The newest and safest encryption system, WPA, is a doddle to implement and extremely secure if you follow our walkthrough and setup tips. The word 'encryption' puts people off because it sounds complicated, but it's vital to secure your network from people leeching your connection, stealing your bandwidth and potentially gaining access to everything on your PC. An unsecured wireless connection is the equivalent of an open front door - it's a direct route to everything on your hard disk.

THE ESSENTIALS

While networking has become easier since the launch of Windows XP and its more or less self-configuring network connections, it can still be a topic couched in obscure jargon, which it's worth getting a passing knowledge of.

Routers

When people talk about wireless routers these days, they're talking about a wireless access point and router combined. The access point part allows your wireless PCs and devices to connect together; the router part allows those wireless devices to talk to wired devices and, crucially, gain access to your broadband connection. If your broadband is ADSL, you'll need a wireless ADSL router; if you have a Telewest or ntl subscription, which came with a cable modem featuring an Ethernet output, you need a wireless cable/DSL router. You can also get away with a cable/DSL router if your ADSL modem has an Ethernet port. There's some confusing terminology surrounding products too. Wireless routers are sometimes referred to as wireless gateways, switches or hubs - they're the same thing mostly.

Ethernet

Practically every PC motherboard these days has an Ethernet networking port with a maximum speed of 100Mb/sec (Fast Ethernet) or 1,000Mb/sec (Gigabit Ethernet). A wireless router will usually sport five Ethernet ports: one for the WAN (wide area network) connection, which connects to your cable or DSL modem supplied by your broadband ISP, and four for the LAN (local area network) side. You don't need to use these if you're going for a purely wireless setup, but they allow you to connect wired devices for one unified network, and it's useful to be able to connect with a wired connection for initial setup of your wireless security.

Network addresses

All modern networks, from your home LAN up to the Internet, now use the TCP/IP (Transfer Control Protocol/Internet Protocol) system to communicate; it's almost made all other network protocols obsolete. TCP/IP is a packet-switched networking system. This means data is divided up and sent from transmitter to receiver in small chunks. These packets of information can travel via different routes around the network and need to be routed to the correct destination. This is why the single most important concept in a TCP/IP network is the IP address. Every network adaptor - wired or wireless - on a network must be assigned a unique IP address for that network, so that data packets can find their way to the correct destination. Without exception, all wireless routers will by default handle that automatically via DHCP (dynamic host configuration protocol). The DHCP server in the router doles out an IP address to every wireless PC or device that tries to connect to it.

Gateways and DNS servers

As well as giving a wireless device an IP address, it also informs the device of three important bits of information it needs to communicate: the address of a gateway, the address of a DNS server and a subnet mask. The first two allow the device to communicate with the Net. A gateway is simply the IP address of the device that can route data to and from an external network; in the case of a home router, that external network is the Internet. So in the majority of cases, the gateway address is in fact the router's own IP address; it then acts as a broker, forwarding requests for web pages back and forth via a process known as NAT (network address translation).

A DNS (domain name system) server is one that a PC uses to translate 'friendly' web addresses (www.pcpro.co.uk, for example) into numerical IP addresses by which it can request web pages. The subnet mask is often the cause of confusion; it's a way of separating network subsegments. You don't need to worry about it, however - it's only of relevance to corporate-scale networks and doesn't impinge on getting your wireless network up and running.

Incidentally, NAT also acts as a safeguard in conjunction with any hardware firewall the router may have, since it means that external PCs on the Net can't get direct access to any given PC on your internal wireless network. This is in contrast to USB modems commonly supplied by ISPs, which place your PC onto the Internet directly and are an invitation to hackers.

Mac address

A second type of address you'll probably encounter is known as the MAC (media access control) address. Every standard Ethernet network device, including Wi-Fi access points and adaptors, has a unique hardware MAC address assigned to it at manufacture. For the end user, this is useful, because it allows MAC address-based security to restrict access to a wireless network.

NEW TECHNOLOGY

In the beginning - at least as far as consumers and small businesses were concerned - there was 802.11b, the first popularly adopted Wi-Fi standard. It offers a maximum theoretical throughput of 11Mb/sec, but in practice you're highly unlikely to achieve anything exceeding 5Mb/sec. Then came 802.11g to give a maximum theoretical throughput of 54Mb/sec, but again it's near impossible to achieve even a third of that in practice. But that isn't the only problem - variations in positioning and range make an enormous and unpredictable difference in the speed and reliability of both 11b and 11g wireless networks. This is particularly true in Europe as opposed to the US, where houses tend to be made of wood with thinner walls more easily penetrated by radio waves. Put joists, metal-reinforced concrete and so forth in its way and the results are unpredictable.

The standard issue

The solution may well lie in MIMO (multiple input, multiple output) technology. This forms part of the as-yet unratified standard 802.11n, which is set to replace 11b and 11g. MIMO splits one incoming data stream into multiple lower-rate streams, transmitting simultaneously via two or more aerials on the same channel. It improves both range and transmission speed by relying on a phenomenon known as multipath, where signals arrive at different times because of reflections. That's usually considered a problem, but here it effectively creates virtual radio channels along which more than one stream of data can be fed on the same frequency. Receiving the differing signals on multiple aerials, the two data streams can be reconstructed. Current WLAN MIMO technology has a maximum theoretical speed of 108Mb/sec - twice as fast as 802.11g and more than enough to cater for multiple users streaming multi-media files around a large house. MIMO offers higher speeds over longer range than conventional WLAN, so you'll be able to connect from further away without needing to spend extra on wireless bridges or repeaters.

You'll need to spend more on the router itself, though. Not just because a pre-N router such as the Belkin costs around £75 to the £40 of a typical 802.11g router, but because you'll also need to buy matching PC Cards (or USB adaptors) to upgrade the wireless radios in your notebook or PC.

Apart from the inevitably high cost of buying a new technology, the chief drawback of MIMO is that until it's ratified by the IEEE the way in which it's implemented by manufacturers will be proprietary. This means there's no guarantee MIMO products from different manufacturers will work together at 108Mb/sec; it's more likely that everything will slow to standard 802.11g speeds. But having been using MIMO products - in particular, Belkin's Pre-N router and network card - for the last couple of months, we're big fans of the technology. Range and, more importantly, reliability of the connection are hugely improved.

Transfer big files, fast

Four months ago, we tested 15 wireless routers in a group test and saw clearly the benefits of MIMO technology over standard 802.11g. Although the MIMO-based routers were generally faster than 802.11g routers at close range, the real difference came when we moved our test notebook further away from the router: while many routers struggled to make a connection, the MIMO routers kept transferring at 9Mb/sec. At close range, the Belkin hit almost 17Mb/sec, so even a 100MB file transferred in less than a minute. We've included the full group test on the cover disc this month (click on the Editorial tab).

Streaming DVDs

Media streaming is one of the big selling points of home wireless networking; devices such as the Sonos Digital Music System spread audio around the house. The bandwidth demands of streaming MP3 audio are pretty modest; the standard data rate is just 128Kb/sec (or, to put it another way, less than 0.2Mb/sec). But video is a different matter, and high-quality DVD- Video in MPEG2 format is different again.

There are various systems and proprietary setups on the market that claim to transmit video over a standard 802.11g connection, and this they certainly do. What they can't do, however, is transmit DVD- Video in its original form without reducing its quality or its resolution. There are no magic solutions to the problem of bandwidth - a system either has enough for a given application or it must strip out some information in order to transmit a given data stream. The minimum bit rate for DVD-Video is 4Mb/sec and can extend up to almost 10Mb/sec for short, high-quality movies. This is only the bitrate required for the raw data - transmitting it over the network adds the significant data overhead of network communication protocols and error correction.

Despite the claims of many 802.11g products of 'turbo' modes giving more than 100Mb/sec, we've yet to encounter an 11g product fast enough to stream raw DVDs simply by sharing the DVD-ROM drive in Windows over the network. With MIMO, though, it's a different story. We've had a lot of success using Belkin's Pre-N router and accompanying network card to stream DVDs flawlessly from one PC to another - simply by sharing the DVD drive using standard Windows file sharing - at a separation of about 10m, with a partition wall in line of sight. The trouble is, there still isn't enough spare bandwidth available to be able to guarantee this will work for you, so buying a Pre-N setup purely to stream DVDs might result in disappointment.

SECURITY

As we've already pointed out, you must secure your wireless network as soon as possible after getting it up and running. There are three aspects to wireless security. In order of importance, these are encryption, stealth and access restriction.

Encryption

Encryption is the most important simply because if you use encryption properly the other two are unlikely to matter - your network should be safe from abuse.

There are two standards for encryption over Wi-Fi: WEP (wired equivalent protocol) and WPA (Wi-Fi protected access). WEP is the older of the two, and WPA has come about because WEP simply isn't secure enough. A fundamental flaw in its implementation - to do with the way it appends an extra section on the end of your chosen encryption key - means that over a moderately busy network a snooper can break WEP in a matter of hours.

Until recently, using WPA instead of WEP wasn't easy, since many devices didn't support it, plus comprehensive built-in Windows XP support only came with Service Pack 2. But that's changed now, and we'd advise anyone using WEP to change to WPA immediately. It's easier to set up too; whereas WEP needs a specific-length, impossible-to-remember hexadecimal key, WPA generates its keys from a password that can be anything from eight to 64 characters in length, using any normal characters including spaces. You can generate a long but easy-to-remember passphrase, simplifying things if you're setting up several PCs with wireless connections.

Remember that any encryption system is only as good as its passwords, and that applies equally to WPA. Short or easy-to-guess passphrases are a gift to hackers so, unlike a PIN, a four-digit number is basically useless. A hacker has no limit to the number of passphrases he can try, so yours has to be long and obscure enough that an automated passphrase generator won't guess it.

As well as short numbers, certain things you might think are clever should also be avoided. So, for instance, you might think 'darthvader' is a good one, but in fact every hacker has a dictionary list containing millions of well-known passwords like that. So, 'wallaceandgromit' is out, as is 'frodobaggins'.

Instead, you want a couple of random words, some numbers and some odd characters. For instance, 'cheese672 badger123?' is strong and highly unlikely to be broken by a dictionary attack. A unique sentence - not a well-known quote like 'Ross has a boiler in the living room' - is good too.

Stealth

By default, all access points come pre-configured with a standard name known as an SSID (service set identifier), which the access point merrily broadcasts to all and sundry, allowing clients to see that there's an access point to connect to. This is very useful in Starbucks, but the last thing you want in your home setup. So you should do two things: first, change the default SSID; and second, hide it by instructing the router not to broadcast its presence.

This makes it much more difficult for anyone to find and start attacking your setup. It's as easy as pie and simply requires you to think of a name and check the 'hide SSID' option, which your router will invariably have in its web-based configuration.

Access restriction

This is the most tedious aspect of wireless security to set up, but if you're paranoid MAC-address-based access control is one more obstacle in the path of a determined hacker. As we mentioned earlier, every Ethernet device has a unique MAC address which is unique for that device. By setting up a table of the MAC addresses of your wireless devices in the router, you can restrict access to only those devices - any device with an unknown MAC address will be refused a connection. The drawback is that you have to manually enter the MAC address of every device you want to connect, but that's only a problem if you frequently have new hardware or you want guest devices to connect to your network with the minimum of fuss. Some routers also allow you to flip this idea on its head and specifically deny access to MAC addresses you specify and allow all others. This can be useful if you suspect a particular PC on your network has been infected by a virus - by specifically denying it access to the wireless network until you're sure the infection has been cleaned, you reduce the risk of the virus spreading without having to physically remove the wireless adaptor.

Detecting unauthorised access

If you suspect someone's stealing your bandwidth by connecting without your consent, it can be difficult to verify. The best thing to do is go into your router's web-based configuration system and check the client DHCP list. This is the list of network adaptors currently assigned an address on the router. If you're using only one computer (or, more specifically, one network adaptor), there should be only one IP address listed, and it should correspond to the host name and MAC address of your PC. If there's more than one and you haven't forgotten about any other wireless devices you have, such as printers or media-streaming audio gadgets, someone else is probably connected.

Looking at the DHCP list isn't foolproof, though: if the person stealing your bandwidth has had the presence of mind to manually configure an IP address it won't show up in the DHCP list. But many routers also have a log-file feature, some of which show all clients making a connection - this should be foolproof if you can be bothered to wade through it. If it does seem that someone's piggybacking, note the MAC address and block it, then change your SSID and encryption keys, and also change to WPA if you're using only WEP.

Don't get too paranoid, though: if you've followed these instructions and WPA is properly set up, there's little chance of anyone breaking into your system. Enjoy your wireless freedom.

No comments:

Post a Comment