Wireless networking

From time to time I'm asked to fix up someone's wireless networking, or set it up for them, the following touches on the usual issues that cause problems for people.  You should understand the basic principles involved, and use the manuals that come with your equipment for the specific techniques.  If you don't have one handy, do an internet search for a manual for your equipment (use the brand name and model details as part of your search).  As much as possible, I'd avoid using special set-up discs supplied with an access point or by your ISP, sometimes they add burdensome software to the computer, and (later on) you may need to re-configure your system when you don't have the disc, or the details have changed since the disc was created.

First things first

You start with configuring the access point (which may be just a wireless access point or a combination modem and router, the principle's the same), then you configure the devices that will be connecting to it.  It's usually best to get at least one computer talking to your access point before worrying about getting your access point connecting up to your ISP.

Much of this is fairly automatic.  Usually your computer's network interfaces are configured to set-up automatically, as their default configuration.  And most modem/routers will automatically assign the computer an address somewhere in the to range, so that they can connect to each other.  Simply connecting them together will usually just work.  It's issues like making things secure, and connecting to your ISP that will require your attention.

The usual way to configure an access point is by connecting to it through your web browser.  You'll browse to an address like, and enter information through a few web pages that are served from the access point, itself.  You may be asked to login with a username and password.  The address, username, and password that you use will depend on your particular equipment.

There's three reasons why you'd want the manual for your equipment, right there, but you can experiment around to find them out if you don't have a manual.  It's a common convention for routing equipment addresses to end with “.254” (e.g., as is ending with “.1” for the first thing on a network.  And it's common to find that “admin” and “password” are the default username and password (something that you should change).

Do your initial configuration while cabled to your access point

It takes wireless problems out of the equation:  Difficulties in making a connection, connecting to and configuring the wrong access point, and the chances that someone can snoop on you while entering confidential information (passwords, etc.).

I prefer the technique of turning wireless access off while setting up, and getting all wired and internet connections working separately from the wireless side of things.  You may need to save access point settings and restart it, to actually turn off wireless access.  If so, I'd do that before anything else.  If you're not sure whether saving and restarting is required, then presume that it is.  Then, as the last steps of configuration, setting up wireless encryption, then turning on wireless access.

While configuring the access point, I'd turn off features that allow the device to be reconfigured from the WAN side of things (remote access from somewhere out on the internet), set a new password for configuration access to the access point, then configure it for connection to the internet after you've removed WAN access.  If WAN configuration access was set to be allowed, it might best to disable that option, save the settings, and restart the modem before doing anything else.  You don't want someone snooping on what you're doing, copying your passwords, or changing your settings on you, before remote access is disabled.  It's not wise to allow WAN configuration access, a password is very poor security, and many devices will allow a hacker to repeatedly try to break in without any limitations.

If the access point includes a firewall, then it's usually best to enable it.  This will help to prevent outsiders making uninvited connections to you.

If it's just a wireless access point that will use something else to connect to the internet, then you'd be giving the access point the details for that “something else.”  But if your access point connects directly to the internet, such as it being a combined modem and router, then you'd be giving it information pertinent to your particular ISP (ISP logon username and password, type of connection, and other connection details).  The details for that will be specific to your ISP and access point equipment (yet another reason why you'd want a manual).  If you don't know your ISP configuration details, then phone them.  You may find that they can give you specific configuration instructions for your access point equipment, as well.

Finally, I'd pull out the network cable, and set up wireless networking on the computer.

Have your access point broadcast its SSID

I frequently hear about people having problems connecting to their wireless LAN, often this is their own fault.  Somewhere they've heard that it's an aid to security to not broadcast it, and they've stopped their access-point from broadcasting it.  If they'd not changed things, their networking would work.  That advice is complete nonsense, the SSID is nothing to do with security, it's a name for the access point (identifying it from other ones that might be in the area), so that you can find the correct one(s) to connect to (that's you, and the computer), and so that others can find theirs rather than use yours (which they might, if they both have the same name, and the access points aren't secured).  It's a basic, and essential, part of normal networking.  Set your SSID to something unique and broadcast it.  For the sake of compatibility, only use numbers and/or Roman letters (as found on ordinary typewriter keyboards), avoiding symbols and blank spaces.

Not broadcasting it doesn't make you secure, the name is still transmitted—so it's not “hidden,” and hackers can connect to you easily enough without it.  But it won't be transmitted where and when you need it to be able to make a connection, in the normal manner.  It's even worse if you have neighbours doing the same hide the SSID nonsense.

Forget about MAC filtering

In this context, the MAC is a hardware address that's programmed into the networking devices.  It's a supposedly unique address for that device, used within a network for the very basics of networking.  They're supposed to be unique, but duplicates have been used by some manufacturers, and most network interfaces will let you change this address.

MAC filtering is utterly useless as a security measure, hackers can easily find out a MAC that you're using, and fake the information on their own equipment.  It's a waste of time.  And can be an even bigger waste of time if, and when, you try to connect with a different computer and find that you can't without reconfiguring your computer or access point.

If you use Windows file sharing between computers, it may be handy to tie assigned IP addresses to certain MACs, so that a computer always gets assigned the same address each time it connects.  But this (DHCP address assignment) is an entirely different affair to filtering (rejecting connections from unknown MAC addresses).

Use wireless encryption

If you don't secure your network, anybody nearby can use it (whether accidentally or on purpose).  They could download many megabytes through your connection, which may cost you money or cause limits to be applied to your account.  They could do something illegal, which you will be held responsible for.  They could get into your computer and mess your computer and files up.  So encrypt your network so that only you can use it.  Encryption is the only thing that can secure your network.

There's various schemes for encryption, all of the older ones are next to useless (e.g. WEP can be cracked in moments) and shouldn't be used.  Use WPA or WPA2 (I haven't read of any cracks for WPA yet), and with a good password (something very long, and very unlikely to be guessed).  An alternative to passwords is a password key, a file that is provided to all network devices, perhaps on a USB key.

Picking unique names and passwords

For networking you want unique names for each device.  While it might seem fairly sensible to call a computer “lounge” if it's in the lounge, and “bedroom2” if it's in the second bedroom, some names will attract the attention of outside intruders—just “room1” & “room2” might be better, or arbitrary names like “john” even better.  The same applies for businesses.  Using arbitrary (names unrelated to who actually owns or uses the computer) or vague names (like “floor1west”) is probably more sensible.  But because arbitrary names might be co-incidentally duplicated by other nearby networks, which you might accidentally connect to, or deliberately connect to (if you move between different networks), also add something else to the name to make it much more likely to be unique (e.g. “room2yellownet” or “john683”).

Names are not a security issue, in themselves.  Knowing them doesn't help someone break in to a device, but may pique someone's interest, or help a hacker decide what to attack.  The use of real names may may be a privacy issue, if you name a device after the operator, and you don't want outsiders to know who's there.  They're also a management logistics nuisance if people move between different computers, or someone leaves.

Using unique, unguessable, and hard to crack, passwords is even more important.  Passwords should be as long and complicated as possible (as allowed by the equipment, and what people will be able to manage remembering and typing).  Single words should be avoided, especially names related to the person.  Dictionary words are best avoided unless seriously mangled.  Replacing letters with similar looking numbers isn't a good idea, but something like taking three random words, turning one of them around backwards, and mingling the letters of each of them, gives users a simple way to think of a password when creating one, and a way to work it out when they need to remember it, particularly if the words had an amusing combination.

For example, take the words “elephant,” “pyjama,” & “racing” as your seed for making a pass phrase.  They're amusing enough to remember, and “elephantpyjamaracing” would probably make a good password that nobody else would guess out.  Mangling those words would make it even harder to get automatically cracked by software that randomly joins words picked from a dictionary, e.g. elepyjracphantamaing.

Different passwords should be used for different purposes.  i.e. Don't use your banking password for your e-mail.  That way, if someone manages to work out one password, they can't use the same password to hack into other things.  It's bad enough having to change the password in one place, never mind dozens.

Main sections:
contact details
business info
personal info
eBay & trading
“sales” ads
“wanted” ads
video production
misc info
website info/help
my computers
general info
desktop publishing
typing skills
WWW authoring
internet primer
turn it off?
electrical safety