3. Set Up a Wireless Router
router allows you to connect your computer (or your workgroup) to the
Internet, while simultaneously protecting you with its built-in
firewall. A wireless router does the same thing, but also adds a wireless access point, which allows you to connect any number of WiFi devices to each other and to the Internet.
A typical WiFi setup was shown in Figure 3 (see, no wires),
in which a wireless router provides Internet access to all your
computers. Here's how to set this up and configure the security measures
that should've been enabled out of the box:
Plug your DSL or cable modem (or whatever broadband connection you're using) into your router's WAN or Internet port.
an Ethernet cable to connect at least one PC to one of the numbered
ports on your router, even if you eventually want to use that PC
with the software that comes with your router. Instead, open a web
browser on the wired PC and type the IP address of your router into the
address bar. In most cases, this is 192.168.1.1,
but your router may be different; refer to your router's documentation
for details. (You may also need to log in with a username and password
at this point, also listed in said documentation, at least in theory.)
If you can't connect to your router, and you're sure your PC's network
card is working, see the "Can't Connect To Your Router?" sidebar, next.
you can't load your router's setup page, and you're certain you're
using the correct IP address, the most likely cause is that your PC and
your router are not on the same subnet. The subnet is the range of addresses governed by the first three components of the IP address, and Windows likes the default 192.168.1.x subnet.
means that the first three numbers of your computer's IP address must
mach the first three numbers of your router's IP address, while the
fourth number must be different. For instance, if your router's address
is 192.168.0.1, then you might not be able to connect to it until you either change your PC's address to 192.168.0.x (where x is any number larger than zero) or change your router's address to 192.168.1.1 to connect to the router.
Now, in theory, Vista should do all of this for you when you use the Obtain an IP address automatically
option , but this is notorious for not
working when the subnets don't match. If you suspect this is the
problem, try setting a static IP address on your PC, at least
temporarily, until you can connect to your router and reconfigure it to
use the 192.168.1.x subnet.
you get your connection to your router working, you'll see your
router's setup page, which should look vaguely like the one in Figure 5. Of course, your router's setup page will almost certainly look different, but most of the same settings will still be there.
Figure 5. Most routers use a web-based setup, meaning that you can configure
your router from any computer, running on any platform, as long as it
has a web browser
Choose your connection type from the list. If your Internet connection requires a username and password, select PPPoE. If your ISP has provided an IP address for your connection, select Static IP. Otherwise, choose Automatic Configuration - DHCP.
If you've selected PPPoE or Static IP
in the previous step, you'll probably need to enter the IP addresses of
your ISP's DNS servers (your ISP should provide these numbers for you).
Click Apply or Save Settings at the bottom of the page when you're done.
At this point, you should have Internet access; go ahead and test it by opening a second browser window (Ctrl-N) and visiting any web site.
this opportunity to visit the router manufacturer's web site and look
for an update to the router firmware; if there's a newer version,
download and install it right away.
updates typically fix bugs and improve performance, and substantial
updates may add support for newer encryption protocols like WPA2
(discussed later), so don't skip this step!
Next, go to your router's wireless setup page, like the one shown in Figure 6—you
can get there with either a link in the main menu or a tab across the
top of the page—and choose a new name (SSID) for your wireless network.
Figure 6. Use your router's wireless setup page to configure the security settings for your wireless network
The only way Vista distinguishes one configured network from another is the SSID, so choose a unique
name for your network. If you were to use a generic name like
"wireless" or leave the default name (e.g., "linksys") intact, you might
run into a problem later on. For instance, if a neighbor has a WiFi
network with the same name, you might not be able to see your own
network. Or, if your home network has the same name as the one at work,
yet both have different encryption settings (set later in this section),
Windows may not recognize both networks as unique without a lot of
an SSID, you should also avoid names that give away your location, such
as your street address or the name of your business. An intruder—or WiFi
leech, for that matter—might exploit that extra information to boost
his or her own signal or, worse, break into your network.
Next, check to see whether the Wireless SSID Broadcast option is turned on or off, and make sure it's set the way you want it.
differ on whether turning off SSID broadcast is a good or bad idea.
Your SSID is a backdoor to your wireless network; if you broadcast your
SSID, you expose one more piece of information someone could use to
connect to your network. If it's hidden (and you've chosen a unique
name), you make it that much harder for someone to break in. On the
other hand, a hidden SSID doesn't necessarily guarantee an invisible
network; in fact, certain settings in Windows can be exploited to expose
your hidden SSID, So, don't rely solely on a hidden SSID to protect your wireless network.
When you're done here, click Apply or Save Settings.
you'll want to set up your router's encryption feature for the best
wireless security. You can typically get to this setting by clicking a
button on the wireless page named Encryption, WEP, or—in the case of the example in Figure 7-6—a separate tab named Wireless Security. Figure 7 shows a typical wireless encryption setup page.
Figure 7. Configure your wireless router's encryption settings to prevent
others from connecting to your wireless network without your permission
Vista understands several different types of wireless encryption, all
used to prevent intruders from connecting to or spying on your wireless
network unless they have your secret encryption key. Of course, some are
better than others; see the upcoming "Choosing the Right Encryption Scheme: WEP, WPA, or WPA2?" sidebar for details.
your wireless network accomplishes two things: it helps keep out
leeches who would otherwise use your WiFi for free Internet, and it
helps prevent intruders from breaking into your system to snoop around
Of course, most
wireless routers have encryption turned off by default, so any choice
you make is better than none at all. The three prevailing standards for
wireless encryption—all supported by Vista out of the box—are:
Equivalent Privacy (or Wireless Encryption Protocol) is the original
protection scheme included with early wireless routers, and it is also
the weakest. With the right software, an intruder can easily break into a
WEP-protected network in a few minutes using the Related-key attack. Use WEP only if you have older PCs or devices that don't support WPA, described next.
Protected Access was established as a stopgap measure to remedy the
vulnerabilities in WEP. If you have any Windows XP machines on your
network, they'll need Service Pack 2 to connect to a WPA-encrypted
Also known as 802.11i or PSK for Pre-Shared Key, WPA2 is the completed form of WPA, and is considered the strongest nonproprietary encryption scheme for 802.11x
wireless networks. Any wireless products certified after March 2006 are
supposed to fully support WPA2. WPA2 is supported under Windows XP if
the WPA2/WPS IE update (available at http://support.microsoft.com/kb/893357) is installed. Macs will need AirPort 4.2 or later to use WPA.
Those using WPA or WPA2 will have a choice between the Personal and Enterprise
varieties. As enticing as Enterprise may sound, it requires a RADIUS
server typically used only in large companies, making Personal the
proper choice for most home and small-business networks.
Next, your router may support the AES (Advanced Encryption Standard) or TKIP (Temporal Key Integrity Protocol)
encryption algorithms, or both. Of the two, AES is stronger, but it is
supported only by WPA2. If you experience connection problems with AES,
wherein certain web sites won't load, try switching to TKIP (or
vice-versa). If your router allows it, select AES and TKIP to make
troubleshooting easier, and then choose one algorithm or the other in
So, for best wireless security, choose WPA2-Personal with AES and TKIP.
Once you've enabled wireless encryption, you'll need to choose a key or passphrase.
With WPA or WPA2, you type a word or a phrase into your router's setup page, and then type the same word or phrase into Windows to connect, as described in "Section 7.1.4," next. (In Figure 7-7,
I chose "Beware of the Leopard!" as my passphrase.) The stronger the
passphrase you enter, the more secure your wireless network will be. A
WPA passphrase can be 8–63 characters (bytes) long, but the 802.11i
standard recommends a passphrase at least 20 characters long to deter
With WEP, your router may have you type a passphrase, but it's only used to generate a key.
WEP keys are hexadecimal strings of numbers (0–9) and letters (A-F),
and are either 10 or 26 digits long (for 64- or 128-bit security,
respectively). You then type the hex key—not the passphrase—into Windows
you save your changes here, make things easy on yourself and take this
opportunity to record your passphrase or key. Highlight the key (if
there's more than one, use the first key, Key 1) and press Ctrl-C to copy it to the clipboard. Then, open your favorite text editor (e.g., Notepad), and press Ctrl-V
to paste it into a new, empty document. Save the file on your desktop
(or a USB memory key to set up other PCs); this will allow you to easily
paste it into various dialog boxes later on, which is easier than
having to type it.
Click Apply or Save Settings at the bottom of the page when you're done.
Unplug the cable connecting your PC to your router, and then attempt a wireless connection, as described in the next section, "Section 7.1.4." See the upcoming "Router Placement 101" sidebar for ways to improve reception (and thus the performance of your wireless network).
tiny WiFi transceiver in your laptop should be capable of picking up
any wireless network within about 100 feet, perhaps a little more if you
have newer equipment. If indoors, this typically includes no more than
about two or three walls, and perhaps one floor or ceiling. But the
placement of your wireless router and the arrangement of natural
obstacles near it will have a significant effect on the strength and
range of your WiFi signal.
router should be out in the open; don't put it under your desk, in a
drawer, or behind a metal file cabinet. If you're feeding more than one
computer, it should be placed in a central location, if possible. Use
the signal strength indicator (Figure 7-10)
to test various configurations. Consider cabling stationary computers
so that you can optimize the placement of the router for your portable
g, and n standards operate over the 2.4 Ghz band, which is also
inhabited by cordless phones and microwave ovens. (The black sheep of
the family, 802.11a, solves this problem by using the 5 Ghz band, but
its short range and limited compatibility make it an unpopular choice.)
This means that you'll get better results if you move the router away
from any cordless-phone base stations, televisions, radios, or TV
adjusting the placement of your router, you still need more range than
it seems to be able to provide, consider either a repeater (range
extender) or an aftermarket antenna for your router. There are even a
number of do-it-yourself antenna projects for both the router and client
(e.g., laptop), including the creative use of a Pringles™ can.
you employ encryption using these settings, but you subsequently can't
connect to it wirelessly, it most likely means that you've entered the
encryption key incorrectly on your PC. To fix the problem, you'll have
to reconnect your PC to your router with a cable and modify the settings
as described here. If that doesn't help, make sure you've installed the
latest firmware on your router and the latest wireless drivers on your
PC. As a final resort, reset the router as described in your router's
documentation, and start over.
it's important to employ as many security features on your wireless
network as you can, you shouldn't rely entirely on them to protect your
sensitive data. When you're done here, make sure you set a password for
your Windows user account, and keep a watchful eye on precisely what
resources you're sharing.