Step-By-Step: How to Build a Safe, Secure Network

The era of the unconnected PC has largely passed into history. Beyond the home office and children's rooms, PCs are popping up in such formerly unconventional locations as on the kitchen counter or on a shelf in the living room.

A network will let you share a broadband Internet connection or a printer, as well as documents, spreadsheets, digital photos, and MP3 audio files.

Wireless remains the hot technology; and as standards evolve, increased security and higher-speed connections are becoming available. The easiest way to share a broadband Internet connection is to use a router, and even today's inexpensive routers have firewall features for added security. You'll still need to take steps to lock down your network, though (see "Wireless Network Security 101").

A word about compatibility: While Wi-Fi standards theoretically allow wireless network equipment from different manufacturers to work together, it doesn't always happen that way. If you're starting from scratch, your best bet is to use wireless hardware from a single manufacturer. Thankfully, you won't have the same problems with wired ethernet networking equipment from different manufacturers.

Installation is slightly different for every product. The steps illustrated here are generic. Consult your manual before you begin, and back up any critical data on each of your PCs before you start assembling your network (see "Ultimate Backup Guide").

The Top Down

Benefits: Share documents, photos, MP3 music, printers, and a high-speed Internet connection among multiple desktop and notebook PCs.

Expertise level: Intermediate

Time required: 30 to 60 minutes per PC

Tools required: Phillips screwdriver and antistatic wrist strap (for add-in cards)

Vendors: D-Link, Linksys, Microsoft, Netgear, SMC Networks, ZyXel

Choosing the Right Network

There are more choices than ever in types of networks. Though each arrangement has its advantages and disadvantages, the large selection of products eases the job of setting up the network that's best for you.

Standard Wired Ethernet



Advantages: 10/100 wired ethernet is inexpensive, easy to set up, and faster than wireless. New gigabit (10/100/1000) technology is superfast, though it's designed primarily for business settings.

Disadvantages: Requires running cables to a central connection switch or router. More-expensive gigabit adapters and switches require special, more-expensive cable.

Costs: 10/100 add-in cards, $15-$20 per PC, or gigabit add-in cards, $90-$110 per PC; 10/100 switch, $35-$75, or gigabit switch, $100-$200; Internet router/firewall, $50-$75.

Wireless (Wi-Fi)



Advantages: No wires to run through your walls or hallways; use your laptop to surf the Web from your couch or patio.

Disadvantages: More expensive than wired. Must be set up carefully for maximum security and range. Evolving standards can be confusing and incompatible. Speed falls as distance increases.

Costs: 802.11b PC Card (10 mbps), $50-$90, or 802.11b/g PC Card (54 mbps), $70-$100; add-in wireless PCI card, $90-$125 per PC, or USB wireless adapter, $50-$90 per PC; single-speed wireless router, $50-$100, or dual-speed wireless router, $225-$300.

Hybrid Network



Advantages: Offers the best mix of convenience and cost.

Disadvantages: Different technologies can make setup difficult.

Costs: See "Standard Wired Ethernet" and "Wireless (Wi-Fi)" above.

Power-Line Network



Advantages: Simple to install; network runs on your electrical wiring.

Disadvantages: Slow (12 mbps); relatively expensive; adapters from different companies won't necessarily work with one another.

Costs: $90-$100 per PC.

Installing Network Adapters

Note: If your desktop or laptop PC carries a built-in wired or wireless network adapter, you have a head start. If it's part of the motherboard, it's usually enabled by default, but make sure by opening and examining your PC Setup program. Refer to your PC manual for details.

1. In all three situations shown here, Windows should automatically recognize the network product. Follow the manufacturer's directions for installing the driver and any additional utilities; some require you to install the driver before adding the adapter.

Photograph: Kevin Candland


(A) Add-in cards (wired or wireless): Turn off your PC and unplug it from the wall. Wear an antistatic wrist strap to avoid static damage. Find a free PCI slot, remove the slot cover, carefully insert the network card into the slot, and fasten the card down with a screw. Close your PC's case and restart the machine.



(B) Wireless and power-line USB products: With your computer up and running, plug the adapter into a free USB port.

(C) PC Card: Simply plug the card in while the laptop is running.



2. Hook up the router. To share a broadband Internet connection, you'll have to hook up your DSL or cable modem to your router. Use the cable that comes packed with the router, and make sure you plug it into the correct jack, usually labeled 'WLAN'.



3. Connect the wires. If you're using a standard, wired network, plug a Category 5 network cable into the computer's network jack, and insert the other end into the hub, switch, or router. (Many wireless routers include a built-in switch that allows you to connect additional PCs using an ethernet cable.) Repeat for each connected PC.



4. Install drivers and software. Many wireless adapters and other networking products require software apps beyond their basic drivers. Follow the manufacturer's directions. Windows' Network Setup Wizard will guide you through the final steps. In Windows XP, go to Start, My Network Places, and click Set up a home or small office network in the Network Tasks section.

Search for Network Troubleshooter in Windows Help if you encounter problems.



What's This Thing Called DHCP?



One of the most confusing parts of configuring a router involves the Dynamic Host Configuration Protocol (DHCP) settings. Despite the intimidating terminology, it's quite simple. Just as every Web site on the Internet has a unique TCP/IP address associated with its URL (PCWorld.com's main Web site address is 65.228.224.30), every PC on your home and office network needs to have a unique TCP/IP address to share an Internet connection. Specific requirements govern how these addresses are formed. Instead of your generating addresses manually, the DHCP server included in the router automatically assigns addresses to all PCs. For the easiest network setup, make sure that DHCP is enabled in your router and on the network adapters of all PCs connected to the network.

Wireless Network Security 101

If you're running a wireless network with a router connected to the Internet, you have a small two-way broadcasting station that's a tempting target for unscrupulous folks. If you don't take some basic precautions, someone cruising by with a wireless-equipped laptop can freeload on your Internet connection, or gain access to your PCs to steal your data or to use your computer to send spam.

Wireless security is a work in progress, with evolving standards; and given enough time and access, a determined hacker can probably break into your wireless system. Still, you can take a number of steps to make the interloper's job far more difficult.

The settings shown here (from a Linksys WRT54G router) are typical, but check your manual for specific directions on how to access and change your router settings (usually by using a Web browser). For more tips, see "Beating the Wireless Blues."

1. Change the router password. One important (and often forgotten) security measure is to change the default password that lets you access the router settings.



2. Disable remote router access. This won't prevent a determined local wireless user from accessing your router, but it will keep anyone from accessing your router from a remote location through the Internet.



3. Change the SSID and disable broadcasting. The Service Set Identifier (SSID) is the name of your local wireless network. You'll need to know it in order to set up other wireless clients on your network. All wireless routers come with a default SSID that you should change. While you're at it, disable SSID broadcasting, which advertises the network to anyone in the vicinity who is using a wireless-equipped computer.



4. Turn on the firewall. Routers usually have their firewall turned on by default, but make sure that's the case. Also, enable any additional firewall features such as the ability shown here to block anonymous Internet requests. For extra security, run a software firewall on every PC on your network. For more information on how to do this, see "Bulletproof Your PC With a Software Firewall."



5. Enable data encryption. Data transmitted by a wireless network can be read by anyone who picks it up unless it's encrypted. All wireless routers have encryption capabilities. We don't have room here for a full discussion of the various types of encryption, but WPA (Wi-Fi Protected Access) is the standard that offers the most protection of data. Choose 'WPA Pre-Shared Key' for home or small-business networks. (Don't worry about any entries with 'RADIUS' options. Those are for large corporate installations.)

Wired Equivalent Privacy (WEP) isn't as secure as WPA, but if you have older wireless cards on your network computers, you'll have to use it. WEP and WPA aren't compatible.



When you make your choice, additional options and menu items will appear. Check your router manual for detailed instructions.

6. Enable MAC filtering. The Media Access Control (MAC) address is a unique identifying number assigned to each network device. Enabling MAC filtering in your router improves your network's security by accepting transmissions only from PCs with specific MAC addresses. You can also prevent certain MAC addresses from accessing the network.

Using this option takes some work. The MAC address is usually printed on a sticker attached to a network card, or on the bottom of a laptop PC. To find your PC's MAC address in Windows XP, open a command box (Start, All Programs, Accessories, Command Prompt), type getmac, and press Enter. Do this for each PC on your network and enter it in your router's list.



Subscribe to the Business Brief Newsletter

Comments