Networking

Wi-Fi Superguide: How to Build the Ultimate Wireless Network

Connect Client Devices

Neighbors' networks will appear when you pick your access point. Ignore those, and double-click your hardware.
Wireless PC clients often include configuration software from the Wi-Fi hardware company as well as the Windows Control Panel app. You can connect clients with either program, but I'll focus on the built-in Windows tool. Just make sure that you look through the extra software for an option to let Windows control the network settings.

Open the Network Connections Control Panel, and right-click the Wireless Network Connection. Select Properties. Then select the Wireless Networks tab, and click Add. Enter the SSID for the network, and click the box labeled Connect even if this network is not broadcasting. Choose WPA2 for Network Authentication. Set Data encryption to AES, and click OK twice. Again double-click the Wireless Network Connection in the Control Panel, and choose the wireless network. Click Connect. Enter the network password, and click Connect. The PC will save the password, and in the future it will reconnect automatically.

Control Client Connections With MAC Address Filtering

Each networking component has its own MAC address; ignore the wired ethernet address.
An optional additional layer of wireless security known as "address filtering" checks connected devices against your own list of approved items; then, even if someone has your network password, the router won't let unapproved hardware gain access to the network. The list relies on the unique MAC (media access control) address assigned to each piece of hardware at the factory. Like the other layers of security, this one isn't impregnable. Theoretically, hackers could change their MAC address to match one of your friendly IDs, if they knew what it was. But such an attack is pretty unlikely to succeed (or occur), especially when you combine MAC address filtering with the previous security steps.

Address filtering does introduce an extra step to the process of connecting new devices to your network, but in return you get a little more peace of mind. Don't imagine that address filtering is equivalent to encryption, however: It doesn't prevent interlopers from intercepting your transmissions as WPA2 does.

To get started, connect all of your wireless clients to the network, using your WPA2 password. Remember to include PCs, smart phones, wireless game systems, media-streaming hardware, and other linked devices.

Revisit the configuration page for your wireless router, and enter your administrative password to log in. Look for an option to configure MAC address filtering (sometimes called "network filtering"), most likely inside the router's wireless settings area. Enable the filter, and set it so that it permits only identified MAC addresses to gain access to the network. Many routers have a button that shows all connected devices and lets you add them automatically. If not, before you enable the filter, copy the MAC address form the DHCP client table; it is often listed there under a Status (or Wireless Status) heading. Save the changes and wait for the router to restart if necessary.

In the future, you'll have to type the MAC addresses for any new device you wish to add to your network. You can quickly look up a laptop's MAC address by clicking Start, Run, typing cmd and pressing OK. Then type ipconfig /all and press Enter. Look for the set of six pairs of numbers and letters in the ethernet adapter Wireless Network Configuration area.

Firewall Security

The network's main firewall precaution filters out anonymous Internet requests that you didn't initiate.
Your router likely includes a firewall consisting of two parts: network address translation (NAT) and stateful packet inspection (SPI). In most instances, NAT is turned on by default. This method of routing lets Internet traffic connect to the router with a single, external IP address; the router controls which internal computers send and receive information. SPI takes this a step further, ensuring that incoming data is arriving in response to requests from your internal PCs. Turn on the SPI firewall in your router's configuration page (most likely under a security tab). With SPI enabled, the router will ignore traffic that you didn't request.

Sometimes, these settings block traffic--such as a game or other application--that you want. If you're having trouble with certain programs, change the port-forwarding settings. Essentially, this amounts to adding the external port for a program that the router is blocking, and entering the internal IP address for that PC. (Many common port numbers can be found online.)

Subscribe to the Business Brief Newsletter

Comments