AP location

[lyc360]

I'm about to set up a wireless LAN in my home in semi-rural Maryland. I want to have great coverage in my home, but want to limit exposure outside the home due to mischievous/ingenious 13 year olds down the street.

I know that 811.a would likely be more secure, but the relative lack of availability of home equipment and the cost makes this less attractive to me.

Would placing my access point in the basement limit outside reception somewhat? How much of a difference does placement of an AP within the home environment make?


<i>It's an engine, and it's loud.</i>

 

[dukeofcrydee]

Actually an 802.11a is not more secure than 802.11b. It's just faster.

If you want to be secure from goofy 13 yr. old script kiddies, then setup the security features the wireless company recommends.

If you rename your SSID, cease broadcasting that SSID, and use MAC Filtering, you'd pretty much knock out the 13 yr. olds.

Yes you can also use WEP encryption, but that's really overkill at home and decreases your speeds.

As far as placement, putting the AP in the basement wouldn't neccessarily keep the signal inside the house. There's really no way to tell where your signal is going unless you run around outside with a laptop to test.

A lot of variables go into degrading the signal inside: microwave ovens, 2.4GHz phones, different types of walls, metal, fish tanks, etc..

So just put the AP close to the center of what you plan on your wireless network being.

 

[herrflik]

A couple of other points:

dot11a offers some limited additional security through obscurity - for most people it will have the range for home use, but be warned that the range and speed drops off *very* fast when there are obstructions (like walls) around.

By way of security, the obvious schoice is to use MAC address filtering and 40 bit WEP - there might be a performance penalty to pay on budget equipment, but in the context of broadband access speeds, its minor.

The only realistically secure solution at present would be to use VPN; having said that, anything you can enable is another speed-bump for an eavesdropper. The only thing not worth bothering with is anything beyond 40 bit WEP: its fundamentally flawed for any key length, so use the minimum (and limit that performance cost, if it affects your gear).

One more practical thought: you might try tuning the transmit power for the access point, and setting the basic rates at 11MB/s only. That might well give you a reasonable limited working area.

 

[AussieCJ7]

WEP will not decrease your speed in any of the better AP's as the encryption is done in hardware

 

[dstell]

Location of the AP can reduce physcial access to the AP, but the bottom line is it is "wireless" and it will go through walls. 802.11a does not have the penetration to go through the walls as well as the 802.11b does. So, I understand what you mean about it not having the distance, but the security is about equal on 802.11a and the 802.11b.

My suggestion is to focus on the security - and choose the 802.11b option -

Here are the seven security suggestions that THG recommends:

- Check your vendor's website for all security related updates for your wireless devices. Apply these updates, as most of the vendors have made security related updates, to the firmware of your unit. Don't assume that the firmware that is loaded on your unit fresh from the factory is the most current version.

- Turn WEP on and manage your WEP key by changing the default key, and subsequently, changing the WEP key on a regular basis. Never operate a wireless access point or wireless router without using WEP if you are concerned about the sensitivity of the data on your network.

- Password protecting drives and folders on your computers can provide an additional layer of security.

- Change the default SSID (Wireless Network Name) to something else.

- Use session keys if your product supports this option.

- Use MAC address filtering if supported by your product.
Locking the unit down to restricted MAC addresses is one of the best lines of defense.

- Consider using a VPN system. Although it can require a VPN server (or a device that acts like a VPN server), a VPN client is already included with Windows 98SE, Windows 2000, and Windows XP.

These are some of the best ideas that I could come up with in the article that we did sometime back. Personally, I like to place the wireless access point on an isolated IP segment and use a VPN connection with heavy 256bit WEP that you see in some of the new 22mbit products. I also follow most of the suggestions that I have made above.

 

[phr0ze]

Sounds like everyone hammered the security issue well. As far as location I recommend the center of your home. Or as close as you can get it. But keep it several feet from Microwaves and 2.4ghz phones. I've also heard that the AP is less prone to microwave interference if you use channel 1 or 11.

LAter

---------------------------------------
phr0Ze