ITS
132 - System Administration and Management
Lesson
2
Wireless
Computer Networking
What is Wireless
Computer Networking?
Answer: Wireless
networks utilize radio waves and/or microwaves to maintain
communication channels between computers. Wireless networking is a
more modern alternative to wired networking that relies on copper
and/or fiber optic cabling between network devices.
A wireless network
offers advantages and disadvantages compared to a wired network.
Advantages of wireless include mobility and elimination of unsightly
cables. Disadvantages of wireless include the potential for radio
interference due to weather, other wireless devices, or obstructions
like walls.
Wireless is rapidly
gaining in popularity for both home and business networking. Wireless
technology continues to improve, and the cost of wireless products
continues to decrease. Popular wireless local area networking (WLAN)
products conform to the 802.11 "Wi-Fi" standards. The gear
a person needs to build wireless networks includes network adapters
(NICs), access points (APs), and routers.
Build a Wireless
LAN, Step by Step
You can build any
typical wireless home network, a wireless
LAN (WLAN),
using this simple three-step approach:
1. Identify the WLAN
design that's best for your situation
2. Choose good wireless
gear
3. Install gear and test the configured WLAN
In subsequent pages, I
break down each of these steps in more detail.
Ready to Go
Wireless?
This article assumes
you've already made an informed decision to go wireless rather than
build a traditional cabled network. Though prices have dropped
dramatically from a few years ago, when wireless gear was quite
expensive, wireless networks still aren't for everyone (yet). Unsure
that wireless will really meet your needs? Use the following
supplementary article to help you choose wisely:
Computer networks for
the home and small business can be built using either wired or
wireless technology. Wired Ethernet
has been the traditional choice in homes, but Wi-Fi
wireless technologies are gaining ground fast. Both wired and
wireless can claim advantages over the other; both represent viable
options for home and other local
area networks (LANs).
Below we compare wired
and wireless networking in five key areas:
ease of installation
total cost
reliability
performance
security
About Wired LANs
Wired LANs use Ethernet
cables and network adapters.
Although two computers can be directly wired to each other using an
Ethernet
crossover cable,
wired LANs generally also require central devices like hubs,
switches,
or routers
to accommodate more computers.
For dial-up connections
to the Internet, the computer hosting the modem
must run Internet
Connection Sharing
or similar software to share the connection with all other computers
on the LAN. Broadband
routers
allow easier sharing of cable modem or DSL Internet connections, plus
they often include built-in firewall
support.
Installation
Ethernet cables must be
run from each computer to another computer or to the central device.
It can be time-consuming and difficult to run cables under the floor
or through walls, especially when computers sit in different rooms.
Some newer homes are pre-wired with CAT5
cable, greatly simplifying the cabling process and minimizing
unsightly cable runs.
The correct cabling
configuration for a wired LAN varies depending on the mix of devices,
the type of Internet connection, and whether internal or external
modems
are used. However, none of these options pose any more difficulty
than, for example, wiring a home theater system.
After hardware
installation, the remaining steps in configuring either wired or
wireless LANs do not differ much. Both rely on standard Internet
Protocol
and network
operating system
configuration options. Laptops and other portable devices often enjoy
greater mobility in wireless home network installations (at
least for as long as their batteries allow).
Cost
Ethernet cables, hubs
and switches are very inexpensive. Some connection sharing software
packages, like ICS, are free; some cost a nominal fee. Broadband
routers cost more, but these are optional components of a wired LAN,
and their higher cost is offset by the benefit of easier installation
and built-in security features.
Reliability
Ethernet cables, hubs
and switches are extremely reliable, mainly because manufacturers
have been continually improving Ethernet technology over several
decades. Loose cables likely remain the single most common and
annoying source of failure in a wired network. When installing a
wired LAN or moving any of the components later, be sure to carefully
check the cable connections.
Broadband routers have
also suffered from some reliability problems in the past. Unlike
other Ethernet gear, these products are relatively new,
multi-function devices. Broadband routers have matured over the past
several years and their reliability has improved greatly.
Performance
Wired LANs offer
superior performance. Traditional Ethernet connections offer only 10
Mbps
bandwidth, but 100 Mbps Fast Ethernet technology costs little more
and is readily available. Although 100 Mbps represents a theoretical
maximum performance never really achieved in practice, Fast Ethernet
should be sufficient for home file sharing, gaming, and high-speed
Internet access for many years into the future.
Wired LANs utilizing
hubs can suffer performance slowdown if computers heavily utilize the
network simultaneously. Use Ethernet switches instead of hubs to
avoid this problem; a switch costs little more than a hub.
Security
For
any wired LAN connected to the Internet, firewalls are the primary
security consideration. Wired Ethernet hubs and switches do not
support firewalls. However, firewall software products like ZoneAlarm
can be installed on the computers themselves. Broadband routers offer
equivalent firewall capability built into the device, configurable
through its own software.
About Wireless LANs
Popular WLAN
technologies all follow one of the three main Wi-Fi
communication standards. The benefits of wireless networking depend
on the standard employed:
802.11b
was the first standard to be widely used in WLANs.
The 802.11a
standard is faster but more expensive than 802.11b; 802.11a is more
commonly found in business networks.
The newest standard,
802.11g,
attempts to combine the best of both 802.11a and 802.11b, though it
too is more a more expensive home networking option.
Installation
Wi-Fi networks can be
configured in two different ways:
"Ad hoc"
mode allows wireless devices to communicate in peer-to-peer mode
with each other.
"Infrastructure"
mode allows wireless devices to communicate with a central node that
in turn can communicate with wired nodes on that LAN.
Most LANs require
infrastructure mode to access the Internet, a local printer, or other
wired services, whereas ad hoc mode supports only basic file sharing
between wireless devices.
Both Wi-Fi modes
require wireless network adapters, sometimes called WLAN cards.
Infrastructure mode WLANs additionally require a central device
called the access
point.
The access point must be installed in a central location where
wireless radio signals can reach it with minimal interference.
Although Wi-Fi signals typically reach 100 feet (30 m) or more,
obstructions like walls can greatly reduce their range.
Cost
Wireless gear costs
somewhat more than the equivalent wired Ethernet products. At full
retail prices, wireless adapters and access points may cost three or
four times as much as Ethernet cable adapters and hubs/switches,
respectively. 802.11b products have dropped in price considerably
with the release of 802.11g, and obviously, bargain sales can be
found if shoppers are persistent.
Reliability
Wireless LANs suffer a
few more reliability problems than wired LANs, though perhaps not
enough to be a significant concern. 802.11b and 802.11g wireless
signals are subject to interference from other home applicances
including microwave ovens, cordless telephones, and garage door
openers. With careful installation, the likelihood of interference
can be minimized.
Wireless networking
products, particularly those that implement 802.11g, are
comparatively new. As with any new technology, expect it will take
time for these products to mature.
Performance
Wireless LANs using
802.11b support a maximum theoretical bandwidth of 11 Mbps, roughly
the same as that of old, traditional Ethernet. 802.11a and 802.11g
WLANs support 54 Mbps, that is approximately one-half the bandwidth
of Fast Ethernet. Furthermore, Wi-Fi performance is distance
sensitive, meaning that maximum performance will degrade on computers
farther away from the access point or other communication endpoint.
As more wireless devices utilize the WLAN more heavily, performance
degrades even further.
Overall, the
performance of 802.11a and 802.11g is sufficient for home Internet
connection sharing and file sharing, but generally not sufficient for
home LAN gaming.
The greater mobility of
wireless LANs helps offset the performance disadvantage. Mobile
computers do not need to be tied to an Ethernet cable and can roam
freely within the WLAN range. However, many home computers are larger
desktop models, and even mobile computers must sometimes be tied to
an electrical cord and outlet for power. This undermines the mobility
advantage of WLANs in many homes.
Security
In theory, wireless
LANs are less secure than wired LANs, because wireless communication
signals travel through the air and can easily be intercepted. To
prove their point, some engineers have promoted the practice of
wardriving,
that involves traveling through a residential area with Wi-Fi
equipment scanning the airwaves for unprotected WLANs. On balance,
though, the weaknesses of wireless security are more theoretical than
practical. WLANs protect their data through the Wired
Equivalent Privacy (WEP)
encryption standard, that makes wireless communications reasonably as
safe as wired ones in homes.
No computer network is
completely secure and homeowners should research this topic to ensure
they are aware of and comfortable with the risks. Important security
considerations for homeowners tend to not be related to whether the
network is wired or wireless but rather ensuring:
the home's Internet
firewall is properly configured
the family is familiar
with the danger of Internet "spoof emails" and how to
recognize them
the family is familiar
with the concept of "spyware" and how to avoid it
babysitters,
housekeepers and other visitors do not have unwanted access to the
network
Conclusion
You've studied the
analysis and are ready to make your decision. Bottom line, then,
which is better - wired or wireless? The table below summarizes the
main criteria we've considered in this article. If you are very
cost-conscious, need maximum performance of your home system, and
don't care much about mobility, then a wired Ethernet LAN is probably
right for you.
If on the other hand,
cost is less of an issue, you like being an early adopter of
leading-edge technologies, and you are really concerned about the
task of wiring your home or small business with Ethernet cable, then
you should certainly consider a wireless LAN.
Many of you will
naturally fall somewhere in between these two extremes. If you're
still undecided, consider asking friends and family about their
experiences with building LANs. And, spend just a few more minutes
with our interactive Home Network Advisor tool. It should help
you decide on the type of network as well as the gear you will want
to have.
Wired vs Wireless
| Wired | Wireless |
Installation | moderate | easier, |
Cost | less | more |
Reliability | high | reasonably |
Performance | very | good |
Security | reasonably | reasonably |
Mobility | limited | outstanding |
Benefits of Wireless
Wireless offers
tangible benefits over traditional wired networking. Ever tried to
quickly look up a recipe on the Net while cooking in the kitchen? Do
the kids need a networked computer in their bedroom for school
projects? Have you dreamed of sending email, instant messaging, or
playing games while relaxing on your outdoor patio? These are just
some of the things wireless can do for you:
What Are the Benefits
of Networking?
Answer: The
benefits of networking (either wired or wireless) in homes are:
file sharing -
Network file sharing between computers gives you more flexibity than
using floppy drives or Zip drives. Not only can you share photos,
music files, and documents, you can also use a home network to save
copies of all of your important data on a different computer.
Backups are one of the most critical yet overlooked tasks in
home networking.
printer /
peripheral sharing - Once a home network is in place, it's easy
to then set up all of the computers to share a single printer. No
longer will you need to bounce from one system or another just to
print out an email message. Other computer peripherals can be shared
similarly such as network scanners, Web cams, and CD burners.
Internet connection
sharing - Using a home network, multiple family members can
access the Internet simultaneously without having to pay an ISP
for multiple accounts. You will notice the Internet connection slows
down when several people share it, but broadband Internet can handle
the extra load with little trouble. Sharing dial-up Internet
connections works, too. Painfully slow sometimes, you will still
appreciate having shared dial-up on those occasions you really need
it.
multi-player games
- Many popular home computer games support LAN mode where
friends and family can play together, if they have their computers
networked.
Internet telephone
service - So-called Voice
over IP (VoIP)
services allow you to make and receive phone calls through your home
network across the Internet, saving you money.
home entertainment
- Newer home entertainment products such as digital video recorders
(DVRs) and video game consoles now support either wired or wireless
home networking. Having these products integrated into your network
enables online Internet gaming, video sharing and other advanced
features.
Although you can
realize these same benefits with a wired home network, you should
carefully consider building a wireless home network instead, for the
following reasons:
1. Computer mobility. Notebook
computers and other portable devices are much affordable than they
were a few years ago. With a mobile computer and wireless home
network, you aren't chained to a network cord and can work on the
couch, on your porch, or wherever in the house is most convenient at
the moment.
2. No unsightly wires. Businesses can
afford to lay cable under their floors or inside walls. But most of
us don't have the time or inclination to fuss with this in our home.
Unless you own one of the few newer homes pre-wired with network
cable, you'll save substantial time and energy avoiding the cabling
mess and going wireless.
3. Wireless is the future.
Wireless technology is clearly the future of networking. In building
a wireless home network, you'll learn about the technology and be
able to teach your friends and relatives. You'll also be better
prepared for future advances in network technology coming in the
future.
Terminology
The
field of computer networking once sat squarely in the domain of
techies. Equipment manufacturers, service providers, and "experts"
that study the field of networking tend to go quite heavy on
technical jargon. The wireless networking industry is gradually
improving on this legacy, making products more consumer-friendly and
easier to integrate into the home. But there is still much work for
the industry to do. Let's take a quick look at the common jargon of
wireless home networking and what it all means.
When researching
wireless equipment to buy, or talking about wireless networking with
friends and family, you should have a solid understanding of this
basic terminology.
What is a WLAN?
We've already said that
a WLAN is a "typical" wireless home network. That's because
a WLAN is a wireless LAN,
and a LAN is a related group of networked computers situated in close
physical proximity to each other. LANs can be found in many homes,
schools, and businesses. Though it's technically possible to have
more than one LAN in your home, few do this in practice. In this
tutorial, we explain how to build a single standard WLAN for your
home.
What is Wi-Fi?
Wi-Fi is an industry
name used to market wireless networking products. You'll find a
black-and-white Wi-Fi logo or certification emblem on virtually any
new wireless equipment you buy. Technically speaking, Wi-Fi signifies
conformance to the 802.11 family of wireless communication standards
(described below). But because all mainstream wireless home network
gear uses the 802.11 standards today, basically the term "Wi-Fi"
merely distinguishes wireless equipment from other network gear.
What is
802.11a/802.11b/802.11g?
802.11a,
802.11b,
and 802.11g
represent three popular wireless communication standards. Wireless
networks can be built using any of the three, but 802.11a is less
compatible with the others and tends to be a more expensive option
implemented only by larger businesses. Use the supplemental article
below to help you pick 802.11 standard(s) for your wireless LAN.
What are WEP and
Wardriving?
The security of
wireless home and small business networks remains a concern for many.
Just like we use radio or television receivers to tune into station
broadcasts, it's almost as easy to pick up signals from a nearby
wireless home network. Sure, credit card transactions on the Web may
be secure, but imagine your neighbors spying on every email and
instant message you send!
A few years ago, some
techies popularized the practice of wardriving
to raise awareness of this vulnerability in WLANs. With the help of
cheap, home-made equipment, "wardrivers" walked or motored
through neighborhoods snooping the wireless network traffic emanating
from nearby homes. Some wardrivers even logged their computers onto
unsuspecting people's home WLANs, essentially stealing free computer
resources and Internet access.
WEP
is an important feature of wireless networks designed to improve
security. WEP scrambles (technically speaking, encrypts)
network traffic mathematically so that other computers can understand
it, but humans cannot read it. WEP helps protect your WLAN from
wardrivers and nosy neighbors, and today, all popular wireless
equipment supports it. Because WEP is a feature that can be turned
"on" or "off," you'll simply need to ensure it is
configured properly when setting up your network.
Types of Wireless
Equipment
The five types of
equipment found in wireless home networks are:
wireless network
adapters
wireless access points
wireless routers
add-on wireless
antennas
wireless signal
boosters
Some
of this equipment is optional depending on your home network
configuration. Let's examine each piece in turn.\
The building blocks of
a wireless LAN are network adapters, access points,
wireless routers, add-on wireless antennas and signal
boosters. Of these, only network adapters are truly required to
build a wireless home network. However, many wireless LANs also
utilize some of the other equipment, as explained below.
Wireless Network
Adapters
Each computer you wish
to connect to a WLAN must possess a wireless network adapter.
Wireless adapters are sometimes also called NICs,
short for Network Interface Cards. Wireless adapters for desktop
computers are often small PCI
cards or sometimes card-like USB
adapters. Wireless adapters for notebook computers resemble a thick
credit card (see Page 1 sidebar for illustration). Nowadays,
though, an increasing number of wireless adapters are not cards but
rather small chips embedded inside notebook or handheld computers.
Wireless network
adapters contain a radio transmitter and receiver (transceiver).
Wireless transceivers send and receive messages, translating,
formatting, and generally organizing the flow of information between
the computer and the network. Determining how many wireless network
adapters you need to buy is the first critical step in building your
home network. Check the technical specifications of your computers if
you're unsure whether they contain built-in wireless adapter chips.
Wireless Access
Points
A wireless access
point
serves as the central WLAN communication station. In fact, they are
sometimes called "base stations." Access points are thin,
lightweight boxes with a series of LED lights on the face (see
Page 1 sidebar for illustration).
Access points join a
wireless LAN to a pre-existing wired Ethernet
network. Home networkers typically install an access point when they
already own a broadband
router
and want to add wireless computers to their current setup. You must
use either an access point or a wireless router (described below) to
implement "hybrid" wired/wireless home networking.
Otherwise, you probably don't need an access point.
Many access point
products are available on the market; see the following supplementary
article for some good examples:
Wireless Routers
A wireless router is a
wireless access point with several other useful functions added. Like
wired broadband routers, wireless routers also support Internet
connection sharing and include firewall
technology for improved network security. Wireless routers closely
resemble access points (see Page 1 sidebar for illustration).
A key benefit of both
wireless routers and access points is scalability. Their
strong built-in transceivers are designed to spread a wireless signal
throughout the home. A home WLAN with a router or access point can
better reach corner rooms and backyards, for example, than one
without. Likewise, home wireless networks with a router or access
point support many more computers than those without one. As we'll
explain in more detail later, if your wireless LAN design includes a
router or access point, you must run all network adapters in
so-called infrastructure
mode;
otherwise they must run in ad-hoc
mode.
Wireless routers are a
good choice for those building their first home network. See the
following article for good examples of wireless router products for
home networks:
Wireless Antennas
Wireless network
adapters, access points, and routers all utilize an antenna to assist
in receiving signals on the WLAN. Some wireless antennas, like those
on adapters, are internal to the unit. Other antennas, like those on
many access points, are externally visible. The normal antennas
shipped with wireless products provide sufficient reception in most
cases, but you can also usually install an optional, add-on antenna
to improve reception. You generally won't know whether you'll need
this piece of equipment until after you finish your basic network
setup.
Wireless Signal
Boosters
Some manufacturers of
wireless access points and routers also sell a small piece of
equipment called a signal booster. Installed together with a wireless
access point or router, a signal booster serves to increase the
strength of the base station transmitter. It's possible to use signal
boosters and add-on antennas together, to improve both wireless
network transmission and reception simultaneously.
Both antennas and
signal boosters can be a useful addition to some home networks after
the basics are in place. They can bring out-of-range computers back
into range of the WLAN, and they can also improve network performance
in some cases.
WLAN Configurations
Now
that you have a good understanding of the pieces of a wireless LAN,
we're ready to set them up according to your needs. Don't worry if
you haven't settled on a configuration yet; we will cover all of
them.
To maximize benefit
from the directions below, have your answers ready for the following
questions:
do you want to extend
your wired home network with a WLAN, or are you building a
completely new network?
how many wireless
computers do you plan to network, and where in the home will be they
be located?
what operating systems
do/will you run on your networked computers?
do you need to share
your Internet connection among the wireless computers? how else will
you use this WLAN? file sharing? network gaming?
Installing a
Wireless Router
One wireless router
supports one WLAN. Use a wireless router on your network if:
you are building your
first home network, or
you want to re-build
your home network to be all-wireless, or
you want to keep your
WLAN installation as simple as possible
Try to install your
wireless router in a central location within the home. The way Wi-Fi
networking works, computers closer to the router (generally in the
same room or in "line of sight") realize better network
speed than computers further away.
Connect the wireless
router to a power outlet and optionally to a source of Internet
connectivity. All wireless routers support broadband modems, and some
support phone line connections to dial-up Internet service. If you
need dial-up support, be sure to purchase a router having an RS-232
serial port. Finally, because wireless routers contain a built-in
access point, you're also free to connect a wired router, switch,
or hub.
(See diagram Page 2 sidebar.)
Next, choose your
network name. In Wi-Fi networking, the network name is often
called the SSID.
Your router and all computers on the WLAN must share the same SSID.
Although your router shipped with a default name set by the
manufacturer, it's best to change it for security reasons. Consult
product documentation to find the network name for your particular
wireless router, and follow this general
advice for setting your SSID.
Last, follow the router
documentation to enable WEP security, turn on firewall features, and
set any other recommended parameters.
Installing a
Wireless Access Point
One wireless access
point supports one WLAN. Use a wireless access point on your home
network if:
you don't need the
extra features a wireless router provides AND
you are extending an
existing wired Ethernet home network, or
you have (or plan to
have) four or more wireless computers scattered throughout the home
Install your access
point in a central location, if possible. Connect power and a dial-up
Internet connection, if desired. Also cable the access point to your
LAN router, switch or hub. See the diagram in the Page 3 sidebar for
details.
You won't have a
firewall to configure, of course, but you still must set a network
name and enable WEP on your access point at this stage.
Configuring the
Wireless Adapters
Configure your adapters
after setting up the wireless router or access point (if you have
one). Insert the adapters into your computers as explained in your
product documentation. Wi-Fi adapters require TCP/IP
be installed on the host computer.
Manufacturers each
provide configuration utilities for their adapters. On the Windows
operating system, for example, adapters generally have their own
graphic user interface (GUI) accessible from the Start Menu or
taskbar after the hardware is installed. Here's where you set the
network name (SSID) and turn on WEP. You can also set a few other
parameters as described in the next section. Remember, all of your
wireless adapters must use the same parameter settings for your WLAN
to function properly.
Configuring an
Ad-Hoc Home WLAN
Every Wi-Fi adapter
requires you to choose between infrastructure mode (called "access
point" mode in some configuration tools) and ad-hoc ("peer
to peer") mode. When using a wireless access point or router,
set every wireless adapter for infrastructure mode. In this mode,
wireless adapters automatically detect and set their WLAN channel
number to match the access point (router).
Alternatively, set all
wireless adapters to use ad hoc mode. When you enable this mode,
you'll see a separate setting for channel number. All adapters
on your ad hoc wireless LAN need matching channel numbers.
Ad-hoc home WLAN
configurations work fine in homes with only a few computers situated
fairly close to each other. You can also use this configuration as a
fallback option if your access point or router breaks:
Research Ad
Hoc Wi-Fi Home Network Diagram
Configuring Software
Internet Connection Sharing
As
shown in the diagram, you can share an Internet connection across an
ad hoc wireless network. To do this, designate one of your computers
as the host (effectively a substitute for a router). That computer
will keep the modem connection and must obviously be powered on
whenever the network is in use. Microsoft Windows offers a feature
called Internet
Connection Sharing (ICS)
that works with ad hoc WLANs.
Now let's cover some of
the finer points you need to know about home wireless LANs.
Wireless Routers /
Access Point Interference within the Home
When installing an
802.11b or 802.11g access point or router, beware of signal
interference from other home appliances. In particular, do not
install the unit within 3-10 feet (about 1-3 m) from a microwave
oven. Other common sources of wireless interference are 2.4 GHz
cordless phones, baby monitors, garage door openers, and some home
automation devices.
If you live in a home
with brick or plaster walls, or one with metal framing, you're may
encounter difficulty maintaining a strong WLAN signal. Wi-Fi is
designed to support signal range up to 300 feet (about 100 m), but
barriers reduce this range substantially. All 802.11 communications
(802.11a most of all) are affected by obstructions; keep this in mind
when installing your access point.
What Is the Typical
Range of a Wi-Fi LAN?
Answer: The
range of a home Wi-Fi
LAN
depends on the wireless
access point (WAP)
or wireless router
being used. Factors that determine a particular WAP or wireless
router's range are:
the specific 802.11
protocol employed
the overall strength
of the device transmitter
the nature of
obstructions and interference in the surrounding area
A general rule of thumb
in home networking says that 802.11b
and 802.11g
WAPs and routers support a range of up to 150 feet (46 m) indoors
and 300 feet (92 m) outdoors.
Another rule of thumb
holds that the effective range of 802.11a
is approximately one-third that of 802.11b/g.
Both of these rough
estimates fall on the high end of the range seen in practice.
Obstructions in home such as brick walls and metal frames or siding
greatly can reduce the range of a Wi-Fi LAN by 25% or more. Because
802.11a employs a higher signalling frequency than 802.11b/g, 802.11a
is most susceptible to obstructions. Interference from microwave
ovens and other equipment also affects range. 802.11b and 802.11g are
both susceptible to these.
Of course, it's
possible to extend a Wi-Fi LAN to much longer distances by chaining
together multiple wireless access points or routers.
Wireless Routers /
Access Point Interference from Outside
In densely populated
areas, it's not uncommon for wireless signals from one person's home
network to penetrate a neighboring home and interfere with their
WLAN. This happens when both households set conflicting communication
channels. Fortunately, when configuring an 802.11b or 802.11g access
point or router, you can (except in a few locales) change the channel
number employed.
In the United States,
for example, you may choose any WLAN channel number between 1 and 11.
If you encounter interference from neighbors, you should coordinate
channel settings with them. Simply using different channel numbers
won't always solve the problem. However, if both parties use a
different one of the channel numbers 1, 6 or 11, that will
guarantee elimination of cross-WLAN interference.
Home wireless networks
based on the 802.11b
or 802.11g
standards transmit their signal in a narrow radio frequency range of
2.4 GHz. Various other electronic devices in a home, such as cordless
phones, garage door openers, baby monitors, and microwave ovens, may
use this same frequency range. Any such device can interfere with a
Wi-Fi
home network, slowing down its performance and potentially breaking
network connections.
Likewise, the wireless
networks of neighbors generally all use the same form of radio
signaling. Especially in residences that share walls with each other,
interference between different home networks is not uncommon.
The 2.4 GHz Wi-Fi
signal range is divided into a number of smaller bands or "channels,"
similar to television channels. In most countries, Wi-Fi equipment
provides a set of available channels to choose from. In the United
States, for example, any of the Wi-Fi channels 1 - 11 can be chosen
when setting up a wireless
LAN (WLAN).
Setting this WiFi channel number appropriately provides one way to
avoid sources of wireless interference.
Many wireless products
in the U.S. ship with a default Wi-Fi channel of 6. If encountering
interference from other devices within the home, consider changing
the channel up or down to avoid it. Note that all Wi-Fi devices on
the network must use the same channel.
Unlike television
channels, some Wi-Fi channel numbers overlap with each other. Channel
1 uses the lowest frequency band and each subsequent channel
increases the frequency slightly. Therefore, the further apart two
channel numbers are, the less the degree of overlap and likelihood of
interference. If encountering interference with a neighbor's WLAN,
change to a distant channel. Both channels 1 and 11 do not overlap
with the default channel 6; use one of these three channels for best
results.
MAC Address
Filtering
Newer wireless routers
and access points support a handy security feature called MAC
address filtering. I wholeheartedly recommend it. This feature allows
you to register wireless adapters with your access point (or router),
and force the unit to reject communications from any wireless device
that isn't on your list. MAC address filtering combined with WEP
encryption affords very good security protection.
Research on Tip
- Enable MAC Address Filtering
Wireless Adapter
Profiles
Many wireless adapters
support a feature called profiles that allows you to set up
and save multiple WLAN configurations. For example, you can create an
ad hoc configuration for your home WLAN and an infrastructure mode
configuration for your office, then switch between the two profiles
as needed. I recommend setting up profiles on any computers you plan
to move between your home network and some other WLAN; the time you
spend now will save much more time and aggravation later.
WEP Encryption
Among the options
you'll see for activating wireless encryption, 128-bit WEP is
a safe bet. Older 40 or 64-bit WEP offers inadequate protection. A
few 802.11g products support 152-bit or 256-bit WEP, that is fine
too, if all of your gear supports it. Newer equipment offers WPA.
General-purpose WPA is unnecessarily complex for a home WLAN, but
WPA-PSK works well.
To set 128-bit WEP,
pick and assign a number called a WEP passkey. You must apply
the same WEP settings and passkey to the access point (router) and
all adapters.
General Tips
If you've finished
installing the components, but your home network isn't functioning
correctly, troubleshoot methodically:
Can't reach the
Internet? Temporarily turn off your firewall to determine whether
you have a firewall configuration problem, or some other issue.
Likewise, turn on and
test your wireless adapters one by one, to determine if problems are
isolated to a single computer or common to all.
Try ad hoc networking
if infrastructure networking isn't functional, and perhaps you'll
identify a problem with your access point or router.
To help you work
methodically, as you build your network, write down on paper the key
settings like network name, WEP passkey, MAC addresses, and channel
numbers (then eat the evidence afterward!).
Don't worry about
making mistakes; you can go back and alter any of your WLAN settings
any time.
Finally, don't be
surprised if your wireless LAN performance doesn't match the
numbers quoted by the manufacturer. For example, although 802.11b
equipment technically supports 11 Mbps
bandwidth, that is a theoretical maximum never achieved in practice.
A significant amount of Wi-Fi network bandwidth is consumed by
overhead that you cannot control. Expect to see more than about
one-half the maximum bandwidth (5.5 Mbps at most for 802.11b, about
20 Mbps at most for the others) on your home WLAN.
Conclusion
Armed
with the information contained in this tutorial, you're now well on
your way to building a working home WLAN. Welcome to the world of
wireless networking!
The Popularity
of WiFi
Wireless networking has
experienced a huge increase in popularity over the last couple of
years. The necessary hardware is widely available to consumers, it is
very affordable, and relatively easy to install and configure.
Gateway devices, common called "routers" or "firewalls"
by consumers, that allow users to share a broadband connection with
and protect multiple computers on a home network have been around for
a while. The addition of wireless capabilities to these gateway
devices gives the user the convenience of taking a computer anywhere
in the house, and not have to worry about running wires through walls
and crawl spaces and attics to connect computers in various parts of
the house. Industrial-strength high-performance versions have been
around even longer in company environments, allowing employees to
roam between offices, cubes, and conference rooms with laptops
without ever losing connectivity.
It is a great
technology that offers many benefits. As the saying goes, however,
with privilege comes responsibility. A responsibility that is
unfortunately much too often ignored by the person implementing it. A
wireless network needs to be properly secured as it poses a number of
extremely serious risks and dangers if left wide open and exposed,
which many users are unaware of.
Why secure a
wireless network?
If you are thinking
right now that you have nothing important on your network and that
you have no need to secure your wireless network, I guarantee you
that you will reconsider your opinion after reading the next few
paragraphs. Consider the following dangers of having an unsecured
wireless network.
Bandwidth Parasite
In a "best"
case scenario, all the intruder does is use the victim's broadband
connection to get online without paying. Maybe just to surf the web,
maybe to download pirated music or software. This does not cause any
direct harm to the compromised network, but it can slow down Internet
or network access for the victim, the legitimate user of the network,
if an intruder leeches off his bandwidth. This could mean substantial
additional ISP cost for the victim if the ISP meters used bandwidth
and charges for actual usage.
Masking criminal
activity
An unauthorized user
could abuse the victim's connection for malicious purposes like
hacking, launching a DoS attack, or distributing illegal material.
Since the intruder is a part of the private network and sits behind
its gateway device, any traffic between him and the Internet will
appear to be coming from the public IP address the ISP assigned to
the victim. The ISP has no idea how many computers are behind the
gateway, who they belong to, and what they are used for. If the
criminal activity is discovered and investigated, the origin of the
attack will be traced back to the victim's broadband account. It is a
pretty safe bet that nobody wants to be accused of and go to jail for
distributing child pornography or hacking into restricted company or
government networks (just to mention a few examples) if the crime was
in reality committed by a cracker from behind an innocent victim's
network. Reviewing ISP's Terms of Service usually reveals a clause
that not only allows the ISP to reveal customer information to the
authorities to assist with legitimate criminal investigations, but
also holds the customer responsible for any activities the connection
is (ab)used for.
Free access to
private data
A wireless network is
also a direct backdoor into the victim's private network - literally.
Instead of intruding from the public side of the gateway device, the
intruder connects directly to the network on the private side of the
gateway device, completely bypassing any hardware firewall between
the private network and the broadband modem. Most people assume that
since they are behind a gateway device with a built-in firewall their
private network is safe, hence letting down their guard, sharing
drives, and being generally careless. The intruder can completely
take advantage of this by snooping around undisturbed and getting
access to confidential data. This could be in form of personal
information such as financial data, tax records, wills, and more that
can be abused for identity theft for example, or in form of
work-related information such as confidential specs, development
information, trade secrets, and more that the victim has brought home
from the office. By employing a sniffer an intruder can even sniff
email or FTP user names and passwords because they are usually
transmitted in cleartext, and use that information to gain
unauthorized access to email accounts or web servers without the
victim's knowledge.
Backdoor into
corporate networks
In addition, a wireless
network could also be an indirect backdoor into a corporate network.
An intruder can specifically target an employee of a company whose
confidential information is valuable to him for monetary or
competitive reasons. If that employee establishes a VPN connection
either permanently from his gateway or from a machine behind his
gateway to the company network, the intruder can then piggyback on
the VPN tunnel and gain unauthorized access to company resources, a
serious security breach and every network administrator's nightmare.
That's why
By now the danger
should be pretty clear: Unsecured wireless networks are unacceptable
due to the extremely high risks involved. Yet there are countless
unsecured wireless networks out there. A train ride through the
Silicon Valley East Bay area revealed about 60 wireless networks, 40
of them wide open and insecure. A drive around a residential
neighborhood covering just a few blocks revealed over 30 wireless
networks, 20 of them wide open and insecure.
What is even scarier is
that it does not take any skill to discover and gain unauthorized
access to wireless networks. One does not have to be a programmer,
Linux expert, or network specialist. All it takes is a laptop with a
wireless network card, and some software (also available for Windows)
that can be easily downloaded for free from the Internet. Armed with
these basic tools anybody can drive around, detect open wireless
networks, and connect to them. With a Linux machine, additional
software, some advanced knowledge, and some time and patience it is
even possible to break into wireless networks that use encryption.
How to secure
wireless networks
How to lock down
a wireless network
The following steps
will only take a few minutes each, but will make a big difference.
The results will fend off all but the most determined and skillful
crackers.
Change the default
password
Almost all wireless
devices can be managed via a web interface that can be accessed by
simply typing its IP address in a browser's address field. While the
admin interface is password protected, the default password set by
the manufacturer is always the same. Any wireless network sniffer
program will easily discover the manufacturer of the wireless device
because it willingly broadcasts that information. Anybody can
download the manual from the manufacturer's website, and get the
default password to that manufacturer's devices in seconds. As a
result, an intruder can type in the default IP address of the
wireless gateway to get to the admin interface, and try the default
password to log in and access the device settings. Knowing the
manufacturer of the device gives the intruder the additional benefit
of being able to employ cracks or exploit vulnerabilities specific to
that manufacturer.
Disable SSID
Broadcast
The SSID is the name of
the wireless network. In order to connect to a wireless network, its
name needs to be known. By default, wireless gateways happily
broadcast the SSID to be picked up by any wireless network device for
easy configuration. Hiding the SSID by disabling SSID broadcast will
make it much harder for an intruder because he will have to start
guessing. It has to be mentioned that while most wireless gateway
devices offer the option to disable SSID broadcast, some devices
require a firmware upgrade, and some devices do not offer that option
at all.
Change the SSID
Disabling SSID
broadcast doesn't help much if the SSID remains the manufacturer's
default, which is just as easily found in the manual as the default
admin password. The SSID should be changed to a custom phrase that is
difficult to guess. The use of non-dictionary words as well as
numbers and special characters for the new SSID is encouraged.
Enable encryption
Wireless devices
support the wireless encryption protocol (WEP) with either 64-bit or
128-bit encryption. 64-bit encryption has been proven to be very weak
and easily broken, 128-bit encryption is recommended because it is a
lot more difficult to break (though far from impossible). Some
devices might require a firmware upgrade to support 128-bit
encryption. Encryption works by entering the encryption key on the
wireless gateway as well as on the PC with the wireless card. All
transmitted data is encrypted for the transfer between the two
devices. If the encryption key does not match, the wireless gateway
will not communicate. Enabling encryption will usually discourage the
casual lazy cracker and send him off to find an easier target.
Disable DHCP
Most gateway devices by
default have DHCP enabled. This means that any new host on a network
that makes its presence known and broadcasts a request for an IP
address and TCP/IP configuration information will be automatically
provided this information without questioning. This is very
convenient for the legitimate user because it means real
plug-and-play (minus the "plug" part since it's wireless).
However, it also makes it very easy for the intruder to connect to a
wireless network. By simply setting his laptop to use DHCP it will
immediately receive all TCP/IP configuration information he needs to
connect to the network.
While it is an
inconvenience and requires more maintenance from the legitimate user,
disabling DHCP and manually assigning static IP addresses creates
another hurdle for the intruder. It requires him to manually
configure his laptop with what he thinks are the correct TCP/IP
properties to be able to connect to the network.
Change the default
subnet
Disabling DHCP doesn't
help much if the subnet remains the manufacturer's default, which is
just easily found in the manual as the default admin password or
SSID. Most devices use the common default subnet of 192.168.0.0 with
a subnet mask of 255.255.255.0. The subnet should be changed to
another private subnet. There are a number of non-routable IP address
ranges that are reserved exclusively for use on private networks.
These ranges are 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255,
and 192.168.0.0-192.168.255.255 - plenty to choose from. This will
prevent the intruder from assigning himself a static IP address and
TCP/IP configuration information based on the manufacturer's default
subnet.
Use MAC address
filtering
Each network adapter
has a unique hardware address also called MAC address. The first half
of the MAC address identifies the manufacturer of the network
adapter, the second half identifies the network adapter. This
hardware address is unique (more or less) for each network card. Most
wireless gateway devices support MAC address filtering. The way this
works is that the legitimate user creates a list and enters only the
MAC addresses for network cards that he is aware of and that he wants
to be able to access the wireless network. Any network adapter with a
MAC address that doesn't match a MAC address in the approved list
will be automatically denied access. Only machines with an authorized
MAC address are allowed to participate in the network. MAC addresses
can be spoofed by a savvy intruder, but using MAC filtering is
another good deterrent.
Practice safe
computing
Even though the network
is private and hidden behind a gateway device with a firewall, common
sense precautions still need to be used, including but not limited
to:
Use safe passwords for
all user accounts. Use non-dictionary words, include numbers,
special characters, upper and lower case letters. Use passwords
longer than 8 characters. Change passwords every month.
Password-protect any
network shares
Require a user login
for all computers, disable the guest account
Install Antivirus
software on all computers and keep it current
Install software
firewalls on all computers
Monitor log files such
as event logs, firewall logs, antivirus logs, etc. for unusual
activity
Conclusion
As documented in this
article, there are many very valid reasons why all wireless networks
should be secured. It is extremely easy to do so with not much effort
and little time. Armed with this knowledge, it would be foolish not
to take the necessary precautions and secure that wireless network. A
few minutes of reading the manual and a few minutes of changing
settings could prevent a boatload of trouble in the future
Note:
An SSID is the
name of a wireless local area network (WLAN). All wireless devices on
a WLAN must employ the same SSID in order to communicate with each
other.
The SSID on wireless
clients can be set either manually, by entering the SSID into the
client network settings, or automatically, by leaving the SSID
unspecified or blank. A network administrator often uses a public
SSID, that is set on the access point and broadcast to all wireless
devices in range. Some newer wireless access points disable the
automatic SSID broadcast feature in an attempt to improve network
security.
SSIDs are case
sensitive text strings. The SSID is a sequence of alphanumeric
characters (letters or numbers). SSIDs have a maximum length of 32
characters.
Also Known As:
Service Set Identifier, Network Name
Examples: Wardrivers
sometimes scan for the SSIDs being broadcast by wireless LANs, then
set that SSID on their client to attempt to join that WLAN. Knowing
the SSID name does not necessarily mean that rogue clients will be
able to join the network. It depends on how the network administrator
has configured their WLAN, particularly WEP security.
The
SSID is a secret key which is set by the network administrator.
You
must know the SSID to join an 802.11 network. However, the SSID can
be discovered by network sniffing. By default, the SSID is part of
the packet header for every packet sent over the WLAN.
SSID
Security Issues
The
fact that the SSID is a secret key instead of a public key creates a
key management problem for the network administrator. Every user of
the network must configure the SSID into their system. If the network
administrator seeks to lock a user out of the network, the
administrator must change the SSID of the network, which will require
reconfiguration of the SSID on every network node. Some 802.11 NICs
allow you to configure several SSIDs at one time.
Default
SSID's
Most
802.11 access point vendors allow the use of an SSID of "any"
to enable an 802.11 NIC to connect to any 802.11 network. This is
known to work with wireless equipment from Buffalo Technologies,
Cisco, D-Link, Enterasys, Intermec, Lucent, and Proxim. Other default
SSID's include "tsunami", "101", "RoamAbout
Default Network Name", "Default SSID", and "Compaq".
Disabling
SSID Broadcasting
Many
Wireless
Access
Point (WAP) vendors have added a configuration option which lets you
disable broadcasting of the SSID. This adds little security because
it is only able to prevent the SSID from being broadcast with Probe
Request and Beacon frames. The SSID must be broadcast with Probe
Response frames. In addition, the wireless access cards will
broadcast the SSID in their Association and Reassociation frames.
Because of this, the SSID cannot be considered a valid security tool.
An
SSID by any other name
The
SSID is also referred to as the ESSID (Extended Service Set
IDentifier).
Some
vendors refer to the SSID as the "network name."
What is DHCP?
Dynamic
Host Configuration Protocol (DHCP) is a client/server protocol that
automatically provides an Internet Protocol (IP) host with its IP
address and other related configuration information such as the
subnet mask and default gateway. RFCs 2131 and 2132 define DHCP as an
Internet Engineering Task Force (IETF) standard based on Bootstrap
Protocol (BOOTP), a protocol with which DHCP shares many
implementation details. DHCP allows hosts to obtain necessary TCP/IP
configuration information from a DHCP server.
The
Microsoft Windows Server 2003 operating system includes a DHCP
Server service, which is an optional networking component. All
Windows-based clients include the DHCP client as part of TCP/IP,
including Windows Server 2003, Microsoft Windows XP,
Windows 2000, Windows NT 4.0, Windows Millennium Edition
(Windows Me), and Windows 98.
Note
It is necessary to
have an understanding of basic TCP/IP concepts, including a working
knowledge of subnets before you can fully understand DHCP. For more
information about TCP/IP, see “TCP/IP
Technical Reference.”
Benefits of DHCP
In
Windows Server 2003, the DHCP Server service provides the
following benefits:
Reliable IP
address configuration.
DHCP minimizes configuration errors caused by manual IP address
configuration, such as typographical errors, or address conflicts
caused by the assignment of an IP address to more than one computer
at the same time.
Reduced
network administration. DHCP
includes the following features to reduce network administration:
Centralized and
automated TCP/IP configuration.
The ability to define
TCP/IP configurations from a central location.
The ability to assign
a full range of additional TCP/IP configuration values by means of
DHCP options.
The efficient
handling of IP address changes for clients that must be updated
frequently, such as those for portable computers that move to
different locations on a wireless network.
The forwarding of
initial DHCP messages by using a DHCP relay agent, thus eliminating
the need to have a DHCP server on every subnet.
Why use DHCP
Every
device on a TCP/IP-based network must have a unique unicast IP
address to access the network and its resources. Without DHCP, IP
addresses must be configured manually for new computers or computers
that are moved from one subnet to another, and manually reclaimed for
computers that are removed from the network.
DHCP
enables this entire process to be automated and managed centrally.
The DHCP server maintains a pool of IP addresses and leases an
address to any DHCP-enabled client when it starts up on the network.
Because the IP addresses are dynamic (leased) rather than static
(permanently assigned), addresses no longer in use are automatically
returned to the pool for reallocation.
The
network administrator establishes DHCP servers that maintain TCP/IP
configuration information and provide address configuration to
DHCP-enabled clients in the form of a lease offer. The DHCP server
stores the configuration information in a database, which includes:
Valid TCP/IP
configuration parameters for all clients on the network.
Valid IP addresses,
maintained in a pool for assignment to clients, as well as excluded
addresses.
Reserved IP addresses
associated with particular DHCP clients. This allows consistent
assignment of a single IP address to a single DHCP client.
The lease duration, or
the length of time for which the IP address can be used before a
lease renewal is required.
A
DHCP-enabled client, upon accepting a lease offer, receives:
A valid IP address for
the subnet to which it is connecting.
Requested DHCP
options, which are additional parameters that a DHCP server is
configured to assign to clients. Some examples of DHCP options are
Router (default gateway), DNS Servers, and DNS Domain Name. For a
full list of DHCP options, see “DHCP
Tools and Settings.”
Terms and Definitions
The
following table lists common terms associated with DHCP.
DHCP
Terms and Definitions
Term | Definition |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Home
Network Setup - Setting up a Local Area Network
With computers getting
cheaper and cheaper these days, it is not uncommon for a household to
have more than one PC. If that describes you, then you have probably
found yourself in the situation where you wished you could access the
other PC to retrieve a file, use the printer attached to the other
PC, play multi-player computer games, or most importantly share your
broadband Internet access such as cable or DSL modem with the other
PC.
To accomplish this all
you need is a home network where you connect two or more PCs. There
are several ways of doing this with the main difference being cost,
security, and reliability. Let's first look at the different
scenarios.
Your
current setup
Most likely, your
current configuration looks like this:
Your cable/DSL modem
plugs straight into the computer. The computer is exposed to the
public Internet (indicated by the color red). There is no connection
for more than one computer. You only have one IP address from your
ISP.
Option
#1: Multiple IP addresses
An easy way of getting
the second PC online is to install a network card in it, buy a hub,
plug both PCs and the cable/DSL modem into the hub, call your ISP and
get a second IP address and configure the second PC accordingly.
It is what your ISP
most likely will try to talk you into doing.
Advantages:
the two PCs are
independent from each other
relatively easy setup
Disadvantages:
Both PCs are exposed
to public Internet
Enabling file sharing
adds security risk
Higher monthly ISP
cost for additional IP addresses
Option
#2: Internet Connection Sharing via Software
In this scenario, you
install a second network card in the computer that is connected to
the Internet, install a network card in the second PC, connect them
via a CAT5 cable. You configure the connection between PC 1 and PC 2
as a private network, then install and configure Internet Connection
Sharing software (ICS) on PC 1, lastly configure PC 2 to access the
Internet via PC 1.
Probably the cheapest
solutions of them all, but also the least reliable one.
Advantages:
cheap, only requires 2
network cards and Cat5 cable
ICS software is
available for free with newer versions of Windows or online as
freeware
No additional ISP cost
Disadvantages:
One PC is exposed to
public Internet
Can be difficult to
configure
If PC 1 is shut down
or broken, PC 2 cannot get online
Can be unreliable
Limited number of PCs
Option
#3: Using a hardware router/gateway/firewall device
In this scenario, you
install a hardware router/gateway/firewall device, connect the public
side to your cable/DSL modem, connect the private side to a hub,
connect all PCs to the hub, configure all PCs for your private
network.
|
While the costliest
solution, by far the safest, most reliable, and most scalable one.
Highly recommended.
Advantages:
All PCs are protected
by firewall (indicated by the color green)
File sharing between
PCs is safe
No additional ISP cost
Connect many PCs to
home network without additional cost
Easy PC configuration
due to DHCP server in gateway device
Optional additional
functionality with gateway-integrated wireless access point, print
server, DMZ, content filtering, and more
Disadvantages:
Can cost several
hundred dollars depending on gateway device and features
Somewhat of a learning
curve
As you have probably
figured out by now, option #3 is the most desirable solution because
it gives you a protected private network, it is a very stable
solution, it is easily and extremely expandable, and it gives you the
most features.
Note: This article
assumes that your cable/DSL modem uses an Ethernet connection, NOT a
USB connection because it will eliminate options #1 and #3. If your
ISP gives you a choice, insist on getting the modem with an Ethernet
connection.
Note: There are other
options available such as turning an old 486 or Pentium system into a
gateway using a Linux-based configuration like Smoothwall -
http://www.smoothwall.org,
or Coyote Linux -
http://www.dalantech.com/ubbthreads/showflat.php?Cat=&Board=unix&Number=32928,
but this requires advanced knowledge and is outside the scope of this
article, which is aimed at the typical Windows running home user.
Setting up the
Gateway Device
What
you need
Gateway
device
- There are a number of different devices available from several
companies. Check out the following web sites for some popular
possibilities:
D-Link -
http://www.dlink.com
Netgear - http://www.netgear.com
Linksys - http://www.linksys.com
SMC - http://www.smc.com
Gateways
have a number of basic features in common, such as NAT (network
address translation, translates your public IP to the private IP
addresses on your network), built-in DHCP server (automatically hands
out network configuration information to each PC), PPPoE (required by
some ISP to log on, usually for DSL), and stateful packet inspection
(inspects each network packet). Stay away from any gateway without
one of these features.
More advanced gateways
offer additional integrated features, such as
wireless access point
(allows wireless roaming from computers with a wireless network
card)
print server (share a
printer with all machines on the network)
VPN (connect to your
company network via VPN)
multi-port switch
(saves you the purchase of a hub provided the number of PCs is equal
or less the number of ports)
DMZ (make one PC
available to the Internet but still protect it through the firewall
Content filtering
(monitor and regulate Internet content)
Before making your
purchase think about which features you need and which you don't care
about. Compare models by features, check out reviews online, and
finally compare prices online to find the best deal for you.
Note: The web sites
listed above carry affordable products for the home user. If you're
looking for something more advanced and are willing to spend the
money, then visit Symantec - http://enterprisesecurity.symantec.com,
SonicWALL - http://www.sonicwall.com,
Cisco - http://www.cisco.com,
or Sun - http://www.sun.com
Hub/Switch
- Unless your gateway already comes with an integrated hub or switch,
you'll need to purchase a hub or switch. If you're planning to set up
a small home network with just a few PCs, a hub will work fine. The
main things to look at when purchasing is to make sure you get a
dual-speed hub or switch, meaning it supports both 10MB and 100MB
network speed, as well as ensuring you get enough ports. Always get a
few more ports than you think you need for possible future expansion.
Check out the below web sites for some popular possibilities:
D-Link -
http://www.dlink.com
Netgear - http://www.netgear.com
Linksys - http://www.linksys.com
SMC - http://www.smc.com
Network
Cards
- Each PC on your network needs a network card. For under USD20 you
can buy a decent 10/100MB PCI network card. Check out the following
web sites for some popular possibilities:
D-Link -
http://www.dlink.com
Netgear - http://www.netgear.com
Linksys - http://www.linksys.com
SMC - http://www.smc.com
Follow the instructions
that came with the card to install it. Tip: Instead of using the
driver that came in the box, go to the manufacturer's web site and
download the latest driver.
Cat5
cable
- You'll need several pieces of Cat5 cable. The example pictured
above requires 5 cables: One from each of the three PCs to the hub,
one from the hub to the gateway, one from the gateway to the cable
modem. The cable most commonly used for networking is referred to as
Cat 5 cable. Every decent computer store will sell you as much Cat 5
cable as you need by the foot. The cable should have a RJ-45
connector on each end, which looks like a phone jack just a little
wider. Be sure to get plenty of cable, it is very easy to
underestimate the length you need. Alternatively, you can make your
own Cat5 cable by following our tutorial: howto/cat5diy1.html.
Hardware
Installation
This is the desired
network configuration:
|
Once you have all the
pieces, start the physical setup part. Install a network card in each
PC following the included instructions. Make sure that each card
shows up properly in the device manager without any conflicts.
Use appropriate lengths
of Cat5 cable to connect each PC to the hub or switch. When running
the cable, be careful and place it where nobody can trip over it.
Make sure it doesn't have any sharp bends or kinks, which could cause
breakage. If you have to run cable through walls, avoid serious
injury inflicted by your spouse or landlord - please do not break 5
inch holes at eye-height in the middle of the wall.
Use Cat5 to connect the
uplink port of your hub or switch to the LAN port of your gateway
device. Pay attention to the link light on the hub/switch. If it
doesn't light up, use the button to switch the uplink port or use a
crossover-type cable instead as explained in the Cat5 tutorial.
Lastly, connect the WAN
port of the gateway to your cable/DSL modem.
That should be all the
physical work involved. Now you need to configure each PC.
Gateway and software
configuration
Gateway
Configuration
Please take the time to read the manual for your gateway
carefully so you learn to configure it properly. Don't be overwhelmed
at the beginning, it's not as bad as it may seem. The main thing to
understand is that the gateway has two sides: The WAN side (Wide Area
Network) connects to your cable/DSL modem and therefore to the
Internet via your ISP. The LAN side (Local Area Network) connects to
your private network via the hub or switch. The main task of the
gateway is to route the proper traffic from PCs on the LAN to the
Internet and back, but drop any unauthorized traffic.
You first configure the
public / WAN side of the gateway by entering the IP information your
ISP gave you. This usually includes an IP address, subnet mask, DNS
server(s), gateway IP, and possibly host name. Alternatively, if your
ISP uses PPPoE, you simply enable PPPoE in your gateway, enter the
user name and password your ISP gave you, and it will pick up these
settings automatically.
To configure the
private / LAN side of the gateway, you should enable DHCP. This
feature automatically serves each PC on your LAN the information it
needs to configure itself to participate on the network.
Read the instructions
carefully so you understand better how it works, and you'll get the
hang of it quickly.
Software
Configuration
The last step is to
configure each PC to see and be seen on the network. Go to the
Control
Panel and
open the Network
Connections
dialog, then right-click on the Local
Area Connection
and select Properties
(Windows 9x/ME users: Start
/ Settings / Control Panel / Network)
Verify that you
have these components installed. Use the Install / Uninstall buttons
to add missing or remove superfluous components (Windows 9x/ME users:
Add / Remove buttons).
On a small home
network, it can be helpful to install the NetBEUI protocol. In
Windows 9x, ME, and 2000 you can install it as follows:
Click the Add
button, select Protocol,
click Add,
select Microsoft,
highlight NetBEUI
and click OK
until you're back to the Network Properties dialog box. Don't close
this box until after the very last step.
In Windows XP,
installing NetBEUI is a little bit more difficult. Insert your XP CD,
then use Windows Explorer to browse to the directory
X:\VALUEADD\MSFT\NET\NETBEUI where X is the drive letter for your
CD-ROM drive. Open the file NetBEUI.txt in Notepad and follow the
instructions to add NetBEUI support.
While you're here, make
sure that the TCP/IP protocol is configured properly. There are two
ways to do so: You can manually configure each PC by entering an IP
address, gateway, DNS, etc. which gets really old really quickly.
Since your gateway device has a DHCP server which hands out all this
information automatically to each PC, you can configure TCP/IP to use
DHCP instead.
Highlight the TCP/IP
entry and click Properties.
If you see multiple TCP/IP entries, be sure to select the one for the
network card, not the one for your Dial-up adapter. Go to the General
tab, and select Obtain
an IP address automatically.
Now you can close the TCP/IP and Local Area Connection Properties
window since that's all we have to do here.
Now you need to
configure the computer name and workgroup. Open Windows Explorer,
right-click on My
Computer,
select Properties,
select the Computer
Name tab,
then click the Change
button. Enter a unique name for each PC, the choice of name is up to
you. Name them after the 3 stooges, the seven dwarfs, your favorite
baseball players, whatever. Then enter a workgroup name. This one
needs to be the same on each PC. If you can't think of one, use the
word Network, or Workgroup, or Home.
Windows 9x/ME users:
Start /
Settings / Control Panel / Network / Identification
In order to see other
PCs on the network and access the drives on the other PCs, you first
need to enable File Sharing, which is simple. In Windows Explorer,
right-click on the drive or folder you want to share on the network,
select Sharing,
and specify how you want to share the resource.
To share printers, you
need to enable sharing as well. Go to the Control
Panel and
open the Printers
and Faxes
dialog, then right-click the printer you want to share, and select
Sharing,
and specify how you want to share the printer (Windows 9x/ME users:
Start /
Settings / Printers).
After configuring each
PC and performing the necessary reboot, you should reboot each PC
again after each one has been configured. Then launch the Windows
Explorer on each PC and check out the Network Neighborhood icon at
the bottom. If everything went right, you should now see underneath
Network Neighborhood an icon for the Entire Network and then the name
of each PC on your network. If you open the Entire Network, you
should see the name of your workgroup which contains again all PCs on
the network.
That's it. You're done.
Now you can share files and printers over your new
Configuring
Home Network, Firewall Protection - Testing the Firewall
You can now test your
firewall to make sure your private network is protected from
unauthorized outside access by using an online firewall test such as
Steve Gibson's Shield's Up! - http://grc.com,
Sygate Online Services - http://scan.sygatetech.com/,
or Remote Security tester - http://www.mycgiserver.com/~kalish/.
Ideally, all tests should report that your gateway is in stealth
mode, meaning to the outside world there is no visible host.
Outbound
Traffic
The gateway firewall
will protect you from unauthorized access from the outside world,
meaning it will stop anybody trying to gain unauthorized access to
your home network from the outside. However, it will not prevent
unauthorized traffic to the Internet, meaning it will not stop a
trojan or spyware on your PC from making an outbound connection.
To protect yourself
from such unwanted network traffic, you should install a software
firewall that monitors outbound traffic. The best ones in this
category are also free for personal / home use. Check out Zone Alarm
- http://www.zonelabs.com,
and Kerio - http://www.kerio.com.
You can test your
software firewall against such "leakage" by running a leak
test such as Steve Gibson's LeakTest - http://grc.com/lt/leaktest.htm
or YALTA - http://www.soft4ever.com/security_test/En/.
As mentioned before,
depending on what gateway you ended up purchasing you might have some
bonus features.
DMZ
- Short for DeMilitarized Zone. It allows you to place a PC on the
public Internet, but still protect it and control access to it
through the firewall. This can be handy if you want to run any type
of server, e.g. game server, FTP server, or web server (check with
your ISP whether this is permitted).
Print
server
- Instead of sharing your printer from the PC it is connected to,
which requires that PC to be always on, you connect the printer to
the gateway to share it on your LAN.
Wireless
access
- If your gateway comes with a built-in wireless access point (WAP),
you can equip a PC or a laptop with a wireless network card and roam
around the house without a Cat5 cable.
Content
filtering
- Content filtering allows you to monitor and control what Internet
content can be accessed from your LAN, enabling you to blacklist
certain keywords and/or websites.
VPN
- Virtual Private Networking allows you to establish a secure
encrypted tunnel over the Internet to another network, e.g. your
company's LAN, enabling you to access company resources remotely from
home. Check with the company network administrator for details on
setting up a VPN connection.
Conclusion
A secure home network
with Internet Connection Sharing is not that difficult to set up. The
benefits of greatly improved security, savings by sharing your
Internet connection, and convenience of accessing resources across
the LAN make it more than worth the effort and the relatively modest
investment. Last but not least, you are bound to learn a bit about
networking and security in the process.
Note:
What
is PPP and PPPoE?
Point
To Point Protocol (PPP) and Point To Point Protocol over Ethernet
(PPPoE) are network protocols that allow data communication between
two network entities or points. Throughout the documentation for both
protocols, points are referred to as nodes, computers, or hosts. The
protocols are similar in design with a major difference - PPPoE is
encapsulated in Ethernet frames. Both protocols exist at the network
access layer (also known as the data link layer) that supports
network layer protocols including IPv4 and IPv6.
Point
To Point Protocol (PPP)
PPP
was first proposed as a standard by the Internet Engineering Task
Force (IETF) in 1989 and became a working standard in 1994. The IETF
specification for PPP is RFC 1661. PPP is a protocol most widely used
by Internet service providers (ISPs) to enable dial up connections to
the Internet. PPP facilitates the transmission of data packets
between point to point links. Originally designed to work with serial
connections, PPP was adopted by ISPs to provide dial up Internet
access. PPP can be encapsulated in a number of data link layer
protocols, including Ethernet (PPPoE) and Asynchronous Transfer Mode
(PPPoA).
PPP
uses Link Control Protocol (LCP) to establish a session between a
user's computer and an ISP. LCP is responsible for determining if the
link is acceptable for data transmission. LCP packets are exchanged
between multiple network points to determine link characteristics
including device identity, packet size, and configuration errors.
PPP
supports three types of user authentication protocols that provide
varying levels of security. Password Authentication Protocol (PAP) is
an access control protocol used to authenticate a user's password on
the network access server. The network access server requests a
password from the client machine and sends the retrieved password to
an authentication server for verification. As an authentication
protocol, PAP is considered the least secure because the password is
not encrypted in transmission.
Challenge
Handshake Authentication Protocol (CHAP) is similar to PAP with
several unique characteristics. Instead of requesting a password, the
network access server sends a challenge message to the client
machine. The challenge message is a random value. The client machine
encrypts the challenge message with a user's password and sends the
combination back to the access server. The access server forwards the
challenge/password combination to the authentication server. The
authentication server encrypts the challenge with the user's password
stored in the authentication database. If the user's response is a
match, the password is considered authentic. CHAP uses the model of a
shared secret (the user password) to authenticate the user. The use
of CHAP is considered a moderately secure method of authentication.
Extensible
Authentication Protocol (EAP) is considered an authentication
framework used by a number of secure authentication protocols. EAP is
most commonly used for authentication on wireless networks.
Point
To Point Protocol over Ethernet (PPPoE)
The
working standard for the PPPoE protocol was published by the IETF in
1999. The IETF specification for PPPoE is RFC 2516. PPPoE expands the
original capability of PPP by allowing a virtual point to point
connection over a multipoint Ethernet network architecture. PPPoE is
a protocol that is widely used by ISPs to provision digital
subscriber line (DSL) high speed Internet services, of which the most
popular service is ADSL. The similarity between PPPoE and PPP has led
to the widespread adoption of PPPoE as the preferred protocol for
implementing high speed Internet access. Service providers can use
the same authentication server for both PPP and PPPoE sessions,
resulting in a cost savings. PPPoE uses standard methods of
encryption, authentication, and compression specified by PPP.
PPPoE
is configured as a point to point connection between two Ethernet
ports. As a tunneling protocol, PPPoE is used as an effective
foundation for the transport of IP packets at the network layer. IP
is overlaid over a PPP connection and uses PPP as a virtual dial up
connection between points on the network. From the user's
perspective, a PPPoE session is initiated by using connection
software on the client machine or router. PPPoE session initiation
involves the identification of the Media Access Control (MAC) address
of the remote device. This process, also known as PPPoE discovery,
involves the following steps:
Initiation - The
client software sends a PPPoE Active Discovery Initiation (PADI)
packet to the server to intitiate the session.
Offer
- The server responds with a PPPoE Active Discovery Offer (PADO)
packet.
Request
- Upon receipt of the PADO packet, the client responds by sending a
PPPoE Active Discovery Request (PADR) packet to the server.
Confirmation
- Upon receipt of the PADR packet, the server responds by generating
a unique ID for the PPP session and sends it in a PPPoE Active
Discovery Session (PADS) confirmation packet to the client.
When
a PPPoE session is initiated, the destination IP address is only used
when the session is active. The IP address is released after the
session is closed, allowing for efficient re-use of IP addresses.
What
is DSL?
Here
is a basic primer on DSL technology. DSL is one of several popular
broadband internet connectivity options. DSL allows users to connect
with ISPs via phone company copper lines. A filter on the DSL
converter protects internet data parcels from the voice signals
carried on the PSTN network. In order to link up to the net, you need
a modem on the user site and a technology called the DSL access
multiplexer, DSLAM for short, to receive the signals from multiple
telecom clients.
Although
DSL shares “real estate” with PSTN voice traffic, the
technology has evolved to the point that DSL is a very clean, stable,
and effective way of getting bandwidth. Unlike cable, which can clog
up due to mass volumes of traffic, DSL provides a steady, consistent
stream of bandwidth. The closer you are to the so-called central
office, the faster your DSL will run.
This
means that if you are on the periphery of a DSL coverage area, you
may get slower connectivity speeds. Also understand that with DSL, as
with cable, your download times will generally be much faster than
your upload times. This asymmetrical configuration of the network is
inherent to the technology.
A
PSTN (public switched telephone network) is the world's collection of
interconnected voice-oriented public telephone networks, both
commercial and government-owned. It's also referred to as the Plain
Old Telephone Service (POTS).
It's the aggregation of circuit-switching telephone networks that has
evolved from the days of Alexander Graham Bell ("Doctor Watson,
come here!"). Today, it is almost entirely digital in technology
except for the final link from the central (local) telephone office
to the user.
In
relation to the Internet, the PSTN actually furnishes much of the
Internet's long-distance infrastructure.
Because Internet service providers ISPs
pay the long-distance providers for access to their infrastructure
and share the circuits among many users through packet-switching,
Internet users avoid having to pay usage tolls to anyone other than
their ISPs.
NetBEUI
(NetBIOS Extended User Interface) is a new, extended version of
NetBIOS,
the program that lets computers communicate within a local area
network. NetBEUI (pronounced net-BOO-ee) formalizes the frame format
(or arrangement of information in a data transmission) that was not
specified as part of NetBIOS. NetBEUI was developed by IBM for its
LAN Manager product and has been adopted by Microsoft for its Windows
NT, LAN Manager, and Windows for Workgroups products. Hewlett-Packard
and DEC use it in comparable products.
NetBEUI
is the best performance choice for communication within a single LAN.
Because, like NetBIOS, it does not support the routing of messages to
other networks, its interface must be adapted to other protocols such
as Internetwork
Packet Exchange
or TCP/IP.
A recommended method is to install both NetBEUI and TCP/IP in each
computer and set the server up to use NetBEUI for communication
within the LAN and TCP/IP for communication beyond the LAN.
File
Systems Unraveled
Most of you have
probably heard the term FAT, FAT32, FAT16, NTFS and partition table
thrown around quite a bit. They seemed like such mystical entities.
You never could figure out what exactly they all meant. This article
will change that. By the time I am done, you will know precisely what
each of these terms mean.
What
is a File System?
First, let's understand
what a file system is. A file system can be thought of as the way
your computer goes about managing the files that gets stored on your
hard drive. Your computer has thousands upon thousands of files. If
there were no organized way of managing them, your system would be
infinitely slow, provided that it works at all. This is
understandable if you just consider how much stuff you have piled in
your office, and how much time is wasted finding stuff that's buried
under a ton of paper. Now take that mess, and multiply it by a
thousand. That is what your computer would be going through if an
efficient file system didn't exist. And just like there are all kinds
of people in the world who organize things differently in the office,
there are many file systems out there with varying features. However,
there are several key functions that no file system should be
without:
Efficiently use the
space available on your hard drive to store the necessary data
Catalog all the files
on your hard drive so that retrieval is fast and reliable.
Provide methods for
performing basic file operations, such as delete, rename, copy, and
move.
Provide some kind of
data structure that allows a computer to boot off the file system.
There
are of course other file systems that go beyond meeting basic
requirements by providing additional functionality, such as
compression, encryption, password/permissions, filestreams, etc.
Later on in this article, I will discuss some of the extra features
in relation to Windows NT's NTFS.
FAT
In Detail
Note: This section is
more technical in nature than the rest of the article. Feel free to
skip if you'd like. But be warned that you'll miss some interesting
tidbits about the FAT you probably never knew.
So what is FAT, and how
do file systems work? The answer is quite simple in fact. The space
on your hard drive, at its most basic level, is divided into units
called sectors. Each sector is 512 bytes. So if your hard drive had
10 Kilobytes worth of total disk space, that would mean it is divided
into 20 sectors. But the file system doesn't directly deal with the
hard drive on a sector by sector basis. Instead, it groups a bunch of
sectors together into a cluster, and it deals with the cluster. These
clusters are also called allocation units by DOS. So another way of
thinking about this is to suppose that each sector on your hard disk
is a person carrying a bag, where you can store 512 bytes of
information into each bag. Now instead of numbering each person as
1,2,3, etc ... The file system first takes several people and put
them into a group, and call that group 1. So if you had 400 people,
and the file system decided to put 4 people to a group, then you'd
have 100 groups. In other words, on a drive with 400 sectors (or
roughly 200K of space), and with an allocation size of 4 sectors (or
2K), there would be 100 clusters. So then when the file system needs
to access a particular sector, it would first find the cluster number
of the sector, and then within that cluster, it would access that
particular sector by its sector index. This is akin to saying to find
a person, say Jon, I would find Jon's group number first, and then go
to his group and look for him.
All three of the file
systems (FAT16, FAT32 and NTFS) work like this. So what is the
difference between FAT16 and 32? The major difference lies in how
much space each file system can handle and how efficiently the file
system does it. The problem with file efficiency arises because each
cluster on a hard disk can only store one file! That means each group
can only be made to handle one item. To illustrate my point, consider
the following situation:
The file system decides
to divide all the people into groups of 8 (we'll get into how this
number of chosen later). Each of these 8 people has a bag that can
store stuff.
Now the file system
hands the first group a huge box of pencils and says "store
this." The eight people start to put the pencils in their bags,
and after one fills up, they move on to the next. The box of pencils
fills 7 bags.
The file system tries
to hand the group another small thing to put into the last 8th bag
which is empty. But the group says "sorry, we can only handle
one thing. You gave us one already." The file system says "fine,
but you are wasting 12% of your space (1/8 = 0.125)" The group
tells the file system "sorry, we can't help it." The file
system moves on.
Now the file system
gives the next group of 8, only a single pencil to store. The group
stores it and refuses to take anything else. The file system informs
the group that they are wasting almost 100% of their storage space.
But there is nothing they can do.
These stories may seem
silly, but they do get the point across, which is that as the size of
the clusters increase, the amount of space you waste will increase.
It is true that if you can make all your files precisely the same
size as your cluster, then you'd have 0% waste. But that is not
possible. Most typical files are not very big, and if the cluster
size gets huge, then the waste can be quite alarming.
So now the question
becomes how does my computer figure out the size of each cluster? The
answer is simple, take the size of your hard drive, and divide that
by the number of clusters involved. So what I am saying is this:
Cluster Size = Disk
Space / Number of Clusters Possible
And since Cluster Size
is directly proportional to wasted space (in other words, as the
cluster size increases, the waste space also increases), we can see
that what we want is a file system that can handle a large number of
clusters. And this is where FAT16 and FAT32 differ. FAT32 can handle
a lot more groups then FAT16 can.
But why is that? The
simple explanation is that FAT32 can count a lot higher than FAT16.
As I said above, each cluster is numbered by the file system. FAT16
uses 16 bit numbers to count the clusters. That means FAT16 uses
binary numbers of 16 digits. The consequence is that the highest
FAT16 can count to is 2^16 - 1 (yes, it is in fact 2^16 - 1, because
there are 2^16 digits between 0 and 2^16 - 1. Zero also has to
count), or 65535. So there can only be 65535 clusters to each FAT 16
disk. What that means for you, is that as your hard drive gets huge,
your cluster count remains the same, so your cluster size increases.
But don't think for a
minute that you can just indefinitely increase the size of each
cluster. That can't happen. The reason is that every sector inside a
group also has to be numbered. Each sector has an index number that
is written inside a byte. A byte is 8 bits. What that means is that
the number has to be less than 2^8 (255 to be exact). And since the
way you decrement in computers is to go by powers of 2, that means
you can only store a number as big as 2^7, or 128 sectors. So now
let's do a little bit of math:
You have a max of 65535
clusters,
You have a max of 128
sectors per cluster
You have 512 bytes per
sector.
That means your max
FAT16 size is = 65535 * 128 * 512 = 4 GB
Wait a second? That's
not right! I thought the limit was 2GB? And I thought each cluster in
FAT16 can be only 32K, not 64K! And you would be right. The problem
is that 128 sectors * 512 bytes per sector is 65536, which is one
more than a 16 bit number can handle. So again, we decrement to 64
sectors per cluster, which yields us 32K per cluster. And 32K per
cluster * 65535 is roughly 2GB.
File
Systems: FAT, FAT16, FAT 32
Now FAT32 solves this
problem by removing the 65535 clusters per disk limitation. FAT32 now
uses 32bit number, which is a number with 32 digits. That allows it
to count much higher. And since it can handle a bigger number of
clusters, its cluster size is much smaller than that of FAT16 for
bigger disks. In fact, FAT32's maximum disk size is 2 Terabytes.
To get this number, you
take the total number of sectors addressable (and I do mean sectors),
which would be 2^32 - 1, and multiple that by 512 bytes per sector.
That's a whopping 2048 Gigabytes, or 2 Terabytes. At this point, some
of you may be scratching your heads trying to figure out the
inconsistencies in my explanation. The first item to address is that
even though the file system accesses the sectors by a cluster count
first, that still doesn't alleviate the need to number the sectors
individually. Even in FAT16, the sectors are numbered. And that leads
to the second concern some of you may have. Since FAT16 uses 16 bit
numbers, doesn't that mean that there can be only 2^16 - 1 sectors?
Wouldn't that translate into 32 megs? Yes. You are right. But unknown
to most is the fact that since DOS 4.0, the underlying sector
numbering had already been changed to a 32bit value! The limit placed
on the disk size was purely due to the 16bit numbering of the
clusters, and the limit of the numbering system for the sectors in
each cluster, as discussed above.
Ok, so we know what
sectors and clusters are. But how does that get translated into
files? That is where the File Allocation Table comes in. The FAT is a
huge database that contains records of where each file is on the
disk. In fact, it would not be too much of a stretch to just think of
the FAT as a table with several columns that each record something
about the files on the drive. Each record inside the FAT will take up
32 bytes of space. In other words, if I had 100 files on the
computer, it would take the system roughly 3200 bytes to record all
of that information into the FAT. Just for fun, let's take a look at
what is stored in these 32 bytes:
Byte | Info |
1 | Filename |
9 | Extension |
12 | Attributes |
13 | Reserved |
23 | Time |
25 | Starting |
29 | File |
Interesting list isn't
it? Some of the entries are self-explanatory. But there are two that
are rather interesting. The first thing to look at is the Starting
Cluster field. Some of you may have been wondering how the system
translates cluster and sector indices into filenames and such. The
answer is that for each file, there is a field in the FAT that
indicates the first cluster of the file. The system would read that
FAT entry and then find the starting cluster and read the file. Now
the question is how does the system know when to stop reading?
Furthermore, even before that, how does the system know where to read
next after this cluster? The answer is that written within each
cluster is the address of the next cluster that contains information
from this file. So a computer reads the current cluster and checks to
see if there are any other clusters after it. If there is, it skips
to that cluster and reads it, and checks for the next one. This
process repeats until it finds a cluster with no pointers. The CS
majors reading this would recognize this as a Linked List
implementation.
The other interesting
feature of this table is that each directory entry (record in the
FAT) uses 4 bytes to store the size of the file. This may not seem
like much at first. But what it actually tells you is the maximum
size possible for any single file. The fact that we use 4 bytes to
store a file size tells us that the largest number that can be
represented is 32bits (recall that there are 8 bits per byte). So
what is the largest 32bit number? That would be 2^32 - 1. So a file
can have a maximum of 2^32 -1 bytes, or 4 Gigabytes. This calculation
is obviously done under the assumption that we are using FAT32.
The last two fields I'd
like to take a look at are the filename field and the reserved bytes
field. The interesting thing about the filename field is that DOS
uses that field to perform undelete. When you erase a file in DOS,
you aren't actually erasing the file. All you are doing is changing
the first letter of the filename field into a special character. And
as far as the file system is concerned, the file isn't there, and the
next time a file is written to this cluster, the current file is
erased. The way DOS performs an undelete is to simply change that
first letter back to something else. That is why when you used
undelete in DOS, it always asked for the first letter of the filename
before it could restore the file. Mystery solved.
Now let me just make a
quick mention of the reserved fields. The reserved fields didn't do
much in FAT16, but it became rather useful in FAT32 and in NTFS.
Since FAT32's cluster numbering used 32bit numbers instead of 16bit,
as was the case in FAT16, the system needed two extra bytes to
accommodate the added digits. Those two bytes were taken out of the
reserved field. And in NTFS, compression attributes, some security
information was also written into the reserved field of the FAT.
Before I move on, I'd
like to point out a few of the other differences between FAT16 and
FAT32. In FAT32, the root directory is unlimited in size. What this
means is that you can have as many files and directories in C:\>
as you'd like. In the days of FAT16, you could have a maximum of 255
directory entries. That means that if you had normal filenames of 8
letters + 3 extensions, you have a maximum of 255 directories +
files. That may seem like more than you'd need to put in the root
directory. And it probably is , if you had 8.3 filenames. But in
Win95, the system can support long filenames. The trick is that Win95
combines multiple directory entries to support long filenames. So
consider a file that's named "My English Paper". That is 16
letters long. So it takes 2 directory entries, at least. Actually, it
takes 3 directory entries. It takes 2 for the long filename, and
another one for the short 8.3 filename to be compatible with DOS and
Win3.1. As you can see, long filenames can quickly deplete directory
entries.
Another nice feature is
that FAT32 has better FAT redundancy. Both FAT32 and FAT16 store two
copies of the file allocation table on disk. But traditionally, the
file system only read from one of them. In FAT32, the system could
choose to read from either one, which provides a better failsafe for
freak accidents involving corrupt file tables.
It is apparent that
FAT32 is a superior file system then FAT16. Unfortunately, FAT32 is
not supported by every operating system. The original version of
Windows 95 couldn't read FAT 32. It wasn't until version B (OSR2) did
Win95 gain that ability. And all versions of WinNT before 5.0 (named
Windows 2000 or short Win2K) could not read FAT32 drives either
New
Technolgy File Systems: NTFS
New
Technology File System
Now that I've covered
FAT16 and FAT32 both in excruciating detail, let's turn our attention
to NTFS, the proprietary file system for WinNT. While FAT32 was a
decent system, it lacked some of the more advanced features that many
businesses need to run a network. Chief among them are file level
security, encryption, event logging, error recovery and compression.
NTFS (5.0) provides all of these features in a nicely optimized
package.
Permissions:
The feature that NT is
probably best known for is its file level security. With NTFS
permissions, you can control which users have what kind of access to
which files. This is a stark contrast to the "security" in
Windows 9x, where the system policy editor affords the only measure
of protection. Once a knowledgeable user gets past the policy
protections, which is only skin deep (or interface deep), every file
on the system is his for the taking. In Windows NT, even if you get
past the interface lockouts, you'll still have a hell of a time
accessing other people's files, because they are locked at the file
level.
Before I discuss how to
set file permissions, we need to take a step back and look quickly at
how permissions in general work on Windows NT. Windows NT's security
model is an entire topic onto itself. So I will not cover it in
detail here. However, a general overview will prove beneficial.
With Windows NT, you
can assign security at two different levels - on a per user basis,
and on a group basis. So, if there is a user called Jane who belongs
to the Marketing User Group, you can affect Jane's access permissions
by either assigning permissions to her account, or to her group. So
what happens if Jane's group has Modify Access to a document, but
Jane is only assigned Read Access? Surprising enough, the least
restrictive of the two permission sets takes precedence, in this
case, the Modify Access. The one glaring exception is the No Access
permission. If a No Access permission is assigned at any level, the
user has no access, regardless if any other permissions assigned. So
if the Marketing Group is assigned No Access, Jane would have no
access even if her account is assigned Full Control.
So there you have it,
NT file level security at a glance. There is so much more to it, but
as this is an intro article, a more in-depth exploration of NT file
security seems more appropriate in a separate article. With that
said, let's take a look at some of the other features of NTFS.
Compression:
Another useful feature
is compression. It works transparently (like DriveSpace), and can be
assigned to individual files (unlike DriveSpace). To turn on
compression for a file, right-click on it and choose Properties.
From the Properties menu, you can check the Compressed
attribute. The same can be done on a directory.
Encryption:
But what is even more
useful is the encrypted file system (EFS) included in NTFS 5.0. With
EFS, you can actually encrypt a file, rather than just protect it via
permissions. This is a long overdue feature since there are other
operating systems on the market which will read files on an NTFS
volume while bypassing the NT security. BeOS is one example, one
which I have used. Various flavors of Linux might also provide
similar functionality, though I have yet to personally encounter one.
However, if a file is encrypted, then such dangers are drastically
mitigated. NT5's EFS is a system level service, which means it runs
even when all users are logged off. This also prevents hackers from
easily disabling the program, as is the case with user mode
encryption programs. Moreover, the encryption system works
transparently with respect to the user. What that means is that if a
user has permissions to decrypt the file, then when the file is being
accessed, it will be decrypted seamlessly, without any user
intervention. On the other hand, if the user does not have
appropriate access, then an "Access Denied" error will pop
up.
In principle, EFS works
on a public/private key system (via CryptoAPI if you are interested).
When a file is encrypted, a file encryption key (FEK) is
automatically generated. That randomly generated FEK is used to
encrypt the file(or folder). The FEK is then, itself, encrypted using
the user's public key. A list of encrypted FEKs is stored as a part
of the file content. When the user tries to access the file, the
system will attempt to decrypt the FEK with the user's private key.
If it succeeds, then the decrypted FEK is then used to decrypt the
actual file. However, if a file is copied to a non-NTFS partition,
then a plaintext version of the file is created.
To activate encryption,
simply right-click on a folder and choose Properties
from the popup. Then simply check the Encrypt
checkbox. By default, Windows Explorer will only allow folders to be
encrypted (which is the recommended method). However, the command
CIPHER can be used to encrypt on a per file basis. To encrypt:
CIPHER /e myfile.txt
To decrypt:
CIPHER /d myfile.txt
The other nice thing
about EFS is that it offers a data recovery mechanism. A data
recovery agent is automatically configured. In a Windows 2000 domain,
that defaults to the domain admin. The assigned security agent could
then decrypt any file that is under his scope. It is important to
note that when recovery occurs, only the file's FEK is revealed, and
NOT the user's public key. This way, it prevents the security agent
from accessing files that are not under his scope. As always, the
domain admin will have the power to delegate security recovery rights
to other user groups as to provide both flexibility and redundancy.
File
Auditing
File
Auditing:
However, just
protecting the file against possible intruders is not enough. There
must be a way for an admin to know if a file hack has been attempted.
This is where File Auditing (event logging, if you will) comes in
handy. With NTFS, you can keep track of who has tried to access what
file, and if they succeeded. To enable file auditing, use the
following steps:
First, make sure that
File access auditing is turned on via User Manager.
Then simply go into
the Security
tab of any file you wish to audit and click on the Audit
button.
Now simply add the
users whom you wish to audit for the given file, and then click OK.
Now select the events
you wish to audit. Click on OK.
To view the audited
events, go through Event Viewer and look at the security logs.
Data
Recovery:
But what good is
protecting your data if it simply gets corrupted when the system
crashes? Here too, NTFS has a solution. NTFS has superior data
recovery capabilities (compared to FAT and FAT32). Each I/O operation
that modifies a file on the NTFS volume is viewed by the file system
as a transaction and can be managed as an atomic unit. When a user
updates a file, the Log File Service tracks all redo and undo
information for the transactions. If every step of the I/O process
succeeds, then the changes are committed to disk. Otherwise, NT uses
the Undo log to roll back the activity and restore the disk to a
state before the changes were made. When Windows NT crashes, NTFS
performs three passes upon reboot. First, it performs an analysis
phase where it determines exactly which clusters must now be updated,
per the information in the log file. Then it performs the redo phase
where it performs all transaction steps logged from the last
checkpoint. Lastly, it performs the undo phase where it backs out of
all incomplete transactions. Together, these steps ensure that data
corrupt is kept to a minimum.
Yet
Another Cool (But Scary) Feature:
At this point, you
probably think NTFS is pretty cool. But there is one other cool
feature in NTFS that is documented, but not very well publicized (for
obvious reasons as you will see). What I am referring to is
filestreams (Unix users will be familiar with this feature). To
illustrate the concept if filestreams, let's first picture any file
(whether it be a document, a exe or a jpeg) as a garden hose. When
you access the data in the file, that data flows through the file in
a continuous stream, like water flows through a garden hose. In a
typical file, there is only a single data stream, the default stream.
All data written to and read from the file comes out of that stream.
When Explorer displays (or the command interpreter) reads the size of
the file, it is reading the data stored in that stream. In FAT and
FAT32, this fact was of little concern since any file could only be
given a single stream (the default). However, this all changes in
NTFS, which allows any given file to have multiple data streams. This
is akin to a garden hose that has within it multiple smaller hoses,
each with its own stream of water flowing. In fact, each stream can
contain different types of data. One data stream could be a text
document, while another could contain WAV file data, another that
contains executable code, and yet another that contains jpeg data.
You can almost think of files with multiple data streams as a special
kind of folder with multiple files stored within it.
To illustrate my point,
let's create a text file with multiple filestreams:
Go to Windows NT's
Command Interpreter (type cmd
at the Run prompt)
Switch to a partition
that is NTFS.
Type the following:
echo
This is what you'll see >> stream.txt
[Press Enter]
echo
This is what you won't see >> stream.txt:hiddenStream
[Press Enter]
Now, open the file up
in Notepad
What
you'll see is the text "This is what you'll see." The other
string of text "This is what you won't see" is in the file,
but it is stored in a separate file stream called hiddenStream. And
since most programs do not read data from any stream other than the
default stream, that data is hidden from the user. To view the
contents of the hidden stream, do the following:
Go to the NT Command
Interpreter.
Type the following:
more
< stream.txt:hiddenStream
And viola! There is
your hidden stream
At
this point, you should be getting chills, because filestreams brings
up some very disturbing possibilities for writing viruses and such. A
virus writer could conceivably write the executable code for his
virus into a hidden stream of a text file! This way, normal virus
scanners would not find the harmful code. To activate the virus, the
malicious programmer need only to write a catalyst program that
performs a seemingly innocuous file read operation from a text file.
The worst part of all of this is that hidden streams are difficult to
detect because data written into the file stream is NOT calculated as
a part of the file's size. So you could have a text file that
contains 20 bytes of text and 2 megs of executable code and show up
as 20 bytes. Even worse, any user could create files with hidden
streams, even your guest account users (assuming they can write to a
directory).
Thankfully, the
situation is not hopeless. For one, hidden file streams can be
detected via the use of Windows APIs. Secondly, all hidden streams
are lost when the file is copied to a non-NTFS partition. So
conceivably, anti virus firms can write scanners that scan form
hidden streams. To the best of my knowledge, there haven't been any
serious viruses written to take advantage of this particular feature
in NTFS. For now, you can rest easy knowing that the end isn't quite
here yet. But definitely keep filestreams in mind, for if there is a
security weakness, somebody will find it sometime.
Conclusion:
There you have it - the
three most common file systems in a nutshell.
Note:
What
Is NTFS?
A
file system is a part of the operating system that determines how
files are named, stored, and organized on a volume. A file system
manages files and folders, and the information needed to locate and
access these items by local and remote users. Microsoft Windows
Server 2003 supports both the FAT and NTFS file systems.
NTFS
allows you to gain the maximum benefits for the needs of today’s
enterprise business environments from Windows Server 2003, such
as increased security, more robust and reliable performance, as well
as a design for greater storage growth, features not found in FAT.
Common
NTFS Scenarios
This
section describes a few scenarios in which NTFS should be used as the
file system on a server running Windows Server 2003.
Increasing
reliability
NTFS
uses its log file and checkpoint information to restore the
consistency of the file system when the computer is restarted in the
event of a system failure. In the event of a bad-sector error, NTFS
dynamically remaps the cluster containing the bad sector and
allocates a new cluster for the data, as well as marking the cluster
as bad and no longer using it. For example, by formatting a POP3 mail
server with NTFS, the mail store can offer logging and recovery. In
the event of a server crash, NTFS can recover data by replaying its
log files.
Increasing
security
NTFS
allows you to set permissions on a file or folder, and specify the
groups and users whose access you want to restrict or allow, and then
select the type of access. NTFS also supports the Encrypting File
System (EFS) technology used to store encrypted files on NTFS
volumes. Any intruder who tries to access your encrypted files is
prevented from doing so, even if that intruder has physical access to
the computer. For example, a POP3 mail server, when formatted with an
NTFS file system, provides increased security for the mail store,
security that would not be available should the server be formatted
with the FAT file system.
Supporting
large volumes
NTFS
allows you to create an NTFS volume up to 16 terabytes using the
default cluster size (4 KB) for large volumes. You can create
NTFS volumes up to 256 terabytes using the maximum cluster size of
64 KB. NTFS also supports larger files and more files per volume
than FAT. In addition, NTFS manages disk space more efficiently than
FAT by using smaller cluster sizes. For example, a 30-GB NTFS volume
uses 4-KB clusters. The same volume formatted by using FAT32 uses
16-KB clusters. Using smaller clusters reduces wasted space on hard
disks. NTFS supports the many capabilities of dynamic disks for
managing large storage requirements.
Limited
space on a volume
If
your organization has limited space on a volume, NTFS provides
support for increasing storage on a server with limited disk space.
Disk quotas allow you
to track and control user disk space usage for NTFS volumes.
NTFS supports
compression as well as adding unallocated space from the same disk
or from another disk to increase the size of an NTFS volume.
Mounted volumes allow
you to mount a volume at any empty folder on a local NTFS volume if
you run out of drive letters or need to create additional space that
is accessible from an existing folder.
Using
features available only in NTFS
NTFS
has a number of features that are not available if you are using a
FAT file system. These include:
Distributed link
tracking. Maintains the integrity of shortcuts and OLE links.
You can rename source files, move them to NTFS volumes on different
computers within a Windows Server 2003 or Windows 2000
domain, or change the computer name or folder name that stores the
target without breaking the shortcut or OLE links.
Sparse files.
Large, consecutive areas of zeros. NTFS manages sparse files by
tracking the starting and ending point of the sparse file, as well
as its useful (non-zero) data. The unused space in a sparse file is
made available as free space.
NTFS change
journal. Provides a persistent log of changes made to files on a
volume. NTFS maintains the change journal by tracking information
about added, deleted, and modified files for each volume.
Hard links.
NTFS-based links to a file on an NTFS volume. By creating hard
links, you can have a single file in multiple folders without
duplicating the file. You can also create multiple hard links for a
file in a folder if you use different file names for the hard links.
Because all of the hard links reference the same file, applications
can open any of the hard links and modify the file.
Using
Windows Server 2003 features that require NTFS
Windows
Server 2003 includes a number of features that require NTFS as
the file system. A few of these features include:
Volume Shadow Copy
service. Service that provides an infrastructure for creating
highly accurate, point-in-time shadow copies. These copies of a
single volume or multiple volumes can be made without affecting the
performance of a production server. The Volume Shadow Copy Service
can produce accurate shadow copies by coordinating with business
applications, backup applications, and storage hardware.
Distributed File
System (DFS). Strategic storage management solution in Windows
Server 2003 that enables you to group shared folders located on
different servers logically by transparently connecting them to one
or more hierarchical namespaces.
File System
Replication (FRS) Technology that replicates files and folders
stored in the SYSVOL shared folder on domain controllers and
Distributed File System (DFS) shared folders. When FRS detects that
a change has been made to a file or folder within a replicated
shared folder, FRS replicates the updated file or folder to other
servers.
In
addition, NTFS is required before you can promote a server running
Windows Server 2003 to a domain controller that hosts the Active
Directory directory service.
If
the volume is not formatted with the NTFS file system, these Windows
Server 2003 features will not be available.
Note
Although NTFS is the
preferred file system for hard disks, NTFS cannot be used on
removable media. Instead, Windows Server 2003 uses FAT12 for
formatting floppy disks, and FAT32 for formatting flash media and
DVD-RAM discs.
Operating
System and NTFS Compatibility
NTFS
is not supported on versions of Microsoft Windows earlier than
Windows NT 4.0 and Windows 2000 Professional or
MS-DOS. The table Operating System and NTFS Compatibility shows which
operating systems support NTFS.
Operating
System and NTFS Compatibility
Operating | NTFS |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Note
Computers running
Windows NT 4.0 require Service Pack 4 or later to access
NTFS volumes previously mounted by Windows 2000, Windows XP,
or Windows Server 2003.
Windows
Installation: How to perform a clean install of Windows
How
to Start Again From Scratch
Most of the time you
can resolve Windows problems with diligent troubleshooting. But
sometimes, you just can't figure out the problem, reinstalling
Windows didn't work, and you are tired of having troubles and want to
start from scratch with a nice clean slate by reinstalling your
operating system and all your applications software. This can be
surprisingly easy, however, it must be done correctly - or you'll get
plenty of practice doing it again. This tutorial is designed to help
you make the process as easy and problem-free as possible.
A guide to setting up a
new hard disk with Windows / performing a clean installation of
Windows XP, 2000, ME or 98:
Before we begin, there
are a few items that I must address:
This material is
presented "as is" and nobody can be held responsible for
any damages or problems that might occur from the use or misuse of
this information. Ultimately it is you that is responsible for what
you do on your computer. However, I can reassure you that I have
done my best to make sure this information is correct.
If you are running a
system with an older bios that does not support LBA mode for large
hard disks and are using some sort of disk manager or overlay
program like EZBIOS so your hard drive can be recognized, please
consult the program's documentation for instructions.
Do not
proceed with this method!
If you are using a
third party boot manager program like System Commander (used to boot
multi operating systems), consult the program's documentation for
instructions on removal.
If you own a brand
name computer like Compaq or IBM for example, you may not have a
Windows CD. Instead you might have a "Restore/Recovery CD"
(or even a hidden partition on your drive) that will return your
system to the state it was in when it left the factory. If you have
one of these, I highly recommend that you use it. You just run the
program on the CD and follow the directions and it will do all the
work for you; and you will not have any driver related problems.
Consult your Owner's Manual or contact the manufacturer for more
information.
Pre-Format
Check List!
Have ALL driver
disks on hand. If any of your hardware is using drivers from the
manufacturer make sure that you have them. Do not proceed unless you
have downloaded the most recent version of all drivers to floppy
disks, or you know for a fact that Windows detects and installs
drivers for all your hardware. These are things you must know before
you format your hard drive. To find out more about your hardware and
drivers, use the Device Manager utility in System Properties. The
fastest way to get there is to right-click on the My
Computer
icon on the desktop and choose Properties
from the menu. This is System Properties (same as double clicking
System in Control Panel). Click the Device
Manager
tab and you will see hardware categories in a familiar expanding tree
structure. Click the +
sign to expand a tree and highlight a device and right click to the
Properties
button. Click the available tabs to view things like resources used,
device status, driver files used and provider and date of the device
driver. For example, if they say "Microsoft" as the
provider, then you are assured that the driver came from the Windows
CD and wasn't installed from a third party vendor's diskette. You can
print all of the information in device manager too if desired; this
could make it easier to troubleshoot problems and also make it easier
for someone else to help you if you have this to refer to in times of
need. When you first open Device Manager, "Computer" is
highlighted at the top of the tree. Clicking the Print
button will print all of the information in device manager.
Back Up Your Data
Files. Save your data files like documents, spreadsheets,
pictures, sounds, address books, mIRC script, etc. to another drive
(or floppy disks, Zip disk, CD-R, etc.). Don't forget your web
browser's bookmarks! Do not proceed until you have triple checked to
make sure you aren't forgetting anything. Even after triple checking
you may discover something you forgot after its too late. For more
detailed tips about backing up.
How to back up
Backing up means to
keep a copy of your important files in a separate location for
retrieval in case of an emergency. Keeping a copy of it in another
folder on the same hard drive though is not a good idea. It means to
put it on a separate media. Preferably, you have two backups on two
separate types of media in two places.
The oldest and worst
way to back up is to save your data to floppy. As I said before,
floppies fail rather quickly and are not a reliable storage media.
Bad idea. use them only for temporary storage or data transportation
if there is no other way.
Another older and very
popular way was to use a tape drive. They could store several
Gigabytes of data. The disadvantage of tape drives are that they are
slow and that the tapes are somewhat sensitive to heat, magnetism
etc. which does not make them the most reliable media either.
Then a few years ago,
the Zip drive from iomega
came out. It became very popular overnight for several reasons. It is
easy to use, just like a floppy drive. Insert a disk, copy the data,
eject the disk, done. It is also very mobile if you have an external
Zip drive. Just take it with you, plug it in, install the software if
needed and you're set. The Zip disks are relatively reliable (yes,
there was the click of death but it supposedly affected less than 1%
of all Zip drives according to iomega) and can store 100 Megabytes,
that's about 70 floppies worth. Recently iomega released a new
version that can store 250 MB. However, the disks are still somewhat
pricey, and a lot of times several disks are required for a complete
backup.
Recently, recordable
and re-writable CD burners have flooded the consumer market and
offered another way of data storage. A good burner can be had for
$200 - $300, the disks cost $1 for recordable and $2 - $3 for
re-writable ones. The disks hold approximately 650MB of data. The
advantage is that the media is pretty cheap and very reliable, but
the burners cost more than a tape or Zip drive. I've been using a CD
burner for a while now for backups and found it to be very reliable
and convenient.
Another way of backing
up data is to another hard drive. If you have multiple PCs at home
and they are networked,
you can copy data files to the hard drive of another PC on the
network for backup. That way, if one PC goes down, you still have the
data on the other PC. The advantage is that it is pretty quick and
easy to do, but it takes away some hard drive space and it does not
allow off-site storage of the backups which is a problem if your
house burns down and all PCs on your home network go up in flames. I
always back up my data to my laptop as well by connecting my laptop
to my home
network
or by using Direct
Cable Connection.
Recently I have seen
some ads for online backup storage, where you can rent disk space
online and upload your data for backup. I am still a little skeptical
about this concept, because you depend on your ISP and the disk space
provider to be up and running for data retrieval, if you have lots of
data and only a 56k modem, upload will take quite some time, and
lastly, you put all your info on a strangers machine.
Be
organized
To make backing up your
data easier, it helps if your data is organized. If you save all your
data in the program folder of the program the data is used in, e.g.
Word documents in C:\Office\Word, Excel documents in C:\Office\Excel,
you will have a lot of fun hunting down all your files and making
sure you didn't forget anything when backing up. Believe me, it gets
old real fast. Instead, you should make a point of saving all your
documents, no matter what it is, in one central location. That's what
the My
Documents
folder is for. You can make subfolders called Private
and Business,
and subcategorize those more. This way 95% of your backup will be
done by simply copying the My
Documents
folder. Very easy and convenient. But don't forget, as I mentioned
earlier, to also back up your bookmarks and e-mail data. If you use
MS Internet Explorer, you need to back up the folder
C:\Windows\Favorites
which contains the bookmarks and the folder C:\Windows\Application
Data\Microsoft\Address Book
for your e-mail addresses and the folder C:\Windows\Application
Data\Microsoft\Outlook Express
for your e-mail if you use Outlook Express. If you use Netscape, you
need to back up the folder C:\Program
Files\Netscape\Users\(your user name here),
it contains all your Netscape related data.
Additional
considerations
The backups described
above will of course only back up the data files or documents. This
means if you lose a hard drive, you need to reinstall the operating
system and the programs first, then retrieve the data. If you want to
save yourself the hassle of reinstalling everything, you could get a
program like Ghost
from Symantec
or Drive
Image from Powerquest
or one of many others. These programs will take a snapshot of your
drive and save an image of the drive as is. When you have to start
over with a blank hard drive, you just restore the disk image and
you're back in business, no reinstalling of any programs necessary.
If you want the backup
process to happen automatically, you can get a backup program that
does the backup on a regular basis and lets you schedule full an
incremental backups. This type of backup is recommended for
businesses that have multiple machines.
Last, remember to back
up regularly. You don't want to have something happen to your data,
then restore your backup just to realize it is 6 months old.
Depending how much work you do, back up either weekly or at least
monthly. It is also a good idea to store your backups off-site, e.g.
in your safe deposit box in your bank or anywhere else where they
can't be harmed and won't be lost when your house burns down or is
burglarized. It's your data, keep it safe
Make SURE you have a
boot disk that can access your CD ROM drive. I cannot stress this
enough. Boot with your boot disk and ensure that the drivers that are
loading can access your CDROM. Insert the Windows CD, change to the
CDROM drive letter, and type DIR
to make sure you can read the Windows CD. To make double sure, open a
file like ReadMe.txt. To find out how to create a bootable floppy
disk with CD ROM support. Make sure you test it before proceeding!
Newer machines may have the facility of booting from CD/DVD drives.
Check your motherboard manual to see if this is a feature you have.
In order for your
CD-ROM (also used in this article to mean DVD-ROM, CD-RW, CD-R,
DVD-RW, DVD-R and other similar optical drives) drive to function in
a MSDOS environment, that is when none of the Windows components or
Windows drivers are loaded, you need to load a real mode CD-ROM
driver and a small program (MSCDEX.EXE) that initializes it and
assigns it a drive letter. In summary, this is done by specifying a
line in the CONFIG.SYS file that loads the driver, with a switch that
assigns an "alias" to it. Next, a line in the AUTOEXEC.BAT
file loads MSCDEX.EXE with the switch that references the alias
defined in CONFIG.SYS for the CD-ROM driver.
Note: If all you
need to do is get the CD-ROM drive to work so you can install or
reinstall windows and you just don't want to deal with all this,
scroll down to download a .ZIP file to be extracted to a bootable
floppy disk that will allow you to install Windows 95 from the
CD-ROM. The driver will work with most IDE CD-ROM drives. If you are
running Windows 98, separate (and easier) instructions are provided
below as well.
Here is a typical
example of loading a CD-ROM driver in the CONFIG.SYS file. Note the
drive and path, you must change this to the correct path and filename
of your real mode CD-ROM driver. Typically, it will have the file
extension of .SYS as do most drivers that load in this manner.
DEVICE=C:\CDROM\VIDE-CDD.SYS
/D:IDECD001
Note that the /D:
switch is NOT to assign a drive letter, think of that switch as
"Driver" and the IDECD001 is the "alias" that we
are assigning to the driver. Its importance will be apparent soon.
Here is an example of a
line that loads MSCDEX.EXE in AUTOEXEC.BAT:
C:\WINDOWS\COMMAND\MSCDEX.EXE
/D:IDECD001
Note the usage of the
/D: switch again. The alias (in this case IDECD001 must be identical
to the one specified in the CONFIG.SYS file. When you go to edit
these configuration files, look at your AUTOEXEC.BAT file and you may
see that the MSCDEX line is already there, but is prefaced with "REM
- BY WINDOWS SETUP". This is because Windows 9x setup comments
out that line because real mode drivers should not load with Windows,
which has protected mode CD-ROM drivers of its own. In many cases you
simply need to remove the REM - BY WINDOWS SETUP from the command and
reboot to command prompt only, and you will have DOS CD-ROM support.
Be sure to add REM in front of the line before you boot back into
Windows 9x, as MSCDEX.EXE should not load with Windows 9x.
If you are lucky, or if
your CD-ROM uses proprietary drivers, you may have a driver disk that
came with your computer or CD-ROM drive. In that case all you will
have to do is put the disk in the drive and type "setup" or
"install", (whichever the case may be, look for setup.exe
or install.bat or install.exe etc. on the disk) and the setup will
take care of this mess for you.
Now, why do you want
CD-ROM support in DOS? If you need it to install windows, it would be
best to set this up on a boot disk. If you want CD-ROM support
because you want to play games, then additional commands/devices will
be required in the configuration files and it would be probably
easiest to set this up on the hard drive, (though you can use a boot
disk for games too). I will provide some information for both, so
scroll down for what is appropriate for you.
If
You Need This To Install/Re-install Windows 95
Installing Windows 95
requires a clean startup. We want as few programs or devices using
conventional memory as possible, and we do not want any memory
manager programs like EMM386.EXE loading. All we really want is
HIMEM.SYS (to enable extended memory; memory above the 640K
conventional memory), and MSCDEX.EXE and our CD-ROM driver. It is a
good idea to use a boot disk, preferable a Windows 95 Startup Disk.
To make a Windows 95 startup disk go to Add/Remove
Programs
in Control Panel and click the Startup
Disk tab
and create the disk. Whatever you choose for a boot disk, you will
have to create (if not already present) an AUTOEXEC.BAT and
CONFIG.SYS file and edit them to include lines for CD-ROM support.
You can use Notepad for this or the MSDOS Editor.
A Typical CONFIG.SYS
file, for a boot disk to install Windows 95:
DEVICE=A:\HIMEM.SYS
DEVICE=A:\VIDE-CDD.SYS
/D:IDECD001
A Typical AUTOEXEC.BAT
file, for a boot disk to install Windows 95:
@ECHO OFF
A:\MSCDEX.EXE
/D:IDECD001
If you do not have a
real mode CD-ROM driver, or are not inclined to edit these
configurations yourself, I have made a .ZIP file that you can unzip
to a bootable disk and then if you boot with the disk, you will have
CD-ROM support. I encourage you to use a Win95 Startup Disk, but if
this is unavailable any bootable disk from your Windows 9x operating
system will do. The AUTOEXEC.BAT file that will be on your boot disk
(after unzipping the file bootdisk.zip to your bootable disk) has a
batch script that will look for and attempt to copy HIMEM.SYS from
your Windows directory to the boot disk. You will be prompted if this
is the case.
After downloading this
file, read the README.TXT file for complete instructions. Please note
that while I have done my best here, I cannot be held responsible for
whether or not this works for you, or for damages that may be
incurred from its incorrect use. Please note that this will only work
for IDE CD-ROM drives, and NOT for SCSI drives. If your drive is SCSI
or requires proprietary drivers please contact the manufacturer
(perhaps they have a website?) for the appropriate files (or see if
you have a disk somewhere).
If
You Are Running Windows 98
Thankfully, the Windows
98 Startup disk already has CD-ROM support for IDE and SCSI CD-ROM
drives. Create a Windows 98 Startup Disk by double clicking
Add/Remove Programs in Control Panel and clicking the Startup Disk
tab and create the disk. Boot with the disk and select the option to
enable CD-ROM support. Test your disk to make sure you can access the
CD-ROM drive before you do anything drastic like formatting the
drive. (change to your CD-ROM drive and make sure you can list
directories and maybe open a readme file and if all that checks out
you are safe.)
If
You Need CD-ROM Support for Games
If you want to use the
CD-ROM drive in DOS because you want to play games, or for any other
reason than installing windows, it would be best to set this up on
the hard drive. You can rename your old AUTOEXEC.BAT and CONFIG.SYS
files to AUTOEXEC.BAK and CONFIG.BAK and create new ones for when you
want to boot to DOS command prompt only. You can then rename your old
ones back before you boot into Windows again. For this usage, the
configuration files will contain more commands than the example above
for installing windows. In the following examples it is important to
note that you will have to edit the lines to suit your own system. I
have no way of knowing what hardware you have and where you keep your
driver files. As for Sound Card drivers in DOS you pretty much need
to have a driver disk (or a downloaded driver package) with a setup
program that will install the driver files and edit your
configuration files for you, unless you know the hardware settings.
Here is a typical
CONFIG.SYS file:
DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE
NOEMS
DOS=HIGH,UMB
FILES=60
BUFFERS=30
STACKS=9,256
LASTDRIVE=Z
DEVICEHIGH=C:\CD-ROM\VIDE-CDD.SYS
/D:IDECD001
Here is a typical
AUTOEXEC.BAT file:
@ECHO OFF
SET
SOUND=C:\SB16
SET BLASTER=A220 I10 D0 H5 P330 T6
SET
MIDI=SYNTH:1 MAP:E
C:\SB16\DIAGNOSE /S
C:\SB16\MIXERSET /P
/Q
SET TEMP=C:\TEMP
PROMPT $p$g
LOADHIGH
C:\MOUSE\MOUSE.EXE
LOADHIGH C:\CD-ROM\MSCDEX.EXE /D:IDECD001
Note the usage of the
DEVICEHIGH command in CONFIG.SYS and the LOADHIGH command (can be
abbreviated to LH) in the AUTOEXEC.BAT file. Because we loaded
EMM386.EXE (a memory manager) we can load some devices in the high
memory area to free up more conventional memory for programs.
If you do not have real
mode CD-ROM drivers, either use the one from your WIN98 startup disk
(note which one is loading as you boot with it) or download the
bootdisk.zip file I made and use that one.
Make SURE you have
the Product Key for your Windows installation. Depending on how
it was purchased, the Product Key could be on a little sticker on the
back of your Windows CD jewel case (or cardboard sleeve) or in the
case of an OEM (original equipment manufacturer) CD, it could be on
the front of the OEM booklet. If somehow you have lost your Product
Key, it can be obtained from your current installation by looking in
the system registry. To find your Product Key, open Regedit and
navigate to the following registry key:
HKEY_LOCAL_MACHINE \
SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION
Click on the
CurrentVersion
key in the left pane of regedit, and in the right pane, scroll until
you find the value ProductKey.
This is your CD Key (not to be confused with ProductId which is the
number Microsoft assigned to you when you registered Windows. This is
for Retail Versions). If this is an OEM version, the key will have
OEM in it and MAY be called ProductID rather than ProductKey. Write
down both values if you are unsure!
One more thing I should
mention. If your version of Windows is an "upgrade"
version, make sure you have your previous installation disks because
setup will ask for them to verify eligibility for upgrade. Since you
are about to do a clean install, there will not be a previous
operating system installed. This is not a problem as long as you have
your previous installation disks. Setup will prompt you accordingly.
Network Setup |
|
| |
|
|
|
|
Networking
without Wires: Lesson Description
This
lesson offers a brief introduction to wireless home networking: a
short history of the technology, some ways it's being used, and a
discussion of equipment and technologies that make it work
The
World of Wireless
Unless
you haven't been paying attention lately, you've probably seen the
term wireless networking popping up everywhere. You've probably
visited a wireless cafe, or been able to work wirelessly at your
office. It seems that wireless is the new big thing.
Historically
speaking, wireless has been around for quite a while. Starting in the
early 20th century, engineers figured out how to send radiotelegraph
signals (Morse code) without the use of wires, making it possible for
ships at sea to communicate with each other and with fixed locations
on shore. With the discovery of amplitude, radio soon followed, and
then came TV broadcasts.
Wireless
applications are now found just about everywhere, from TV and garage
remotes and two-way radios to digital pagers, GPS (Global Positioning
System) systems, cell phones, and wireless networks. Wireless, the
old term that used to mean radio, is now back in vogue.
This
course introduces you to key aspects of current wireless technology,
and specifically to how it pertains to setting up a wireless network
in your home. This first lesson discusses the benefits of
implementing wireless mobile technologies in your home. Wireless
networking has a lot of promise, and for the first time in a long
time, even technically impaired consumers can set up a home network
without too much difficulty. Are you ready to work without wires?
Read on.
Common
Wireless Standards
Before
getting started, it'd be a good idea to define some general
categories for wireless networking. Although the wireless landscape
may seem bewildering, all you have to keep in mind is the following
information:
·
Wireless networking is about broadcasting (much like a
radio station does)
network data called
packets over an airborne frequency.
·
Similar to TV and radio, network broadcasts have an
effective distance and certain
materials or conditions
(such as thick walls or rugged terrain) can disrupt
broadcasts.
·
Because wireless networking is a broadcast, anyone with a
receiver tuned in to
your network's
frequency can see what you're doing, unless you encrypt your
traffic.
That
wasn't so bad, right? You're now ready to learn about the different
specifications, focusing on the most popular ones.
802.11x
The
802.11x family of specifications is an extension of the Ethernet
specification common in wired networking. The 802.11x family of
specifications is flexible; it can handle TCP/IP (Transmission
Control Protocol/Internet Protocol), AppleTalk, and other file
sharing-based traffic. The most popular subspecification is 802.11b,
which can be used in a heterogeneous computing environment (such as
Macs, Unix workstations, and Windows-based PCs) as long as every
machine is using 802.11b wireless cards and communicating via 802.11b
access points.
802.11b
can support up to 11 Mbps (megabits per second) at distances ranging
from just a few feet to several hundred feet, transmitting over the
standard 2.4 Ghz unlicensed band. Of course, as with other kinds of
broadcasts, transmission distance is based on line of sight and
obstacles, such as walls, appliances, and so on.
Newer
protocols based on 802.11b, namely 802.11a and 802.11g, are also
becoming popular. The 802.11a specification is much faster than
802.11b: It allows data transmission at 54 Mbps over the 5 Ghz
(gigahertz) band. This is a great specification to use when sending
huge files back and forth over the network, or when working with
bandwidth-intensive network applications, such as streaming video.
The
802.11g specification is as fast as 802.11a but shares the same
bandwidth used by 802.11b. It can transmit data at a rate of 54 Mbps
over 2.4 Ghz. This is considered a next generation wireless network
specification, and is designed for large enterprise installations and
Wi-Fi (wireless fidelity) rollouts.
Bluetooth
Bluetooth
is ideally suited for PANs (personal area networks) that operate
within short ranges and need robust bandwidth support. Bluetooth is
also a handy way to get your cell phone talking with a PDA (personal
digital assistant), your digital camera transmitting data to a
printer, and PDAs beaming information to a laptop. Similar to the
802.11b specification, Bluetooth broadcasts on the unlicensed 2.4 Ghz
band. Although Bluetooth's bandwidth is much larger than 802.11b, its
range is much shorter. Bluetooth is the perfect way to connect a
peer-to-peer network, and is well suited to the task.
If
all these different terms, categories, and specifications sound
confusing right now, don't worry. You'll get into more detail about
them as the course continues.
WLANs
and PANs
In
the last half-decade or so, you've probably heard and read a lot of
hype about how wireless networking is going to change the way you
work and live. Only now are some of these promises starting to come
true. There's wireless access at airports, cafes, libraries, office
buildings, even places such as Central Park in New York City. The way
you work and play is even changing. You can now check your e-mail by
turning on your wireless notebook while you wait in a client's
lounge. Or you can break free from your desk and work from the
comfort of a sidewalk cafe.
In
wireless networking there are a couple of acronyms with which you
need to be familiar: PAN (Personal Area Network) and WLAN (Wireless
Local Area Network). You're probably wondering what these terms mean
-- so let's talk about them!
Getting
Up Close: PANs
PANs,
as you recall, are personal area networks. These networks have a very
short broadcasting range. So far the reigning champion in the world
of personal area networking is the Bluetooth specification. Bluetooth
allows mobile devices to recognize each other and communicate within
a 30-foot radius. Bluetooth cards are available for PDAs, notebook
computers, printers, digital cameras, and other devices. What's nice
about Bluetooth isn't just its wide availability: The cards are
relatively inexpensive and don't require a huge power source to run.
How
would you use a PAN in your home? Imagine that you're taking photos
at your son's eighth birthday party with your Bluetooth-enabled
digital camera. Instead of walking back to your computer every hour
or so to download the images, you can send the images over the PAN to
your desktop computer, which is also Bluetooth-enabled.
Or,
imagine that you want to print some notes you took on your Palm
device. Instead of synching the data with your desktop PC and then
sending it to the printer, your Bluetoothenabled Palm device can
print directly to your Bluetooth-enabled printer.
You
may also have a wireless PDA and cell phone combo, both of which have
Bluetooth cards. You can use the Bluetooth connection to allow the
PDA to send e-mail via the cell phone's connection to the Internet --
without having to tap out messages using the phone's keypad, or even
take the cell phone out of your bag.
Think
Local: WLANs
The
802.11x family of WLAN specifications take wireless beyond the realm
of PANs. With a well-designed WLAN, people working in offices or at
home have added flexibility over where they access the network.
For
example, instead of sequestering yourself in a back home office, you
can choose to work in the living room, closer to the rest of your
family. Or you may choose to check your e-mail or crunch the family
budget from the comfort of your patio on a beautiful day.
The
rest of this course focuses mainly on setting up a WLAN in your home,
so you'll learn more detail as it becomes appropriate.
The
Big Picture: An Overview of a Typical Wireless Home Network
Generally
speaking, up until a few years ago, most homes had just one computer
in them, with one set of peripherals, such as a scanner and printer
used by that computer. Because there was only one computer, there
really wasn't much need for sharing those peripherals or
communicating with other machines on a network.
It
soon became common to see more than one computer in a household.
Rather than buying extra scanners, printers, and other devices,
homeowners could hook computers together with hubs and Ethernet
cables, and share those devices. If your kids had to print a report
for school, they could do so by sharing the printer in the den.
Also,
more and more professionals started to bring work home on their
laptops, and needed easy access to the Internet. Added to all this
activity was the burgeoning work-from-home workforce of
telecommuters, consultants, and freelancers. All of these users
needed a flexible, inexpensive solution that allowed for the creation
of networks.
Instead
of having to worry about running cable from one room to the next,
wireless technologies allow for an elegant solution. All you need to
do is:
1.
Buy a wireless access point and attach it to your outgoing cable or
DSL modem/ router.
2.
Buy wireless cards for each computer on the network.
3. Buy wireless cards
for each peripheral you want to share, or simply share the peripheral
on the network.
That's
it -- that's all you need to set up networking. Wireless provides a
cheap way to get set up, and also offers inexpensive ways of growing
your network if you need to. In upcoming lessons, the necessary
components are covered, and you'll learn about network security.
Moving
On
Now
that you have an overview of the wireless networking world, complete
the assignment as well as the quiz for this lesson.
In
Lesson 2, you find out about the major categories of wireless gear.
But before moving on, be sure to visit the Message Board to see what
other students are up to.
Access
Points, Routers, Hubs, and Cards: Lesson Description
This
lesson discusses all the gear you need to make your wireless network
functional.
Access
Points, Routers, and Hubs
In
the first lesson, you learned about the world of wireless standards
-- what frequencies are used, distances involved, and other general
topics. In this lesson, you learn about the different components of a
wireless networks; in other words, the gear that actually uses the
standards and frequencies you learned about in Lesson 1.
For
the purpose of setting up a home network, all you need to worry about
are two major categories of components:
1.
Gear that creates the wireless network and connects you to the
Internet
2.
Gear that allows individual machines and devices to connect to the
established wireless network
The
following sections discuss access points, routers, and hubs. These
wireless components enable you to establish a wireless network.
Access
Points
An
access point (or gateway) does exactly what its name implies: It
provides a point through which your machine can access a wireless
network. Generally speaking, an access point both transmits and
receives data on a wireless network, so technically it's a
transceiver.
An
access point can connect wireless users, and forms the
interconnection or bridge between wired and wireless networks.
For
very small WLANs, such as those used in small offices or homes, one
access point is usually all that's needed. As your network grows in
physical size (such as distance in feet or meters) and number of
users, you'll need to think about multiple access points. If you run
into this situation, you need to make sure that your coverage
overlaps so that you don't lose users in dead spots.
Wireless
access points run from $100 to $450, and usually have a maximum range
of 300 feet indoors, and 1,500 feet outdoors.
Routers
If
you want to connect to the Internet, you need a router to do so
because wireless networking is known as local area networking --
local as in connecting devices local to you. The router sends
Internet traffic to the Internet site while keeping local traffic
between your own computers on your home network. If you have cable
modem, DSL (Digital Subscriber Line), satellite, or other broadband
service in your home, you likely have a router or modem set up
already.
In
most cases, you can connect your router to an access point, walk
through a simple configuration process, and presto, have connectivity
to the Internet via wireless and wired networks.
Hubs
A
hub is similar to a router, except that it doesn't have as much
brainpower. Your typical hub for home use has four or eight Ethernet
ports that allow you to connect multiple machines. Hubs can connect
your home network but they do not route to the Internet. You might
need a hub if you hook your router to more than one wireless access
point; however, in many cases the better wireless access points have
a hub built into them.
Wireless
Cards
Having
a wireless access point isn't enough. You need to be able to connect
to the wireless network. Every machine needs to have a wireless card.
Wireless cards are devices that fit into a PCI (Peripheral Component
Interconnect) slot for desktop PCs, or PCMCIA (usually called PC
Card) slots for notebook or laptop computers and transmit and receive
wireless broadcasts. Most wireless cards transmit on a particular
frequency determined by the standard it supports, such as 802.11b,
and cost anywhere from $50 to $150.
Wireless
cards for desktop machines are designed to fit into one of the empty
PCI slots found inside the computer. To install one, turn off your
computer, remove the cover of the machine, slide the card into an
empty slot, and then follow the instructions for configuring the
hardware. Although manufacturers are starting to include wired
Ethernet cards standard, wireless networking cards aren't as common.
Wireless
PC Cards for notebooks and laptops fit into a PCMCIA slot, usually
found on the left or right side of the machine. Unlike desktop PCs,
many new laptops and notebooks are shipping with wireless cards
already built in
When
you purchase wireless cards for your computers, make sure that the
cards support the same standard and broadcast frequency as the
wireless access point. The 802.11g standard supports the older
802.11b cards but 802.11b cards will be slower than an 802.11g card.
Standard and frequency should always match. There's no need to buy
the same brand wireless card and access point.
Plan
Your Home Network
At
this point, you might be thinking to yourself, "Hey, this
wireless networking thing doesn't sound too bad! Just buy an access
point and some wireless cards, and start networking without wires."
In
a way, you're right. But even the simplest wireless network
implementation can hit snags if you don't do some planning
beforehand. For example, you might place the wireless access point in
your corner office, too far away to get a great signal out on the
patio and thereby dashing any plans you might have to work outdoors
on beautiful spring days.
Although
there are many techniques available for planning a wireless network,
a good simple technique involves asking some common sense questions,
such as the following:
1.
Who and what: Who'll be using the network and what they'll be doing
on it? This isn't just a list of people, but a general idea of the
kinds of applications they'll be using on the network. If you're
working from home on a big project that requires Internet access, you
might get bogged down if Johnny's playing a graphics-intensive
networked game with three of his best friends.
2.
Where: Where do you want to access the network? For most homes, one
access point is enough to provide coverage in any room -- and even
limited outdoor areas. However, very thick walls, maze-like hallways
and staircases, and any metal obstructions, such as metal shelving
and steel pillars, can obstruct broadcasts. If you have a separate
building on your property in which you want to access the network,
you may find yourself outside broadcast range while in that building,
or at the very least with a weak signal.
3.
When: As in when users will be on the network. Even a small group of
users performing bandwidth-intensive tasks all at the same time can
bog a wireless network down.
4.
How: How packets are transmitted -- in the clear or encrypted?
Encryption and other security measures add overhead to network
connections, which can slow you down. Security is covered in Lesson
3.
This
is just a beginning, of course, but with these issues in mind, you
can start planning for an ideal home wireless network, one that meets
your needs and grows as you need it to.
Common
Networking Terms
Before
we go any further, we should probably spend some time talking about
some of the networking terms you're likely to hear, especially now
that you're almost ready to go out and buy gear.
The
most common terms you'll hear revolve around the nature of networking
include:
Bandwidth:
Refers to the speed of the
network. It's a term that refers to the size of the network pipe
through which your data travels. Generally speaking, the more
bandwidth you have, the better your speed is. Things that can affect
bandwidth include number of users on the network, types of traffic on
the network (big multimedia files will slow down a network), and
availability of routers and access points.
Availability:
Refers to the availability of the network. If the network is
always down, it isn't very available. You should always strive to run
a high-availability network. In wireless networking, distance from an
access point can affect your network's availability, because the
broadcast signal deteriorates with distance.
Packet:
Data sent over a network is sent
in packets. Each packet has a header and a payload. The header helps
identify the packet as part of a message, and the payload carries
actual information (such as a piece of an e-mail, a part of an image,
and so on).
Mbps
(megabits per second): Refers
to how the speed on a network is measured and is used to describe the
bandwidth. A 10 Mbps network connection allows you to send data at
the theoretical rate of 10 megabits per second. I say theoretical
because a network connection is just like a highway or road. One
might say that a certain road can carry up to 500 vehicles per
minute, but placing that many cars on the road would make for a very
congested road. The more congested the road, the less useful it is,
and the slower the traffic goes. Same with a network. If you share a
10 Mbps wireless connection that's fully utilized, what you'll end up
with is a very slow connection -- it's literally bogged down with
data packets.
Protocols:
Data packet transmission is
governed by protocols, which are nothing more than rules that dictate
how data travels on a network, how it's structured, who can accept
what data, and how data receipt is acknowledged.
TCP/IP
(Transmission Control Protocol/Internet Protocol): The
most common protocol for transmitting and receiving data. TCP/IP
works by breaking data into hundreds or thousands of individual
packets and sending them across the network. Although breaking up
your information into lots of different packets, sending them across
the network and putting them back together at the destination might
seem like a big waste of time and energy, its actually incredibly
fast and efficient.
LAN
(local area network): One
of the two types of networks. LANs are small networks that cover a
small area; in other words, your wireless home network.
WAN
(wide area network): A
network that connects two or more LANs with the public Internet or
some remote network. We don't cover WANs at all in this course, but
in the last lesson, we cover connecting to your company's LAN from
your home network using a VPN.
VPN
(virtual private network): An
encrypted tunnel through which you can send e-mail, files, and other
data. VPNs are very useful because they allow different organizations
separated by great distances to be part of one big WAN using the
public Internet. Because all traffic in a VPN is encrypted, only
those users who have the decryption key can read the traffic. That
way, VPN users can take advantage of connectivity using the Internet
and feel secure that only those users who should see network data are
seeing it.
Moving
On
This
lesson covered some of the basic gear and terminology you'll need to
set up your wireless home network. Now, refer back to the answers you
gave for the questions in Assignment 1 and get ready to do some hard
thinking and shopping with Assignment 2. Don't forget to take the
quiz that goes with this lesson.
Lesson
3 covers a very important topic -- security.
Sharing
and Security: Lesson Description
This
lesson walks you through the steps of sharing folders and devices,
and setting up security on your new wireless network.
Introduction
to Sharing and Security
Setting
up a wireless network is designed to be easy. If you followed the
first two lessons and assignments, you were probably able to set up
your own home wireless network in no time. Quite possibly, the
hardest thing to do was to pick out the right gear.
Although
setting up a wireless home network might have been a snap, your new
network might not be secure. Unlike normal wired networks, wireless
networks broadcast data packets -- your information -- out into thin
air where anyone can pick up the broadcasts and see what you're
doing.
The
last thing you want is for someone to be able to peek into your
private life and find out information about you, such as what you're
doing online, what you're buying, what files you have, where you do
online banking, what credit card numbers you use, what your passwords
are, and so on.
Unfortunately,
the very nature of networking is in sharing what you have: data,
printers, file systems, and all the rest. Otherwise, you'd be back to
where you were before --handing other people disks or CDs full of
files or buying separate printers for everyone in the house. As much
as a convenience as a wireless network is, you have to think about
restricting access to it.
This
lesson talks a bit about how to share information and services
throughout your network, and then discusses how to secure the
network. That way only the people you approve of can access your
network.
Configure
Your Network
Now
that you've planned your network, bought all the gear, brought it
home and installed it, it's time to get your machines on the network.
This lesson assumes that you're working on a Windows XP machine.
The
following steps work on Windows XP, with the Control Panel set to XP
View (not Classic):
1.
Select the Start button, and then click Control Panel.
2.
Click Network and Internet Connections.
3.
Click Set up or change your small office or home network.
4.
Follow the wizard's instructions. Be sure to use the same network
and/or workgroup name on each machine.
That's
all you have to do. To test your network, simply click the Start
button on any machine, and then click My Network Places. You should
see a list of other machines on your network, such as
//dad-computer/shareddocs/. If you double-click any of those
listings, your computer should take you to that shared folder.
Set
Up Shared Folders
The
easiest way to share information on a wireless network is to set up
shared folders on your machine. If you're running Windows XP, notice
that you have a Shared Documents folder in the My Computer window.
This folder is set up as a shared resource -- whatever files you
place in it can be seen by other machines on your network.
When
you look at this folder, you can tell it's shared because it has an
icon of a hand underneath the folder (a hand stretched out sharing
something).
Right-click
the Shared Documents folder, choose Sharing and Security from the
context menu, and click the Sharing tab to see the different options
for the folder.
For
example, you can set the folder's name on other computer's displays
-- in other words, the name that other users see when they view your
Shared Documents folder from across the network.
In
most cases, it's okay to leave the name of the folder to its default.
In other cases, you might want to give descriptive folders names,
such as FamilyTripPhotos. Remember that on a wireless network, names
of shared folders are broadcast into thin air; unless you secure your
network, unintended people such as your neighbors can see your
folders.
You
can also allow other network users to make changes to files in this
folder. This enables other users to add, delete, and change files in
this folder. The Allow network users to change my files option is
checked because the owner of that particular machine knows other
network users will need to update the files in the folder.
Whenever
you share a folder, it's usually a good idea to share only folders,
not your entire hard drive or big sections of your hard drive. You
don't want network users, generally speaking, to be able to access
your entire machine -- just small parts of it.
Further
Your Knowledge
Share
New Devices on the Wireless Network
You
can share devices of all kinds on a network, and it's just as easy as
sharing folders. All you have to do, generally speaking, is
right-click the device icon, and then choose Sharing and Security
from the context menu to share that device.
What
kinds of devices can you share? You can share all of the following,
plus more:
1.
Printers
2.
Scanners
3.
Digital photo card readers
4.
External hard drives
5.
Zip drives
Use
Encryption and Passwords on Your Network
When
talking about security for a wireless network, you have to think
about two main threats:
1.
Internet-based threats
2.
Wireless-based threats
Internet-Based
Threats
The
first type of threat involves someone on the Internet getting access
to your home network by slipping through your ISP's (Internet Service
Provider's) routers or firewalls and copying, damaging, taking over,
or changing your files or systems. Although this may seem like a
remote possibility, you could be a candidate for malicious behavior
if you are:
1.
A highly-placed executive in government or business who brings work
home
2.
A public persona or celebrity in your town or area
3.
A person of means or wealth (even if it's just perceived)
There's
also a good chance that you may be randomly targeted by someone who
doesn't even know you.
In
any case, your first line of defense from an Internet-based attack is
your ISP. They should have routers and firewalls that block your
machine's IP (Internet Protocol) address (your unique address on the
Internet) to keep attackers from targeting you directly. Your ISP
should also be monitoring all Internet traffic to make sure nothing
malicious is happening.
If
an Internet-based attacker does get through, you can prevent further
damage or harm by installing a personal firewall on each machine in
the network. Although this may seem redundant (after all, your ISP is
probably running a firewall, too), personal firewalls can keep some
bad things from happening.
Wireless-Based
Threats
A
more likely threat is someone accessing your wireless network
directly. Unfortunately, this can be as easy as someone driving
around neighborhoods with a wireless laptop trying to pick up
available broadcasts. (This activity, by the way, is called war
driving, which is similar to the much earlier practice of war dialing
-- using a computer to call all numbers on an exchange to see which
ones were faxes, modems, and other exploitable devices.)
After
gaining access to your network, a war driver can do any number of
activities, including:
1.
Add, edit, or delete files
2.
Snoop on your traffic (to pick up your credit card numbers and other
sensitive information)
3.
Surf the Internet on your dime
4.
Perform malicious attacks on Web sites and make it look as though you
did it
Now
that you've thought a little about all of that, it's time to break
down what you must do, what you should do, and some additional little
tricks to secure your network.
Security:
What You Must Do
Make
sure that you change the administrative password on your wireless
access point. It's well known, for example, that Linksys access
points ship from the factory with admin as the password. The IP
address of these access points on an individual network is also well
known. Anyone sitting in front of your house could easily take over
your network because of this.
After
you've done that, disable remote management of your access point.
This keeps folks on the Internet from slipping in and trying to mess
with your access point.
Next,
turn off SSID (Service Set Identification) broadcasting from your
access point. Although SSID makes it easy for anyone to set up a
laptop for some fun wireless gaming, it also allows anyone out there
to pick up your broadcast and join your network.
Last
on the list of things you must do is turn on WEP (Wired Equivalent
Privacy). It's not perfect (it has many documented problems and
holes), but it's better than nothing. It involves setting a 64-bit or
128-bit encryption key on your access point or router. Any machine
that wants to be part of that network must enter the key to join.
You
can find out more about WEP online by visiting the 80211 Planet
article: 802.11 WEP: Concepts and Vulnerability.
Generally
speaking, the longer your encryption key, the more time it takes to
encrypt and decrypt traffic on your wireless network. Security
experts use the term overhead to describe encryption's effect on
general network speed. Although 128-bit encryption effectively
doubles overhead as compared to 64-bit encryption, network speed is
still fast with either.
You
usually have two choices for creating encryption keys:
1.
Typing in a series of hexadecimal or ASCII numbers/letters (such as
AfAfB6c3D1)
2.
Typing in a passphrase (such as retired us military) that then
generates a set of keys
After
you have a set of keys, you need to add it to every machine on the
network. You can do this by right-clicking your wireless connection
(usually visible in the system tray in the lower-left corner of the
screen) and adding it to the network key field.
If
you've followed the previous advice, your home network is more secure
than 80 percent of home wireless networks (percentage based on study
conducted by a hacker group). Still, there's no rest for the wicked.
This section covers some other actions you should take to make your
wireless home network even more secure.
1.
Set up MAC-based security: The MAC (Media Access Control, not the
Apple type of computer) layer is about Ethernet cards, physical
machine addresses, and devices. Some routers and access points allow
you to set a range of allowable MAC addresses on your network.
Although this can become a big management exercise on a big network,
it effectively allows only those machines you want.
2.
Disable or limit DHCP: DHCP (Dynamic Host Configuration Protocol)
allows machines to get their own IP addresses after they join your
wireless network. This can be handy for adding new machines to the
network, but can also make it easier for your friendly neighborhood
war driver to exploit your network.
3.
Don't use the default IP address range provided by the equipment:
Most routers or access points ship with a built-in 10.1.1.x or
192.168.1.x network. The first machine on the network is given a .1
address (such as 192.168.1.1), the second machine, a .2 address, and
so on. See how easy that is to guess? But a default starting network
of 10.232.5.x is a different story.
Moving
On
This
lesson covered some important points to help you make your wireless
home network more safe and secure. It also explained how hackers can
gain access to your network.
Lesson
4 discusses more advanced networking topics. But before moving on,
don't forget to do the assignment and take the quiz that goes with
this lesson. And be sure to visit the Message Board to see what other
students are up to.
Advanced
Networking Topics: Lesson Description
This
lesson builds on Lessons 2 and 3, and introduces you to linking
wireless access points, setting up print and file servers, and other
advanced topics.
Expand
Your Network
If
you've gotten this far, you've accomplished a great deal, such as:
1.
Planned your wireless home network
2.
Purchased, installed, and configured all the
gear
3.
Secured your network and shared folders and
devices
This
lesson covers some advanced topics related to growing your network.
Although your network might be small now, at some point, you might
need to add machines or expand the broadcast coverage.
Sooner
or later, you'll need to expand your network. You'll either have
added so many users and machines onto your network that it starts to
bog down; or you'll experience big changes in the kinds of files you
send over the network; or you'll need to expand broadcast coverage to
additional parts of your home.
Fortunately
for you, expanding a wireless network is a simple matter. In most
cases, all you have to do is buy more wireless access points to
increase your bandwidth and coverage. In some cases, however, you
might be able to take other steps, such as establishing routers and
servers.
Add
More Access Points to the Network
The
simplest way to expand your wireless network is to set up additional
access points. This is particularly effective if:
1.
You have users you can keep on separate access points -- for example,
you might
put
your kids on one access point, and keep the adults on a separate one.
2.
You have different parts of the property that need coverage -- for
example, the
third
floor of your home is an office that needs coverage, you also need
coverage
in
the kid's bedrooms on the first floor, and you like to work in a
converted shed
out
back.
When
you buy additional access points, make sure that they all use the
same wireless protocol, such as 802.11b, and be sure to set up
security on each one. For those machines that might roam between
different wireless coverage areas, such as a laptop, you need to
configure the laptop with each wireless access point's encryption
keys.
You
need to set the same SSIDs (Service Set Identifications) on each
additional access point if your laptop or other device will roam and
use multiple access points. The SSID identifies the WLAN (Wireless
Local Area Network); for example, linksys is the default SSID for
most Linksys products. Although you may have overlapping network
coverage when you have more than one access point, in reality, a
machine will only communicate with the access point with the
strongest signal.
To
avoid cross talk on overlapping wireless access points, set different
broadcast channels. It's also a good idea to choose channels that are
noncontiguous. If your first access point is broadcasting on channel
1, set your second wireless access point to broadcast on channel 6 or
10.
Any
laptops or other devices that roam from area to area will lock on to
the strongest broadcast they discover.
Other
points to consider when adding more access points include the
following:
1.
Most access points have an effective indoor
range of 150 feet -- less if there are obstructions, metal shielding,
or thick walls present. You want only a little bit of overlap
(several dozen feet at most) because otherwise you're just wasting
effort.
2.
Although wireless access points placed near the
center of your home (or in your basement or attic) might be invisible
from the street, access points placed near the periphery of your home
can likely be picked up. Always put security measures in place.
3.
When the day is done, your speed on a wireless
network is determined by two main factors: distance from the access
point and number and quality of obstructions between a system and an
access point. Even slight changes in the way you point your laptop or
even raise the height of a wireless access point can mean dramatic
changes. Some users have reported great returns by keeping antennas
straight or even replacing shorter antenna with longer ones.
4.
As has been mentioned before, wireless
networking involves broadcasting packets into thin air. With the
802.11b and 802.11g specifications, you have only 11 channels on
which to broadcast and these overlap. To ensure that you have unique
channels with no overlap, you should choose from channels 1, 6, and
11. 803.11a has 12 channels to choose from.
5.
Make sure that other appliances or devices don't
broadcast on this frequency. These appliances and devices include
microwave ovens, many cordless phones, some power lines, Bluetooth
devices, and neighbors with their own 802.11b networks.
Add
a Router to the Network
You
can possibly alleviate growth problems by setting up a router and
keeping traffic on its own subnetwork. For example, if you play
wireless LAN games, the data traffic might bog down the entire
network. If you can keep all of this traffic (which is mostly
localized) on one subnetwork, users on other subnetworks may not be
affected.
Most
routers support the creation of different subnetworks. Because each
model has different settings and commands, read your particular
router's documentation to set up different networks.
Add
a Simple File Server to the Network
You
might find yourself in a strange situation: You have a wireless
network, each machine sharing lots of documents. It gets harder and
harder to keep track of where different files are at. Different users
notice that when they share directories, their machines bog down a
little when many other users start using files. This might happen if
you're sharing a lot of music files.
The
answer to this problem is setting up a simple file server on your
network. A file server is a dedicated machine that holds files and
other data needed by a group of network users. Although it may seem
like a pain in the neck to buy, install, and set up a separate
system, in some cases (such as doing periodic backups) it gets easier
to work with just one system.
Options
for Setting Up a File Server
Several
options exist for setting up a file server on your home wireless
network, including the following:
1.
Keep your old laptop or desktop that has been
replaced by a newer model. Take out all the applications and
programs, and leave just the operating system. If it's a Windows
machine, add it to the network, share the My Documents folder, and
allow all users to make changes to this folder.
2.
If you have more time and expertise, you can
install the Linux operating system on a machine and then set up an
FTP (File Transfer Protocol) area. FTP directories on a Linux machine
usually require usernames and passwords every time you want to upload
or download files, so they're more secure.
3.
Another easy way to set up a file server is to
buy an USB (universal serial bus) 2.0 external hard drive and share
it from one of the systems already on the network. Although not quite
as fast as having a separate file server, it does provide a place to
store and retrieve valuable or much-needed information. Many models
come in 20, 40, 60, 80, and even 100 GB storage capacities and can be
connected to create larger storage areas.
Add
a Print Server
When
you first started out with your home wireless network, sharing a
printer on a network is probably all you need to get work done. At
some point, however, you may need to provide more access to your
printer.
What
you need is a print server. Generally speaking, there are many ways
to share a networked printer, including the following:
1.
Buy a printer with a built-in print server:
These printers are usually expensive, but they can handle many print
jobs. They offer security, reliability, and can queue an impressive
number of jobs.
2.
Buy a wireless print server: You can connect
your printer (or printers) to one of these gadgets (they usually run
around $250) with a standard parallel, USB, or Ethernet cable, and
use the wireless print server to broadcast the printer's availability
to other machines on the network.
The
second option, using a wireless print server, is much faster and
cheaper. Most wireless print servers for the home can usually handle
up to three printers, which make them the right size for the job. The
combination of wired access to the printer over a wireless network
gives you the best of both worlds -- wireless access and the speed of
a wired connection.
Decide
When to Expand
Knowing
when to expand your network is just as important as knowing how. A
standard 11 Mbps wireless connection can usually handle the following
kinds of network load:
1.
40-50 users that normally stay idle and don't do much beyond
occasional e-mail
2.
20-25 who are moderately active, especially in uploading and
downloading moderately sized files
3.
Up to 10 power users who are constantly active on the network, using
several applications, and/or transmitting large files across the
network, such as large pictures, audio, video, or documents
Although
you may never bump up against any of these networking constraints in
a typical home environment, you may need to add more access points if
you run a home-based business or host large LAN parties.
Cool
Tricks for Expanding Your Network
Okay,
so you've set up a home office with a shared printer, maybe an
external hard drive and a wireless printer -- maybe even your own
print server. You might even host monthly LAN parties and have all
your friends come over for a friendly night of shoot 'em ups.
But
what if you really want to take this wireless networking thing to the
extreme, such as hooking up all of your computing gear to your home
entertainment gear?
With
just a few hundred dollars worth of equipment, you can easily set up
a TiVO-style system that records your favorite TV shows (either
analog, broadcast, digital cable, or satellite) onto a hard drive.
You need to upgrade to an 802.11g wireless network (802.11b is too
slow for full-spectrum video) and plenty of storage space (30 minutes
of video is about 150 MB). After you have the captured video, you can
share it, edit it, delete it, view it, and more. You can even view TV
signals on a laptop equipped with a TV tuner card. With the right
equipment, you can also control your TV from a wireless laptop.
Do
you have a bunch of MP3 files stored on a computer or laptop and want
to play them on your home stereo? Well, most sound cards come with a
0.125-inch jack for headphones. Simply run down to your favorite
electronic superstore and buy a cable with a 0.125-inch plug on one
end and two RCA connectors on the other end that plug into the
line-in jacks on your audio amplifier.
If
you want the same thing without wires, kits are available starting
for around $100 that will let you beam music files to your home
stereo equipment from a PC or laptop. Bingo, music to your ears.
Moving
On
This
lesson discussed the different ways you can expand your network. It
also covered when you might need to expand, and the best ways to do
so. The assignment for this lesson helps you make a plan for future
expansion. And don't forget to take the quiz that goes with this
lesson.
The
next lesson goes over some troubleshooting topics.
Troubleshooting:
Lesson Description
This
lesson walks you through some common problems and quick solutions.
Troubleshooting
Overview
It
would be nice to say that with wireless, everything works perfect
every time. Nothing ever breaks down, you won't ever have any
difficulties, and you'll never feel like tossing your wireless access
point through a window.
Alas,
this is the real world, and real problems occur. The key to
troubleshooting problems with wireless networking gear is to realize
that you're dealing with a networking technology. This means that
problems can occur at any point along the networking pathway -- from
your laptop's wireless card to the access point to your ISP (Internet
Service Provider) to a hacker shutting down the Internet with a worm
(hey, they've come close).
The
only way to troubleshoot an environment such as this is to be
methodical -- to work your way outwards, away from you, until you
find the problem. In general, this means:
1.
Always check your machine's wireless card first. It could be
disabled,
malfunctioning,
or disconnected.
2.
Check the wireless access point. It could be disabled, not powered
on, or disconnected.
3.
Check your cable or DSL modem (however your home connects to the
Internet). Make sure it's powered on and any status lights indicate a
good connection.
4.
See if your ISP is up. Although the status of your ISP won't
generally affect your wireless home network, it'll affect your
ability to get on the Internet.
Other
general advice that can make you a master troubleshooter include:
5.
Stay calm. The only thing that getting frustrated gets you is more
frustrated.
6.
Think triage. If a bunch of injured folks show up at the hospital,
the doctors and nurses don't have a first-come, first-served
attitude. They start categorizing people by the severity of their
injuries. Those who have severe injuries or trauma get seen first;
those with minor injuries have to wait. Do the same thing when you're
troubleshooting wireless: Don't spend hours trying to figure out if
your wireless card is broken when your ISP is down. Instead, run
through a series of tests to figure out what potential problems may
exist. Then treat the worst cases first.
7.
It may appear that the triage strategy contradicts the work outward
methodology. After all, if you always start with your own system and
work away from yourself, it may be a while before you encounter the
real problem. But this strategy really doesn't contradict the work
outward idea at all. For example, if you work outward very quickly,
you might encounter various potential problems with your wireless
card, wireless access point, and ISP. After you have a list of
potential problems, you may discover that fixing one thing (rebooting
your access point, for instance) causes your wireless card to stop
misbehaving. In time, you'll figure out how to combine both methods
to quickly and easily knock out problems.
Connectivity
Problems
The
most basic problem you'll encounter with wireless is connectivity.
After all, if there's something wrong with your card, you can't be on
the network. However, don't assume that basic means simple to solve.
There have been times when just trying to get connectivity can take
an afternoon, given the right set of problems.
The
following is a list of steps to take to check whether your
connectivity is down:
1.
Verify that your card is picking up a wireless broadcast. Right-click
the Wireless Networking icon in the Windows system tray, and then
click View Available Networks.
2.
If you don't see a list of available networks, you know right away
that you're not picking up a broadcast. You might be too far away
from an access point, or there might be trouble with the access
point.
3.
If you see a list of networks, you may be trying to connect to a
network that has an encryption key. If this is the case, make sure
that you enter the encryption key to connect.
4.
You might also see a list of networks and a message warning you that
available networks are not secure. Some wireless adapters won't
connect to an unsecured network until you expressly approve the
connection.
5.
While you're looking at this list, make sure that your wireless
adapter is set to listen on the right channel, and SSID is set as the
wireless access point.
6.
If you're part of a network and still have problems, see if your
machine has a valid IP (Internet Protocol) address on the network. Go
to a DOS command prompt (click Start > Run , and type command) and
run the ipconfig command. You should see a display that looks similar
to the following.
Microsoft(R)
Windows DOS
(C)Copyright
Microsoft Corp 1990-2001.
C:\DOCUME~1\OWNER>ipconfig
Windows
IP Configuration
Ethernet
adapter Wireless Network Connection:
Connection-specific
DNS Suffix . : your.gateway.net
IP
Address. . . . . . . . . . . . : 192.168.5.4
Subnet
Mask . . . . . . . . . . . : 255.255.255.0
Default
Gateway . . . . . . . . . : 192.168.5.1
Ethernet
adapter NetworkBridge:
Connection-specific
DNS Suffix . :
Autoconfiguration
IP Address. . . : 192.168.70.1
Subnet
Mask . . . . . . . . . . . : 255.255.0.0
Default
Gateway . . . . . . . . . :
If
you don't see an IP address, you're not on the network. You can
resolve this in most cases by running the following commands:
ipconfig
/release
ipconfig
/renew
These
commands should re-establish your connection on the network. If the
system displays a message that indicates DHCP (Dynamic Host
Configuration Protocol) wasn't able to reassign an IP address for
you, your connectivity problems may be farther up the line, namely
your wireless access point.
You
can easily test your wireless access point by using the ping command
to ping the wireless access point's IP address (for example, ping
192.168.7.1). Many access points display a Web page if you simply
point your Web browser at the wireless access point's IP address (for
example, http://198.168.7.1).
1.
If the access point doesn't respond, check that it
still has power, and that it's on. If it's on, check to see if the
Ethernet cable running between it and your DSL (Digital Subscriber
Line) router or cable modem is connected.
2.
Ensure that the wireless access point has a green
link light on its display. If it doesn't, in most cases, you can
simply restart the access point to reset it.
3.
If you don't have a green link light, and
restarting doesn't do anything, you more than likely have a problem
with your cable modem or DSL router. Check the diagnostic lights on
it and refer to the documentation that came with the gear.
4.
At this point, you might be able to restart the
router or cable modem. In some cases, your ISP may be down and you'll
have to wait. This might be affecting your home wireless networking
because your ISP is providing DHCP services (in other words, your ISP
is dynamically providing IP addresses to each machine on the
network).
5.
If everything you've done at this point fails to
solve your problem, you might have hardware or bandwidth problems
instead of connectivity problems.
Bandwidth
Problems
The
second biggest problem facing wireless networks is bandwidth -- or
lack of it. If you're on the network and data is moving around too
slowly, you have a bandwidth problem. The following are some quick
tips for solving the problem:
1.
You may be too far away from a wireless access
point. If you're running Windows XP, check your wireless signal
strength by hovering your mouse pointer over the Wireless Networking
icon in the System tray. If the signal strength is weak or very weak,
try repositioning your machine so it's closer to an access point.
Sometimes even turning a machine a certain direction can improve
signal strength.
2.
Remove as many obstructions as you can between
your machine and the access point. Steel beams, metal plates, metal
filing cabinets, and large appliances can all obstruct or reduce
wireless signals.
3.
If you find your network bandwidth being
affected every time someone uses a cordless phone or runs a microwave
oven, change the channel on which you're broadcasting. Check the
documentation on your access point.
4.
There may be a neighboring wireless network that
is broadcasting on your channel. These broadcasts may be messing with
your ability to upload and download files. Change your channel
setting to see if things improve.
5.
Make sure that the antennae on your wireless
access point are vertical -- rabbit ears won't help out here. Also,
try to raise the height of the wireless access point as much as
possible. Instead of placing it under a desk or the bottom of a rack,
place it near the top.
6.
You can also buy gain antennas for your wireless
access points and wireless adapters. These can boost signal strength
significantly.
7.
If you still have problems with weak signals,
you might need to upgrade to a different protocol. Remember that
802.11b is generally compatible with but slower than 802.11g. The
802.11a protocol provides more bandwidth but the signal deteriorates
more quickly at longer distances than 802.11b or 802.11g. The 802.11g
protocol provides the most bandwidth at the greatest distance.
Hardware
or Operating System Problems
Hardware
and OS (operating system) problems can range from the obvious to the
extremely puzzling. First, the obvious stuff:
1.
Is your wireless adapter on? Most have a running
light or other indication that they're getting power. If the adapter
isn't getting power, it may not be pushed in the slot all the way.
2.
Is your wireless adapter loose in the slot?
There shouldn't be much give on either laptop or desktop cards. If
your adapter is loose, it may be damaged -- for example, it may have
been pushed in too hard or got knocked loose during travel.
3.
If you are using a USB wireless adapter, make
sure that the USB cord is seated properly.
4.
If you're using a USB wireless adapter and there
are still problems, open the Control Panel and make sure that the USB
Master Hub on your computer is functioning properly.
5.
If you're connecting to a USB wireless adapter
through an external USB hub, make sure that the USB hub is working
properly. You can do this by attaching other peripherals (such as a
mouse, scanner, digital card reader, and so on) to it and testing
them.
6.
If your network still doesn't function properly,
connect your wireless adapter into another slot or USB port, as
appropriate.
7.
Barring that, you may have installed the adapter
recently and forgot to reboot. Reboot now. In fact, reboot anyway.
This is a good remedy for many of the more inexplicable hardware
problems.
8.
Is the wireless access point turned on? Again,
excuse the inane ones, but you have to get through them.
9.
If your wireless access point and your ISP's
router or modem both provide DHCP and NAT (Network Address
Translation), the two pieces of hardware may be conflicting with each
other. Call you ISP for advice on which one should be disabled.
10.
Your laptop or computer may not be in the same
workgroup as other networked machines or access points. Check this
information by going to the Control Panel, selecting Performance and
Maintenance > See basic information about your computer, and
selecting the Computer Name tab. On the Computer Name tab, you can
see what workgroup you belong to. If this value is different from
your access point's, or if it's not set, set it correctly.
Moving
On
As
you can tell, troubleshooting a problem with a wireless network can
be something of an art as well as a science. The key is to be
methodical and eliminate as many possibilities as you can.
Above
all, don't take the steps in this lesson as gospel. Refer to the
documentation for your equipment, and use your ISP's tech support
hotline if you get into real difficulties. If nothing else, following
the process mentioned in this lesson can help them analyze the
problem and get you back on your feet quicker. In the Lesson 6, you
learn some advanced topics for work-at-home folks.
Wireless
for the Home Office Worker: Lesson Description
Whether
you're a telecommuter or a work-at-home consultant, wireless
networking can make your home office setup easier.
The
Wireless Work Attitude: Be Free
You've
finally done it. You were able to convince your boss to let you work
from home one or two days a week. Or you were able to keep your job
in the same city although the rest of your department moved three
states away. Or you decided to bag the entire corporate scene and
become a work-from-home consultant.
You
feel free. You have energy that you didn't have last week, last month
-- heck, for the past six months. What a feeling not to fight that
dull, long traffic snarl between your house and your office.
Now
all you have to do is figure out how to become as productive at home
as you are in the office, and wireless networking can be a huge part
of that. This lesson walks you through all the different aspects of
working from home -- as a telecommuter, consultant, or freelancer --
in a wireless environment.
This
lesson makes some assumptions:
1.
You have one or more computers and peripherals
in your home network.
2.
You have broadband access to the Internet.
3.
If you're a telecommuter, you need to connect to
certain proprietary networks.
4.
If you're a consultant working with sensitive
customer data, or if you're a telecommuter, you need to use
encryption.
First
and foremost, keep in mind that working in a wireless environment
means that you can start thinking outside the box. If you're not
tethered to an Ethernet cable, you can reconfigure your office. You
might be able to move your desk closer to the den window, or into a
different room in the house. If you have a laptop, you can choose to
work outside on beautiful days, or even visit a wireless cafe and do
your work there.
The
idea is to be free. But, paraphrasing the Amazing Spiderman, with
great freedom comes great responsibilities. One of the most effective
parts of working in a work-like environment is your ability to focus
on work. By freeing yourself from the tethers of an office-like
environment (even one at home), the lines between work and play can
start to blur.
A
little bit of blurring might be fun. Just moving your laptop out to
the back patio can increase your creativity, problem-solving
abilities, and productivity. There's nothing like a change of venue
to clear the air.
Too
much blurring and you start breaking down all the advantages that
make a work environment so productive -- without any of the benefits
of increased creativity from a new environment. For example, you
might find yourself surfing the Web, or slipping in a video game
instead of writing that report, just because you can. After all, it
was the "just because you can" idea that got you out on the
back patio in the first place.
There's
another hidden drawback to being always on, and it only becomes a
problem after you've established a solid working pattern. If you work
from home, you need to draw clear boundaries between your work and
personal lives. Just because you can check your office e-mail at any
time of the day or night doesn't necessarily mean that you should.
Failure
to draw boundaries on your work activities can quickly turn your
wireless home network into a burden, not a tool. You might get to the
point where you dread going into your office for fear of seeing more
e-mail requesting urgent action. You won't even want to go into that
space for recreational purposes, and this can be a bad thing.
If
you find yourself feeling dread over your home networking setup and
how it impacts your personal life instead of feeling good about how
much more productive you are in your work, it's time to consider some
clearly defined boundaries.
Another
boundaries-related issue you need to confront is your home life. When
you're working, you need to send a signal that you're working. If you
stop to run errands, play with or baby-sit the children, or walk the
dog, you may be sending the kind of signal to your family that says
"It's okay to bug mommy or daddy when they say they're working."
What
they won't understand is time spent with them (or doing things for
them) during the day needs to be made up in the evenings and possibly
weekends.
If,
on the other hand, you establish clear boundaries for your office
(whichever room it may be) and some regular office hours (8:00 to
11:30 a.m. and 1:00 to 5:00 p.m., for example), you can keep your
productivity high and achieve a more positive work/life balance.
Here
are some quick tips for establishing some boundaries:
Rules
for you:
1. Wear professional
attire when you go in to your at-home office. Studies show that
at-home workers are much for focused and business-like when they're
in appropriate dress.
2. Establish a set
routine. For example, whenever possible, do your creative work in the
morning, make your calls after lunch, and attend all meetings in the
late afternoon.
3. Answer your business
phone professionally with your company name and title.
4. No TV, stereo,
recreational Web surfing, and video games during work hours.
Security
Issues
If
you're working from home, security is going to be a top priority. You
might be working with sensitive information belonging to your company
(if you're a telecommuter) or your clients (if you're a freelancer or
consultant).
Security
for Telecommuters
If
you haven't instituted any of the security measures discussed in
previous lessons, your company will probably make you use most of
those precautions -- and more besides. Typically, you might have to
deal with:
1.
Working with a VPN (virtual private network ). A VPN is basically an
encrypted tunnel through which your data can pass. A VPN connects two
endpoints, usually the system you're on and a corporate server. VPNs
allow companies to extend their network out to geographically
dispersed systems -- in other words, remote and home offices.
2.
Using a smart card. Smart cards usually look similar to a calculator,
and are designed to generate one-use passwords. They usually have a
keypad and a small LCD display. You punch in your assigned PIN and
then the smart card displays a password. You generally have about 30
seconds to log in using special software and enter your newly
generated password. Each time you log in to the system, you have to
use a newly generated password.
3.
Installing a firewall. Different companies have different policies
regarding the use of firewalls. Some may suggest that you install
personal firewalls only on the system with which you work, and others
may demand that you set up a network firewall (doubly so if they find
out you're wireless).
4.
Firewalls act like a choke point. They can be set up to reject or
accept different kinds of traffic such as e-mail, Web, FTP (File
Transfer Protocol), telnet, and they can disallow network connections
from individual machines or networks. Some firewalls can be
configured to filter out certain content, such as adult-oriented
material. What these filter out depends largely on the company's
policies.
5.
Installing and keeping an up-to-date virus scanner or shield. Virus
scanners not only protect you from picking up the latest destructive
computer viruses, but they can keep you from spreading them
unwittingly to other coworkers.
6.
Regular scanning and removal of spyware tools, cookies, and other
programs. Spyware tools can be added to your system without your
knowledge just by visiting Web sites or accepting e-mails from
unknown companies. The primary use of spyware is to send information
about your online habits back to a collection unit. Information that
can be collected includes e-mail addresses, URLs, even passwords and
credit card numbers.
7.
One of the best programs available for getting rid of spyware is
SpyWare Search and Destroy. Best of all, it's free.
8.
Implement physical security for your systems. By physical security,
most companies don't just mean "is the door to your office
locked." They also mean that you should have boot passwords for
all computers, screen-saver passwords, and other precautions. All of
these physical security measures are meant to make it harder for your
equipment to be stolen or broken in to.
9.
If you travel a lot, there are systems you can place on a laptop that
will sound an alarm if the laptop moves more than 20 feet away from
you. This is more than handy if someone tries to snatch your laptop
bag while you're waiting in an airport security line.
Security
for Consultants or Freelancers
If
you're an at-home consultant or freelancer (and if you are, you're in
good and growing company), you probably won't have any strict or
formal security requirements placed on you. However, it's probably a
good idea to start implementing some basic safeguards to keep
information about your clients confidential, such as:
1.
Start with physical security. Enable boot and screen-saver passwords
on your desktop and laptop computers. By doing so, all information on
those systems stay somewhat safe if they are stolen or broken into.
2.
Make regular backups of client data, and make sure that the backups
are encrypted. Also, if the backups are on removable media, such as
tapes or CDs, place those backups in a locking and fireproof file
cabinet or safe.
3.
If you're in the IT business, consider using more industrial-strength
tools, such as encryption keys for e-mail and SSH (secure shell),
instead of telnet when connecting to a remote machine.
4.
Encrypt anything confidential about your client. Many Web consultants
have access to their client's system passwords, ecommerce settings,
and even banking information. If any of this information falls into
the wrong hands, it could mean untold grief for you.
5.
Use professional-grade deletion software to clean up files on
computer systems. Just deleting files or sending them to the trash or
recycle bin often does not completely remove files. Part or all of
deleted files can stay on a computer system for years and years. You
wouldn't want an old laptop you sell to someone else to give away
your customer's secrets, right?
Although
most of these security measures may seem like a pain or hassle,
they're all part of what a professional consultant does to safeguard
his/her client's data. Remember, safeguarding client data is the same
thing as safeguarding repeat business.
Security
Resources
One
of the best places on the Internet for downloading security software
is CNET's www. download.com. You can browse the listings and get
spyware scanners, virus scanners, and even network sniffers and
personal firewalls.
If
you want more in-depth knowledge about security, you need to read
some white papers and case studies. You can find some excellent ones
at the following Web sites:
1.
ZDNet IT Papers
2.
Yahoo! Small Business
3.
Comdex White papers
4.
InformationWeek White papers
At
all of these Web sites, you can use search terms such as wireless
networking, or browse through a category tree to retrieve different
documents. You might see many of the same white papers repeated, but
these Web sites give you the big picture of what's happening out
there in the world of wireless security.
References:
For
SMART Bro Guide:
http://smart.com.ph/SmartBro/Shared/Resources/SmartBro-UserManual.pdf
For
GLOBE Broadband Guide:
http://www1.globe.com.ph/contentrn.aspx?sid=1&catid=3
http://freevideolectures.com/networking.html
http://search.techrepublic.com.com/search/networking+and+wireless.html
http://www.harvardinnovations.com/LearningZone/ComputerTips/WirelessHomeNetworking
http://labmice.techtarget.com/networking/wireless.htm
http://www.worthgodwin.com/computer-lessons-blog/2008/02/how-does-wifi-work-wireless-internet.html
http://www.worthgodwin.com/computer-lessons-blog/2008/03/how-does-wireless-internet-work-simple.html
http://www.expertvillage.com/video/17051_file-share-pc-one.htm
http://www.networktutorials.info/data/wireless-networking.html
http://www.networktutorials.info/index.html
http://reviews.cnet.com/networking-wifi/
http://www.business.com/guides/computer_networking/
Prepared
by:
Engr.
Guilbert Nicanor A Atillo
Instructor
No comments:
Post a Comment