Seven Tips for Safely Sharing Your Access Point Tips for Securing Your Wireless Internet Connection Aaron Weiss
Step 5. Doubling Up
Sometimes your wireless router will just not provide a good signal to the outer reaches of your space. One way to extend wireless coverage is to add a second wireless router, positioned in a weak coverage area.
You can add a second (or third or fourth) wireless router with or without cabling. To extend your range using a physical cable, you would need to run a cable from one of the network ports on your primary wireless router to one of the network ports on your additional router. The "extension" router will need to be configured to behave as a simple access point (AP) rather than a full-fledged router, so that the two routers do not conflict with each other.
Many wireless routers also support a feature called WDS, or wireless distribution system. If both your wireless routers support WDS, they can be configured to extend the range of your wireless network without using any physical cabling. When in WDS mode, the extension routers will essentially receive and rebroadcast the signal from your primary router, letting you reach more nooks and crannies.
Step 6. Secure that Signal
You want to share your Internet connection wirelessly, but you don't want to share it with everyone and anyone. Those wireless signals can contain sensitive information — your passwords to Web sites, for example. Nor do you want strangers sharing your Internet connection.
For one thing, your connection provides a finite amount of speed. Speed that you pay for and freeloaders do not. (There are ways to regulate the amount of speed that legitimate sharers can consume, which we will look at it in a separate tutorial on creating a wireless hotspot.)
Worse still, freeloaders on your Internet connection could engage in malicious or illegal activity, like sending spam and viruses, which could ultimately be traced back to your Internet service. Not cool.
If you live on a farm without any neighbors for more than half a mile, wireless security might not be a major concern. But if you live in a more populous area — unless you know and trust everyone who comes and goes within a few hundred yards of your home or office — you will want to secure your wireless router in three ways:
Security level one — change the password to your wireless router. Out-of-the-box, every wireless router has a default login that you use to access the Web-based administration screen. These defaults are widely available on the Web, meaning that anyone within wireless earshot can log in to your router and change your settings, potentially even locking you out of our own Internet service. Your manual will describe how to set a custom password. As always, when choosing a password, select a non-obvious phrase and write it down somewhere safe.
Security level two — encryption. When configuring your wireless router's broadcasting options, you will have the choice to choose a type of encryption. Many new routers offer three types: WEP, WPA, and WPA2.
WEP is the least secure encryption and should only be used if you must connect a PC with an older wireless card that does not support WPA. Better yet, upgrade the wireless card in the PC, because WEP is relatively easy for hackers to break.
Either WPA or WPA2 are good choices. Support for WPA is more widespread among wireless receivers. Some routers will let you select either/or mode, using WPA or WPA2 depending on the capability of the wireless receiver. Much more important than your choice between WPA and WPA2 is the passphrase you select.
For maximum security, you should create a passphrase that uses the maximum length of 64 characters and includes letters, numbers, and symbols (like * and !), but at minimum your passphrase should be at least 20 characters. It helps to use an online passphrasegenerator to create a very secure combination.
Creating a strong WPA passphrase does come at a cost of convenience — you will have to plug this in to any wireless PC that tries to connect to your network. Each PC will let you save the password so you don't have to re-type it every time it connects.
Security level three (optional) — whitelist. Most wireless routers support a security feature called a "MAC address list." Every wireless receiver has a unique identification code called a MAC address. You can find the MAC address for your mobile or desktop PC using a variety of methods.
When you plug in these approved MAC address into your wireless router's MAC address list configuration, it will only allow connections from these wireless receivers — like a bouncer who lets only approved VIPs into the club.
A MAC address whitelist is a useful additional layer of protection if the computers on your LAN don't change very often. It may not be feasible to update the whitelist frequently if your network constantly hosts new visitors.
If, for whatever reason, you cannot or choose not to use encryption security, you can still create a MAC address whitelist to provide some level of protection to your wireless network. Note, though, that MAC addresses can be faked by savvy intruders.
Step 7. Little Things Mean a Lot
These basic tenets for soundly and securely sharing your Internet connection with a wireless network are simple, but often overlooked.
The most common problem with wireless range, for example, is locating the wireless router in a basement, closet, or other isolated or shielded location. And, as any hacker can tell you, you can hardly throw a stick in any city without hitting a wireless router sporting a default password and no encryption.
Common sense, as they say, isn't always so common.
