Windows Vista : Build Your Network (part 2) - Set Up a Wireless Router

3. Set Up a Wireless Router

A router allows you to connect your computer (or your workgroup) to the Internet, while simultaneously protecting you with its built-in firewall. A wireless router does the same thing, but also adds a wireless access point, which allows you to connect any number of WiFi devices to each other and to the Internet.

A typical WiFi setup was shown in Figure 3 (see, no wires), in which a wireless router provides Internet access to all your computers. Here's how to set this up and configure the security measures that should've been enabled out of the box:

1. Plug your DSL or cable modem (or whatever broadband connection you're using) into your router's WAN or Internet port.

2. Use an Ethernet cable to connect at least one PC to one of the numbered ports on your router, even if you eventually want to use that PC wirelessly.

3. Dispense with the software that comes with your router. Instead, open a web browser on the wired PC and type the IP address of your router into the address bar. In most cases, this is 192.168.1.1, but your router may be different; refer to your router's documentation for details. (You may also need to log in with a username and password at this point, also listed in said documentation, at least in theory.) If you can't connect to your router, and you're sure your PC's network card is working, see the "Can't Connect To Your Router?" sidebar, next.

   Can't Connect To Your Router? If you can't load your router's setup page, and you're certain you're using the correct IP address, the most likely cause is that your PC and your router are not on the same subnet. The subnet is the range of addresses governed by the first three components of the IP address, and Windows likes the default 192.168.1.x subnet. This means that the first three numbers of your computer's IP address must mach the first three numbers of your router's IP address, while the fourth number must be different. For instance, if your router's address is 192.168.0.1, then you might not be able to connect to it until you either change your PC's address to 192.168.0.x (where x is any number larger than zero) or change your router's address to 192.168.1.1 to connect to the router. Now, in theory, Vista should do all of this for you when you use the Obtain an IP address automatically option , but this is notorious for not working when the subnets don't match. If you suspect this is the problem, try setting a static IP address on your PC, at least temporarily, until you can connect to your router and reconfigure it to use the 192.168.1.x subnet.

   
   

4. Once you get your connection to your router working, you'll see your router's setup page, which should look vaguely like the one in Figure 5. Of course, your router's setup page will almost certainly look different, but most of the same settings will still be there.

   Figure 5. Most routers use a web-based setup, meaning that you can configure your router from any computer, running on any platform, as long as it has a web browser

   

5. Choose your connection type from the list. If your Internet connection requires a username and password, select PPPoE. If your ISP has provided an IP address for your connection, select Static IP. Otherwise, choose Automatic Configuration - DHCP.

6. If you've selected PPPoE or Static IP in the previous step, you'll probably need to enter the IP addresses of your ISP's DNS servers (your ISP should provide these numbers for you).

7. Click Apply or Save Settings at the bottom of the page when you're done.

8. At this point, you should have Internet access; go ahead and test it by opening a second browser window (Ctrl-N) and visiting any web site.

9. Take this opportunity to visit the router manufacturer's web site and look for an update to the router firmware; if there's a newer version, download and install it right away.

   Firmware updates typically fix bugs and improve performance, and substantial updates may add support for newer encryption protocols like WPA2 (discussed later), so don't skip this step!

   
   

10. Next, go to your router's wireless setup page, like the one shown in Figure 6—you can get there with either a link in the main menu or a tab across the top of the page—and choose a new name (SSID) for your wireless network. 

    Figure 6. Use your router's wireless setup page to configure the security settings for your wireless network

    

    The only way Vista distinguishes one configured network from another is the SSID, so choose a unique name for your network. If you were to use a generic name like "wireless" or leave the default name (e.g., "linksys") intact, you might run into a problem later on. For instance, if a neighbor has a WiFi network with the same name, you might not be able to see your own network. Or, if your home network has the same name as the one at work, yet both have different encryption settings (set later in this section), Windows may not recognize both networks as unique without a lot of hassle.

    When choosing an SSID, you should also avoid names that give away your location, such as your street address or the name of your business. An intruder—or WiFi leech, for that matter—might exploit that extra information to boost his or her own signal or, worse, break into your network.

11. Next, check to see whether the Wireless SSID Broadcast option is turned on or off, and make sure it's set the way you want it.

    Opinions differ on whether turning off SSID broadcast is a good or bad idea. Your SSID is a backdoor to your wireless network; if you broadcast your SSID, you expose one more piece of information someone could use to connect to your network. If it's hidden (and you've chosen a unique name), you make it that much harder for someone to break in. On the other hand, a hidden SSID doesn't necessarily guarantee an invisible network; in fact, certain settings in Windows can be exploited to expose your hidden SSID,  So, don't rely solely on a hidden SSID to protect your wireless network.

    
    

    When you're done here, click Apply or Save Settings.

12. Next, you'll want to set up your router's encryption feature for the best wireless security. You can typically get to this setting by clicking a button on the wireless page named Encryption, WEP, or—in the case of the example in Figure 7-6—a separate tab named Wireless Security. Figure 7 shows a typical wireless encryption setup page.

    Figure 7. Configure your wireless router's encryption settings to prevent others from connecting to your wireless network without your permission

    

    Now, Vista understands several different types of wireless encryption, all used to prevent intruders from connecting to or spying on your wireless network unless they have your secret encryption key. Of course, some are better than others; see the upcoming "Choosing the Right Encryption Scheme: WEP, WPA, or WPA2?" sidebar for details.

    Choosing the Right Encryption Scheme: WEP, WPA, or WPA2? Encrypting your wireless network accomplishes two things: it helps keep out leeches who would otherwise use your WiFi for free Internet, and it helps prevent intruders from breaking into your system to snoop around your PC. Of course, most wireless routers have encryption turned off by default, so any choice you make is better than none at all. The three prevailing standards for wireless encryption—all supported by Vista out of the box—are: WEP Wired Equivalent Privacy (or Wireless Encryption Protocol) is the original protection scheme included with early wireless routers, and it is also the weakest. With the right software, an intruder can easily break into a WEP-protected network in a few minutes using the Related-key attack. Use WEP only if you have older PCs or devices that don't support WPA, described next. WPA WiFi Protected Access was established as a stopgap measure to remedy the vulnerabilities in WEP. If you have any Windows XP machines on your network, they'll need Service Pack 2 to connect to a WPA-encrypted network. WPA2/PSK Also known as 802.11i or PSK for Pre-Shared Key, WPA2 is the completed form of WPA, and is considered the strongest nonproprietary encryption scheme for 802.11x wireless networks. Any wireless products certified after March 2006 are supposed to fully support WPA2. WPA2 is supported under Windows XP if the WPA2/WPS IE update (available at http://support.microsoft.com/kb/893357) is installed. Macs will need AirPort 4.2 or later to use WPA. Those using WPA or WPA2 will have a choice between the Personal and Enterprise varieties. As enticing as Enterprise may sound, it requires a RADIUS server typically used only in large companies, making Personal the proper choice for most home and small-business networks. Next, your router may support the AES (Advanced Encryption Standard) or TKIP (Temporal Key Integrity Protocol) encryption algorithms, or both. Of the two, AES is stronger, but it is supported only by WPA2. If you experience connection problems with AES, wherein certain web sites won't load, try switching to TKIP (or vice-versa). If your router allows it, select AES and TKIP to make troubleshooting easier, and then choose one algorithm or the other in Windows. So, for best wireless security, choose WPA2-Personal with AES and TKIP.

    
    

13. Once you've enabled wireless encryption, you'll need to choose a key or passphrase.

    With WPA or WPA2, you type a word or a phrase into your router's setup page, and then type the same word or phrase into Windows to connect, as described in "Section 7.1.4," next. (In Figure 7-7, I chose "Beware of the Leopard!" as my passphrase.) The stronger the passphrase you enter, the more secure your wireless network will be. A WPA passphrase can be 8–63 characters (bytes) long, but the 802.11i standard recommends a passphrase at least 20 characters long to deter practical attacks.

    With WEP, your router may have you type a passphrase, but it's only used to generate a key. WEP keys are hexadecimal strings of numbers (0–9) and letters (A-F), and are either 10 or 26 digits long (for 64- or 128-bit security, respectively). You then type the hex key—not the passphrase—into Windows to connect.

    Before you save your changes here, make things easy on yourself and take this opportunity to record your passphrase or key. Highlight the key (if there's more than one, use the first key, Key 1) and press Ctrl-C to copy it to the clipboard. Then, open your favorite text editor (e.g., Notepad), and press Ctrl-V to paste it into a new, empty document. Save the file on your desktop (or a USB memory key to set up other PCs); this will allow you to easily paste it into various dialog boxes later on, which is easier than having to type it.

    
    

14. Click Apply or Save Settings at the bottom of the page when you're done.

15. Unplug the cable connecting your PC to your router, and then attempt a wireless connection, as described in the next section, "Section 7.1.4." See the upcoming "Router Placement 101" sidebar for ways to improve reception (and thus the performance of your wireless network).

Router Placement 101 The tiny WiFi transceiver in your laptop should be capable of picking up any wireless network within about 100 feet, perhaps a little more if you have newer equipment. If indoors, this typically includes no more than about two or three walls, and perhaps one floor or ceiling. But the placement of your wireless router and the arrangement of natural obstacles near it will have a significant effect on the strength and range of your WiFi signal. Your router should be out in the open; don't put it under your desk, in a drawer, or behind a metal file cabinet. If you're feeding more than one computer, it should be placed in a central location, if possible. Use the signal strength indicator (Figure 7-10) to test various configurations. Consider cabling stationary computers so that you can optimize the placement of the router for your portable ones. The 802.11b, g, and n standards operate over the 2.4 Ghz band, which is also inhabited by cordless phones and microwave ovens. (The black sheep of the family, 802.11a, solves this problem by using the 5 Ghz band, but its short range and limited compatibility make it an unpopular choice.) This means that you'll get better results if you move the router away from any cordless-phone base stations, televisions, radios, or TV dinners. If, after adjusting the placement of your router, you still need more range than it seems to be able to provide, consider either a repeater (range extender) or an aftermarket antenna for your router. There are even a number of do-it-yourself antenna projects for both the router and client (e.g., laptop), including the creative use of a Pringles™ can.

If you employ encryption using these settings, but you subsequently can't connect to it wirelessly, it most likely means that you've entered the encryption key incorrectly on your PC. To fix the problem, you'll have to reconnect your PC to your router with a cable and modify the settings as described here. If that doesn't help, make sure you've installed the latest firmware on your router and the latest wireless drivers on your PC. As a final resort, reset the router as described in your router's documentation, and start over.

While it's important to employ as many security features on your wireless network as you can, you shouldn't rely entirely on them to protect your sensitive data. When you're done here, make sure you set a password for your Windows user account, and keep a watchful eye on precisely what resources you're sharing.