Travel Technology - Please confirm my home networking plan

I plan to update my home network as follows. Could someone please review and let me know if I'm overlooking anything? My assumption is that I install and configure the gateway then connect and configure the hard-wired network connections.

Also, any tips on equipment appreciated. I need the gateway and the network printer (probably going to get the $350 Dell 3010cn).

Thank you.

New wireless gateway (integrated DSL modem/10/100 Ethernet switch/wireless)

connects via ethernet (just plug 'em in and configure) to
network printer
desktop
1TB NAS

connects via wireless to
laptop(s)
Apple Airport Express (streaming music)

Your overall scheme looks fine. You'll need to ensure your printer has the built-in ability to connect to the network directly. If it has a network adaptor (RJ-45) then it should have the ability to be configured to obtain an IP address via DHCP (supplied by your router). Same overall concept for NAS.

I have always had very good luck with Netgear for a home network setup. I'd tend to avoid the pre-N devices as the spec is really not ready to be a standard yet. I use a Netgear "Super-G", and find I get very good range and speed; even though the Super-G chip is proprietary my HP portable also works at the higher speed.

Be sure to change the SSID/password and consider locking down your devices by used a MAC access list. I also set the SSID to not broadcast - I'm amazed when I check and see 4 or 5 home networks in my area, setup, open, and ready to connect!

Have fun,
Bruce

Good timing, I'm just about start a series on this for my tech blog (shamless plug in my signature)...

I've done several home set-ups, including my own which is a little overkill...
You may want to consider a different gateway/router. I prefer linux-based solutions (bad word) like IPcop (www.ipcop.org) or the BSD-based M0n0wall. The advantages include advanced options like: traffic shaping (great for VoIP users), stateful packet inspection, anti virus/spam filters, traffic blocking (ads, porn, IM, etc...all time and workstation based...IE turn off the kid's access to IM during homework hours). The other advantage is having a seperage subnet for wireless- which may or may not be preferable (in the case of itunes music its usually not).

That being said, you probably want to consider a switch as well. The internal 4 port switches on most wifi routers do not scale well. They claim to support 255 devices but I've seen Linksys and Netgear lose proformance at more than 3 or 4 and lock up with 10...again not a rule, just an observation. You can get a netgear or linksys etherfast switch for less than $100 depending on the number of ports.

If you are going between floors, you may want 2 switches. That way you can get by with running only one cat5 b/t floors...which gets tricky. For instance, I have a 16 port switch of my 2nd floor and a 24 port for the first floor. It only took 1 cat5 to connect them.

I like the recomendation on security on the access point. Make sure to use WPA and get a 64 bit password from www.grc.com/pass...save it to a USB key then you can copy and paste it as needed. One thing I do not agree with is MAC filtering or SSID hiding...but that goes back to the wifi security thread where I think I lost some friends. Bottom line, if you use a good, long, random passphrase then you are as safe as you can ever get. MAC filtering is not security, its just a filter and can be easily spoofed. SSID hiding is pointless, most WiFi clients dont even obey by it. Like I said, I'm not worried about the 99% of people who won't try and break MAC filtering, etc...I'm worried about the 1% who will try.

What I like to do is set up public and private WiFi networks...but may be overkill. With IPcop I use the WiFi (blue) subnet for the public access. I hang a single Linksys WRT54g off the blue subnet and put it in an attic (usually). I usually leave that one wide open, in terms of security. Then in the router I limit the bandwidth to about 1/4th - 1/8th of what you get from you ISP (my generosity only goes so far). You can do the DHCP and MAC filtering for that in the router. So when a friend comes over he can easily attach to the public AP then you just chose to enable net access in the router. Or you can enable it for everyone by default... I've consulted a lawyer and here in VA he feels like I'm protected from someone using my connection for malcious actions.
The benifit is that the WiFi subnet is cordened off from the LAN subnet, where your data and computers are.
Then I put the Airport Expresses on the LAN (green) subnet with 64 bit long, random passwords. I use that for my laptop, my wife's laptop, etc... the benifit is that I only allow machines I personally trust on the same subnet as my servers, computers, data, etc.
The final benift to this set-up is that there are devices that still do not support WPA encryption (and I belive that WEP is wortheless). So my WiFi VoIP phones (and wireless TiVos fall into this category) use the public AP on the WiFi subnet.

I agree that netgear makes good stuff, but their wifi APs can be a bit flaky. I really like Linksys, but I know that people feel so-so on them. One thing most folks agree on...D-Link sucks :D .

For printing I like the HP 2600n... It has great buit in networking including a print server and bonjour (zero config for OS X and XP). Its a color laser.
For sharing ink-jet printers you may be able to use the Airport express, or you could get a $40 PC, load XP (or linux for the truely geeked out) and use it as a print server.

In terms of Cat5 boxes and jacks... for boxes I like the standard 'old work' low-voltage (orange) boxes you can get at lowes or home depot. IF this is a new house you can get 'new work' (assuming you get there before the dry wall guys! For the plates and jacks I've had GREAT luck with the Levton stuff from www.smarthome.com HomeDepot also sells that brand, Lowes does not. If you are going to run the cat5 yourself, make sure you get cat5E...the E is important.

Just a couple of things, first, another vote for using IPCop, smoothwall, etc. Great apps and easy to setup. To be honest, most of the time its overkill, but I would rather be safe than sorry.

I use have had Linksys, netgear, dlink, and belkin routers/WAPS and to be honest I probably liked the Belkin the most, with linksys a close second, and maybe first if not for price.

FWIW, if you get one of those pre-N setups, make sure you get matching wireless cards.

AJ

Ok... Shamless plug, I know...but I just finished posting part 1 of my 3 part home network setup on my tech blog:
http://archatechs.wordpress.com/2006/06/02/pimpin%e2%80%99-aint-easy-%e2%80%93-setting-up-the-ultimate-home-network-part-1/
(for some reason my visio graphics are not showing up :( )
if you are doing the work or layout yourself you might find it useful.
Next thursday I'm posting part 2 on the router and switches and WiFi setup...

Ok... Shamless plug, I know...but I just finished posting part 1 of my 3 part home network setup on my tech blog:
http://archatechs.wordpress.com/2006/06/02/pimpin%e2%80%99-aint-easy-%e2%80%93-setting-up-the-ultimate-home-network-part-1/
(for some reason my visio graphics are not showing up :( )
if you are doing the work or layout yourself you might find it useful.
Next thursday I'm posting part 2 on the router and switches and WiFi setup...

Good article for a novice like me. I thought installing the jacks on the ends of the cat 5 would be trickier than it appears to be.

Thanks.

Good article for a novice like me. I thought installing the jacks on the ends of the cat 5 would be trickier than it appears to be.

Thanks.

Put it this way, I tought my mother to do it and she can barely (and not always reliably) check her e-mail.

The leviton ends that are open and allow the excess wire to pull through make it VERY easy...just need the special crimper that trims them.

Ok... Shamless plug, I know...but I just finished posting part 1 of my 3 part home network setup on my tech blog:
http://archatechs.wordpress.com/2006/06/02/pimpin%e2%80%99-aint-easy-%e2%80%93-setting-up-the-ultimate-home-network-part-1/
(for some reason my visio graphics are not showing up :( )
if you are doing the work or layout yourself you might find it useful.
Next thursday I'm posting part 2 on the router and switches and WiFi setup...

I'd highly recommend that you consider recommend picking up a tub of nylon pull string and pulling & leaving that tied off in the box for each run in case you need to make another run to that box in the future.

If you're doing alot of boxes, a rotozip in lieu of a drywall saw is highly recommended, *especially* if you have plaster. It will make the holes come out very neat and in the case of plaster you won't break off big chunks from the reciprocating action against the lathe. The rotozip uses a rotary bit. In general if you have plaster and you're putting a new box in a drywall saw won't do the trick without making a huge mess, you'll need a sawzall or a rotozip and the former will make a mess.

You can use low voltage plates which just clip into the wall and provide threaded holes for securing the face plate in lieu of those orange boxes too.

I've done several home set-ups, including my own which is a little overkill...
You may want to consider a different gateway/router. I prefer linux-based solutions (bad word) like IPcop (www.ipcop.org) or the BSD-based M0n0wall. The advantages include advanced options like: traffic shaping (great for VoIP users), stateful packet inspection, anti virus/spam filters, traffic blocking (ads, porn, IM, etc...all time and workstation based...IE turn off the kid's access to IM during homework hours). The other advantage is having a seperage subnet for wireless- which may or may not be preferable (in the case of itunes music its usually not).

That being said, you probably want to consider a switch as well. The internal 4 port switches on most wifi routers do not scale well. They claim to support 255 devices but I've seen Linksys and Netgear lose proformance at more than 3 or 4 and lock up with 10...again not a rule, just an observation. You can get a netgear or linksys etherfast switch for less than $100 depending on the number of ports.

What I like to do is set up public and private WiFi networks...but may be overkill. With IPcop I use the WiFi (blue) subnet for the public access. I hang a single Linksys WRT54g off the blue subnet and put it in an attic (usually). I usually leave that one wide open, in terms of security. Then in the router I limit the bandwidth to about 1/4th - 1/8th of what you get from you ISP (my generosity only goes so far). You can do the DHCP and MAC filtering for that in the router. So when a friend comes over he can easily attach to the public AP then you just chose to enable net access in the router. Or you can enable it for everyone by default... I've consulted a lawyer and here in VA he feels like I'm protected from someone using my connection for malcious actions.
The benifit is that the WiFi subnet is cordened off from the LAN subnet, where your data and computers are.



Personally I have a Cat5500 with an RSM and SUP III in my basement handling routing and switching. It only has a 9gbps backplane but it does the job. The issue you're seeing with the linkys and the netgear switches is that they don't have much of a backplane if any (in which case they're software switching the packets and the little CPU is getting murdered).

I do the same thing with the WIFI, I just trunk the connection to the AP with a public and private vlan, and I policy route the public wifi to the border and rate limit it as well. I'd like to get a pix but so far I haven't come across a deal on one. I have an older checkpoint I might setup one day if I have some time.

I'd highly recommend that you consider recommend picking up a tub of nylon pull string and pulling & leaving that tied off in the box for each run in case you need to make another run to that box in the future.

If you're doing alot of boxes, a rotozip in lieu of a drywall saw is highly recommended, *especially* if you have plaster. It will make the holes come out very neat and in the case of plaster you won't break off big chunks from :D the reciprocating action against the lathe. The rotozip uses a rotary bit. In general if you have plaster and you're putting a new box in a drywall saw won't do the trick without making a huge mess, you'll need a sawzall or a rotozip and the former will make a mess.

You can use low voltage plates which just clip into the wall and provide threaded holes for securing the face plate in lieu of those orange boxes too.

I think that is a great idea, and I did pull some pull lines when I did my house. I typically pull extra CAT5 when I do other people's houses....i can either use it as a pull string later or use it for something else.

I also agree with the rotozip and that's what I use; but I was trying to keep the article as 'low cost' as possable. At home I have plaster over wall board and cutting it with a hand saw was tricky, but it worked. A dremel with the right attachment works well too.

I did mention using the low voltage boxes...I just have mixed feelings about them. They are not sturdy at all. On the other hand, having the open back makes them easier to stuff excess wire back into the wall. I often use regular old work JBs though...I just like the feel of em.

And...IF you find a deal on a PIX....BUY TWO AND LET ME KNOW!!! :D

I got the Netgear DG834G and installed it Monday. I update the firmware as well.

The wireless connection on my 2Wire that I got free from SBC was better!

Now I've ordered the "matching" 802.11g PC card for my lappy to see if that helps.

Any wireless network setup tips? The access point is about 75 feet from where I often use the lappy, three walls away. Moving the access point is not an option.

I got the Netgear DG834G and installed it Monday. I update the firmware as well.

The wireless connection on my 2Wire that I got free from SBC was better!

Now I've ordered the "matching" 802.11g PC card for my lappy to see if that helps.

Any wireless network setup tips? The access point is about 75 feet from where I often use the lappy, three walls away. Moving the access point is not an option.

The only tip I can offer at this point is use good security.
You really need to use WPA (or WPA2) with a long, random password. I pull passwords from www.grc.com/pass and typically I splice 2 or 3 just to make sure its utterly unique. Then I store it on a USB key. You can copy and paste from the key to any computer...IE if a friend comes over.

Where that gets tricky is when you have a device that doesnt support WPA. In that case I'd recomend a 2 access point setup. But that gets tricky. You put one in front of the other so that the unprotected AP is 'upstream' of the protected one. That way NAT protects the protected AP....like I said, tricky when you are using an 'off the shelf' router.

I just cannot stress the security stuff enough though.

Good luck

This is very interesting as I just set up my first wireless network the other day.

I did use WPA but with a simple 10 character password. I know it is not a particularly strong password but I'm curious as to how easy or difficult it would be for someone to crack such a password?

The only tip I can offer at this point is use good security.
You really need to use WPA (or WPA2) with a long, random password. I pull passwords from www.grc.com/pass and typically I splice 2 or 3 just to make sure its utterly unique.

Steve Gibson is an egomaniacal crackhead (after he started claiming he invented syncookies (http://www.grcsucks.com/genesis.htm) and media whoring off that I was fully convinced...) Here's a good reference (http://www.grcsucks.com/). Anyways, you're right, you just need a long random password. Mashing on your keyboard for 15+ characters (make sure you're not just mashing on the same area; get some numbers and punctuation and hit the shift key once in a while! put your back into it!) is quicker and better. You have no idea how grc.com is really generating its passwords, and you're also putting your trust in the security of their server, the security of SSL, multiple network nodes between you and their server, etc. Much simpler to just put the trust in the machine you're setting up WPA from and the Ethernet cable you're using to configure your AP with since you wouldn't be doing it over an initially unsecured wireless connection the first time, right? :)

The "flaw" in WPA (and perhaps WPA2) at the moment is indeed that it's vulnerable to a dictionary attack. Lots of things are though, so good passwords are always important. They don't necessarily have to be long and complex, but for something where you're not always entering it like saving a WPA password, it doesn't hurt to go a bit overboard.

I did use WPA but with a simple 10 character password. I know it is not a particularly strong password but I'm curious as to how easy or difficult it would be for someone to crack such a password?

If it's "simple" in the sense of being a dictionary word, or multiple ones strung together, or with a number or two added, or...you get the picture, then it would be a easy to moderate challenge depending on complexity. If you've added in non-dictionary elements, punctuation, odd capitalization, etc, then the time required to brute-force it goes up exponentially. Change it to something random if it is simple in the way I described.

Anyways, people aren't going around cracking home WPA setups. They want net access, not your data, so they'll just use the signal from next door. It's probably just a random neighbor looking for free wireless in this scenario. Regardless, it is important to secure your wireless network of course.

With the exception of the GRC password stuff, I'd agree with what karthik said.
I think Gibson is a little nutty, but he was pretty open about how the password page works. Just to be safe, I mix and match from several reloads of the page by copy and pasting from random sections of each page load...

I figure, if you are going to use 15+ random charracters, why not use 64 and get as safe as you can possably get with WPA.

Also, most of the attacks against WPA are theroretical and pretty hard to do in practice...and I do think that most people chose the path of least resistance. That is, they find the unsecured network rather than try and crack yours just for net access. But its my paranoia about that .5% that will try and crack my network...be they script kiddies or worse...i like to be secure :D

Edited: just posted Part 2 (http://archatechs.wordpress.com/2006/06/12/pimpin-ain%e2%80%99t-easy-part-2-%e2%80%93-%e2%80%98roll-your-own%e2%80%99-firewall-with-ipcop/) - the IPcop stuff