OT: Wireless router recommendation

Chris H wrote on 3/17/2006, 3:26 PM
I bought a second desktop computer and will soon be setting up my first wireless network in my home. For those that have a wireless network, what brand of router would you recommend? I currently have a DSL connection. I've done quite a bit of research online already and am looking at D-Link and Linksys.

The second computer will be used as my editing machine. I do want intenet access with it but would also like to be able to disconnect it from the network. If I had a PCI wireless card to it, can I just change a setting on the machine to disconnect from the network? Any help would be appreciated.

Thanks,

Chris

Comments

Chienworks wrote on 3/17/2006, 3:41 PM
Go Linksys. Myself, my IT buddies, and most of my friends have a common motto: "Buy Linksys. You plug it in, and it works." I don't think i've ever had to fiddle with Linksys stuff. It's about as close to plug-n-play as you'll ever find.

To disable a connection under Windows XP (and if you're not using XP, well, why aren't you?) open up network connections (Start / Control Panel), find the wireless icon, right-mouse-button click on it, and select disable. Of course, do the same thing again selecting enable to reconnect it.

When you set up your wireless network it's a good idea to assign your own unique SSID. All routers broadcast an SSID which is a name you will see when you browse for available wireless networks. Most home wireless routers can broadcast over a 200 to 400 foot radius, so don't give it your own name as neighbors or people driving down the street will see it and know which house it's coming from. It's a good idea to avoid giving out as much identifying information as possible. Name it something like "lettuce" or "38xt49u" or "jupitersix". You should also at a minimum use WEP security. This lets you assign a passphrase to your router. Anyone trying to gain access to it won't get in unless they know the passphrase. You should also set up all the computers in your house to NOT use "ad-hoc" networking. This will force them to communicate only with your router. With ad-hoc networking, even if you have your router locked down, others can still access your individual computers. Most wireless connections default to ad-hoc disabled, but be sure to check.

If you really want to get serious about security you can give the router a list of your computers' ethernet MAC addresses (the router documentation will explain all this much better than i can). After that, it won't matter if it's the NSA parked in your driveway trying to hack in and knows your passphrase; the router will simply ignore them.
Coursedesign wrote on 3/17/2006, 4:11 PM
If you really want to get serious about security you can give the router a list of your computers' ethernet MAC addresses (the router documentation will explain all this much better than i can). After that, it won't matter if it's the NSA parked in your driveway trying to hack in and knows your passphrase; the router will simply ignore them.

Unless they are slightly more patient and first check the MAC addresses and then wait for one machine to be turned off, at which time they can get in immediately.

Still, it's not NSA that's the problem in this.

Unless one of your friends or say computer suppliers or dry cleaners misdialed a local phone number and called a mosque by mistake, then you too are fair game for having everything you do totally recorded (which happened in real life last year).
Chris H wrote on 3/17/2006, 4:37 PM
Thanks for your quick reply.

Chris
Jøran Toresen wrote on 3/17/2006, 5:12 PM
Hello!

Questions: What is a NAT Firewall? And do I need a software firewall if the access point / router has a built in NAT Firewall?

Thanks in advance,
Joran
johnmeyer wrote on 3/17/2006, 6:05 PM
Questions: What is a NAT Firewall? And do I need a software firewall if the access point / router has a built in NAT Firewall?

NAT = Network Address Translation. It is not a firewall, but it provides an awful lot of security. NAT is what a router does: The requests from each computer on your internal LAN go through this device. It sends each request out, along with a little extra packet of information that lets it sort out the responses that come back in response to the outgoing requests, and send these responses back to the correct computer on your LAN. Thus, all these computers look like just one computer to the outside world. More important, any incoming packet that doesn't match an outgoing request is simply ignored. This keep virtually all outside hacking attempts completely out of your computer. There are still plenty of ways a computer can be compromised, but it requires some additional stupidity on the part of one or more of your users.

The hardware firewall, which is sometimes part of the same router that provides NAT, is an additional feature that must be configured. It can catch a broader range of problems but, in my experience with a small network, has never been necessary. If I were managing a company, with lots of employees doing goodness knows what, I would obviously install a hardware firewall. As for installing a software firewall, I am not sure whether you need it, if you have a hardware firewall.

There are several IT people who read this forum, so they may have more intelligent things to say ...

snicholshms wrote on 3/17/2006, 7:24 PM
I'm looking at upgrading my Linksys wireless G to the new SRX400 to get more mobility in the front room and front yard. The router is located in my soundproofed (re:blocks wireless transmission) studio in the very back of the house! Anyone have any experience with this?
Tattoo wrote on 3/19/2006, 8:57 AM
ChrisH,

I'll second the vote for Linksys. Based on some reviews (and a great sale at the time), I bought a Netgear wireless router, and have regretted it ever since. While it generally does a decent job, it drops out the signal far too easily (from only 30 feet away down the hall in a wood-frame house) in even an extremely low density environment (house backs up to forest and only one other 802.11b/g network within range.

NAT does take care of probably 99% of all internet-based vulnerability scans. NAT can be worked around, but if you're a hacker, why go to the effort when there are so many totally unprotected systems to take advantage of? A real hardware firewall in a router will make sure that a internet packet that's trying to get in was actually requested by the computer. However, I'm pretty sure it has no way of knowing whether the request for a packet was made by "good" program or a malicious one. A software firewall will give you the opportunity to give or deny permission for individual programs to access the internet. Even if you don't click on the "wrong thing" while surfing or open email attachments, who knows what adware programs install with "innocent" programs you install these days?

Me, personally, I'm a little on the paranoid side. My security isn't foolproof, but I'm not an easy target, either. I'll never be without a software firewall again, and prefer to have the hardware firewall in addition to the router NAT. Why not run a software firewall when there are several decent ones that are free?

Brian
riredale wrote on 3/19/2006, 7:01 PM
XPsp2 I think includes a beefed-up software firewall, but to my knowledge it only looks at incoming stuff. In contrast, a popular freeware firewall such as Zonealarm monitors not only what's trying to get in but also what's trying to get out. Thus, if you've ever caught a bug and that bug is trying to spread itself to other PCs, Zonealarm will block it. This happened to me last year; my system suddenly got really slow, and upon investigation I discovered that Zonealarm was using up 99% of the resources . Turns out it was doing so because some zombie was in my system, and trying to constantly phone home.

Wish they made a version of Zonealarm for the Bird Flu. I fear this is going to be a nasty surprise for mankind.

EDIT: Incidentally, I've recently begun using a Netgear router (my old D-Link router died) and I've noticed that about once a day I lose the Internet connection. Don't know why, but someone said Netgear routers don't play nicely with Comcast...
Harold Brown wrote on 3/19/2006, 7:55 PM
I recommend Linksys WRT54G or WRT54GS. My WRT54G went bad after 3 years so I bought the WRT54GS because it supports my Laptop speedboost. I have VOIP (Vonage) so my router stays on 24x7. Linksys works perfect everytime. Got it at SAMS for $59.99.
Chris H wrote on 3/19/2006, 9:03 PM
Thanks, everyone. I ordered the Linksys WRT54G.

Chris