94 Part II: Making Plans
Operational Features
Most APs share a common listing of features, and most of them do not vary from one device to the next. Here are some unique, onboard features that we look for when buying wireless devices . . . and you should, too. Among these are
Wired Ethernet port: Okay, this seems basic, but having a port like this will save you time. We will tell you time and again to install your AP first on your wired network (as opposed to trying to configure the AP via a wireless client card connection) and then add on the wireless layer (like the aforementioned client card). You will save yourself a lot of grief if you can get your AP configured on a direct connect to your PC because you reduce the things that can go wrong when you add in the wireless clients. Note: On some APs, like the Mac AirPort, directly connecting for setup is not an option.
Auto channel select: Some access points, such as some from ORiNOCO (www.proxim.com), offer an automatic channel selection feature, which is cool. For instance, the ORiNOCO AP-2000 Access Point selects its own frequency channel, based on interference situation, bandwidth usage, and adjacent channel use, by using its Auto Channel Select feature. This is beneficial when first deploying your AP-2000 or adding an AP-2000 unit in an existing environment. For instance, for the 5 GHz radio card (used for 802.11a), the default channel is 52–5.260 GHz. When a second AP2000 unit is turned on in the vicinity of the currently active AP-2000 device, the Auto Channel Select feature changes the frequency channel of the second unit so that no interference exists between the units. Multiple AP-2000 units can be turned on simultaneously to establish proper channel selection. That’s pretty nice because as you can read in Chapter 6 and in the troubleshooting areas of Chapter 18, channel selection can try your patience. (You might wonder why it’s necessary to pay more for more business-class access points — this is a good reason.)
Power over Ethernet (PoE): Because every AP is powered by electricity (where’s Mr. Obvious when you need him?), you should also consider whether the location that you choose for an AP is located near an electrical outlet. High-end access points, intended for use in large enterprises and institutions, offer a feature known as Power over Ethernet (PoE). PoE enables electrical power to be sent to the AP over an Ethernet networking cable so that the AP doesn’t have to be plugged into an electrical outlet. Modern residential electrical codes in most cities, however, require outlets every eight feet along walls, so unless you live in an older home, power outlets shouldn’t be a real issue. But if you’re putting it on the ceiling, running one cable sure is easier than two!
Detachable antennas: In most cases, the antenna or antennas that come installed on an AP are adequate to give you good signal coverage throughout your house. However, your house might be large enough or be configured such that signal coverage of a particular AP could be significantly
Chapter 5: Choosing Wireless Home Networking Equipment 95
improved by replacing a stock antenna with an upgraded version. Also, if your AP has an internal antenna and you decide that the
signal strength and coverage in your house are inadequate, an external antenna jack allows you to add one or two external antennas. Several manufacturers sell optional antennas that extend the range of the standard antennas; they attach to the AP to supplement or replace the existing antennas.
The FCC requires that antenna and radio be certified as a system. Adding a third-party, non-FCC-certified antenna to your AP violates the FCC regulations and runs the risk of causing interference with other radio devices such as certain portable telephones.
Uplink port: APs equipped with internal threeand four-port hub/ switch devices are also coming with a built-in, extra uplink port. The uplink port — also called the crossover port, output, X, bridge, and so on — is used to add on even more wired ports to your network by uplinking the AP with another hub or switch. This special port is normally an extra connection next to the last available wired port on the device, but it can look like a regular Ethernet jack (with a little toggle switch next to it). You want an uplink port — especially if you have an integral router/DSL/cable modem — so that you can add more ports to your network while it grows. (And it will grow.)
Security
Unless you work for the government or handle sensitive data on your computer, you probably aren’t overly concerned about the privacy of the information stored on your home network. Usually it’s not an issue, anyway, because someone would have to break into your house to access your network. But if you have a wireless network, the radio signals transmitted by your wireless network don’t automatically stop at the outside walls of your house. In fact, a neighbor or even someone driving by on the street in front of your house can use a computer and a wireless networking adapter to grab information right off your computer, including deleting your files, inserting viruses, using your computer to send spam, and so on — unless you take steps to protect your network.
The security technology that comes standard with all Wi-Fi equipment is Wired Equivalent Privacy (WEP). Perhaps the most well-publicized aspect of Wi-Fi wireless networking is the fact that the WEP security feature of Wi-Fi networks can be hacked (broken into electronically). Hackers have success-
fully retrieved secret WEP keys used to encrypt data on Wi-Fi networks. With these keys, the hacker can decrypt the packets of data transmitted over a wireless network. The significance of this problem might have been overblown
96 Part II: Making Plans
in the media because changing keys regularly greatly reduces the risk of a successful WEP attack. Nonetheless, many business and government agencies have prohibited implementation of wireless networks that rely only on WEP to protect the privacy of data.
In October 2002, the Wi-Fi Alliance announced a new, replacement security technology for WEP: Wi-Fi Protected Access (WPA). WPA is based on an IEEE standards effort that’s not yet fully adopted. This technology, which makes cracking a network’s encryption key much more difficult, is designed to work in the products on the market today and is expected to first appear in Wi-Fi certified products during the first quarter of 2003. Most vendors are expected to offer free firmware and software updates for Wi-Fi certified products currently in use.
Although WEP isn’t as secure as WPA, you take a much greater security risk if you don’t use WEP at all. See Chapter 10 for a full discussion of how to set up basic security for your wireless home network.
In addition to encryption features such as WEP (or WPA), many AP manufacturers have added a variety of security features often described loosely as firewall protection. One of the most common security features is typically described as a MAC filter because it enables you to set up a list of Media Access Control (MAC) addresses that are permitted to access the network. (The manufacturer of each networking device assigns a unique MAC address to the device at the factory.) A MAC filter can prevent network access by devices not on a predetermined list of MAC addresses.
Don’t depend on the MAC filter feature as the sole form of security for your wireless home network. A determined hacker can discover the MAC address of one of your computers and then use software to masquerade as that MAC address. The AP would permit the hacker to join the network. This is a spoof attack.
Other useful firewall features to look for when buying an AP include
Network Address Translation (NAT), which we discuss earlier in this chapter
Virtual Private Network (VPN) pass-through that allows wireless network users secure access to corporate networks
Monitoring software that logs and alerts you to computers from the Internet attempting to access your network
Utilities that enable you to log content that’s transmitted over the network as well as to block access to given Web sites
We talk a lot more about security in Chapter 10. We encourage you to read Chapter 10 so that you’ll be well prepared for the process when you’re ready to install your equipment.