Selecting the Access Point
An access point is the device that holds up all the wireless network and any device that wants to be part of the network has to connect to it. I will not go into more detail on how to select an access point as there are hundreds of different models with different speeds and so on to chose from. Find out your requirements on your wireless network, required speed and range, etc. and post on a forum to quickly get help to find one to match your needs.Selection of the SSID
The first thing to choose is a good SSID, the name of your network. What you should keep in mind here is to not choose a default name, for example: "Default", "d-link", "linksys" and other standard names should be avoided because the SSID is involved in the process of generating the network key. Because of that, there are many precomputed encryption keys for those network names making them easy to crack. You should therefore think of a name that no one else can possibly use or at least not likely to appear among the top 1000 most common SSID that can be fond here.SSID Broadcast
This feature is available at most access points and controls if you want the network to be advertised, that it is visible when people search for nearby wireless networks. Many people like to turn this off to make the network 'invisible' to others. But this is really a false sense of security, it is very easy for someone looking to discover the network anyway, and above all, this is a great security risk to your own computer as it always will send out requests to check if the network is nearby, making it possible to set up fake networks that your computer will be fooled into connecting to, a so-called man-in-the-middle attack. There are also usually some devices malfunction when you attempt to connect them to a hidden network, making this feature a useless headache. Therefore it is highly recommended not to hide your SSID.Choice of Channel
Next, we choose a channel for your access point to communicate on. Access points are talk using radio frequencies (2.4 Ghz band and some even 5GHz band) and works a bit like com radios. As soon any device on the network broadcast, no other device located on the same channel can transmit simultaneously. This means that if you have a neighbor who also has a wireless network and you both have chosen to work on the same channel, then the entire network have to wait for the device on the other network finished talking before it can start sending even if you have two completely separate networks. This reduces performance on the net and it would be of course avoided. The 2.4 GHz band, which is the most common today, has a total of 14 channels to choose from, with only 3 of which do not overlap each other. These channels are 1, 6 and 11, their specific frequency can be seen here:Source: Wikipedia |
Note, Channel 14 is a bit special because it basically only used in Japan, very few European products can use this channel and no American. Therefore we have to choose a channel not in use or has few as possible users.
When you buy a USB wireless card you often get some software to it to find and connect to wireless networks on a CD, these can often also be able to view the signal strength and channel of the networks in your vicinity when scanning for them. Windows built-in service to find networks does not report this. However, there is good freeware that can do this, for example inSSIDer that works well in Vista/Win7 and gives a very good overall picture of which channels are occupied. This program can be downloaded here: http://www.metageek.net/products/inssider
When we scanned our surroundings and have our little list of networks and channels they use, we see in the example above that there are a number of networks on channel 1, one on channel 6 and channel 11 is completely empty. Then we select the channel 11 where it right now are no other networks that may interfere with our own.
NOTE: If you for instance has three neighbors using channel 1, 6 and 11 respectively, you should not try to select a channel in the middle of them, but instead choose the same channel as any of them. Otherwise, your AP may happen to miss when another AP broadcasts as they are not on exactly the same channel and then you will get collisions if multiple AP's transmit simultaneously, which can result in very poor performance for both networks.
Choice of Encryption
A modern access point today can handle a bunch of different encryptions, the most common are WEP, WPA Personal (sometimes called WPA-PSK), WPA Enterprise, WPA2 Personal (sometimes referred to as WPA2-PSK) and WPA2 Enterprise.- WEP is an old, weak encryption that shall not be used under any circumstances, it is so weak that it is possible to get the key to the network in under 1 minute no matter what you chose to set the key to. For anyone who knows how to use google is a WEP encrypted network basically the same thing as a completely open network.
- WPA Personal is a much more secure encryption, but still contains some weaknesses. The reason for choosing this is if you have some devices in the network that do not support WPA2.
- WPA2 Personal is the best option to date, as long as all devices to be connected to the network supports it, you should use WPA2.
- WPA/WPA2 Enterprise is a server-based option intended for companies with a lot of users and not something you need for your home network.
When you select WPA or WPA2, you will also get to choose which encryption algorithm to use, there is usually TKIP and AES to choose from. Here we choose AES, it is a very strong and safe security algorithm. TKIP in combination with WPA has some flaws and should be avoided.
Selecting the Network Key
When selecting your key or password to your network the same rules as setting passwords to anything you want to stay safe applies, use mixed numbers, letters and special characters. A WPA/WPA2 key must be at least 8 characters long, I would recommend 10 characters or more. Then not even a computer farm model large can crack the key within a reasonable time. The only effective attack against this network would be dictionaries, so I would again emphasize that you should not use any words, even modified by numbers, as many cracking tools will try and replace the letters in the words with numbers. Completely random character is the only thing that is completely safe.However, unlike other passwords this ones can be written down and saved at your computer or on a note for easy display for guests to access your network, since someone who want to break into your network will probably never visit your home.