THE FOLLOWING COMPTIA IT FUNDAMENTALS EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

• 3.2 Given a scenario, use security best practices
  • Open WiFi vs. secure WiFi
• 4.1 Given a scenario, set up and configure a basic SOHO router (wired / wireless)
  • Verify wired connection, if applicable
  • Set WEP vs. WPA vs. WPA2
  • Change SSID from default
  • Apply a new wireless password
  • Change admin password for router
  • Connect to the new network
  • Verify internet connectivity
  • Update firmware if necessary
• 4.2 Compare and contrast cellular, wireless and wired data connections
  • High vs. low mobility
  • High vs. low availability
  • High vs. low throughput/bandwidth
  • High vs. low reliability
  • Connection delay
  • Number of concurrent connections
  • Levels of security

It seems like nearly everyone is on the Internet these days. Media that used to be restricted to desktop and laptop computers is now accessible by small handheld devices like smartphones and even smart wristwatches. This chapter is called “Networking Technologies and Wireless Routers,” but it could just as easily be called “Getting on the Internet.”

Now to be fair, this chapter is about setting up a small network for your small office/home office (SOHO) environment, which means it's about connecting computers to each other and not just the Internet. It just happens that many of us get twitchy when we have to go more than a few hours without getting our update on what's going on in the world.

To start off this chapter, I'll cover network connection types and features. If you're new to networking, this will be a good primer for you to understand the different types of connections you can make both within a network and when connecting your network to the outside world. As part of that discussion, I'll compare and contrast the different types of connections so you can make the best decision possible for your needs.

The second major section of this chapter will focus on setting up a SOHO router. First, I'll talk about network connectivity essentials—details you need to know about how computers communicate with each other over a network. I will then take that base of information and dive into the specifics of setting up a small router to give you what you really want: that reliable connection to other computers (and the Internet!).

Connection Types and Features

There are a lot of analogies we can make between humans and computers. You've already heard analogies for hardware, such as the motherboard being the nervous system of a computer and the processor being the brain. These comparisons can continue when it comes to connecting computers together.

For people to communicate with one another, they need to be connected somehow. It used to be that people needed to be in the same physical location to speak to each other. Then, technology improved, and by 1876 people could say things like, “Mr. Watson, come here. I want to see you,” into a little box with wires sticking out of it, and other people could hear them in the next room. That technology worked well enough, but then humans figured out how to communicate via radio waves. Today, humans are so advanced as a species that when some apparently crazy person walks down the street seemingly talking loudly to himself, he might actually be talking to a good friend by using a small wireless device hooked to his ear. The line between insanity and technology-enabled has possibly blurred a bit, but that's not the point of this section.

The point is computers need to be connected to each other to communicate as well. And the same holds true for our other mobile electronic devices. The first computer networks relied on wired physical connections, and technology has evolved to provide relatively high-speed wireless communications as well.

There are several available options when it comes to connecting devices together. In this first section, I will talk about how these types of connections work. After that, I will compare and contrast their features so you can make an informed decision on which type of connection is best for your situation.

Choosing a Connection Type

The CompTIA IT Fundamentals exam objectives list three different types of connections you need to be familiar with:

• Wired
• Wireless
• Cellular

These three designations are important to know, and I will use them throughout this chapter. This section will be organized a bit differently, though, into connections you will make within your network and those you will make to connect your network to other networks.

There are two reasons for organizing this way. First, later in this chapter you will learn to set up and configure a basic SOHO router. That process alone is fine, but the assumption is that you will have computers (or mobile devices) connected to this router, and you will also have this router connected to the rest of the world. It's hard to know how to make these connections without the right background. Second, the three technologies you need to understand have different pros and cons, which make some better suited for external connections than for internal connections and vice versa.

Finally, you also need to think about the future. When choosing a connection type, think about not only what the needs are today but also what the needs could be in two or three years. There is no sense in going overboard and buying a top-of-the-line solution if it's not needed, but you do want to plan for expansion if that's a possibility.

Choosing External Network Connections

By “external” connection, I really mean “Internet” connection, because that's the most common connection type, by a significant margin. Internet connections can be broadly broken into two categories: dial-up and broadband. It used to be that you had to weigh the pros and cons and figure out which one was best for your situation. Today, the choice is easy. Go broadband. The only time you would want to use dial-up is if broadband isn't available, and if that's the case, I'm sorry!

Your Internet connection will give you online service through an Internet service provider (ISP). The type of service you want will often determine what your ISP choices are. For example, if you want cable Internet, your choices are limited to your local cable companies and a few national providers. I'll outline some of the features of each type of service and discuss why you might or might not want a specific connection type based on the situation.

Dial-up/POTS

One of the oldest ways of communicating with ISPs and remote networks is through dial-up connections. Although this is still possible, dial-up is rarely used anymore because of limitations on modem speed, which tops out at 56 Kbps. Dial-up uses modems that operate over regular phone lines—that is, the plain old telephone service (POTS)—and cannot compare to speeds possible with broadband. In 2000, about 74 percent of American households used dial-up Internet connections. By 2013 that number had dropped to 3 percent, according to the Pew Research Center. Most of the people who still use dial-up do it because it's cheaper than broadband or because high-speed access isn't available where they live.

The biggest advantage to dial-up is that it's cheap and relatively easy to configure. The only hardware you need is a modem and a phone cable. You dial into a server (such as an ISP's server), provide a username and a password, and you're on the Internet.

Companies also have the option to grant users dial-up access to their networks. As with Internet connections, this option used to be a lot more popular than it is today. Microsoft offered a server-side product to facilitate this called Remote Access Service (RAS), as did many other companies. Today you might still hear people talking about connecting remotely to your company's network as “remote access.”

It seems that dial-up is considered to be a relic from the Stone Age of Internet access. But there are some reasons why it might be the right solution:

• The only hardware it requires is a modem and a phone cord.
• It's relatively easy to set up and configure.
• It's the cheapest online solution (usually $10 to $20 per month).
• You can use it wherever there is phone service, which is just about everywhere.

Of course, there are reasons why a dial-up connection might not be appropriate. The big one is speed. If you need to download files or have substantial data requirements, dialup is probably too slow. In addition, with limited bandwidth, it's really good only for one computer. It is possible to share a dial-up Internet connection by using software tools, but it's also possible to push a stalled car up a muddy hill. Neither option sounds like much fun.

DSL

One of the two most popular broadband choices for home use is digital subscriber line (DSL). It utilizes existing phone lines and provides fairly reliable high-speed access. To use DSL, you need a DSL modem (shown in Figure 5.1) and a network card in your computer. The ISP usually provides the DSL modem, but you can also purchase them in a variety of electronics stores. You use a network cable with an RJ-45 connector to plug your network card into the DSL modem (Figure 5.2) and the phone cord to plug the DSL modem into the phone outlet.

FIGURE 5.1 A DSL modem

FIGURE 5.2 The back of the DSL modem

There are actually several different forms of DSL, including high bit-rate DSL (HDSL), very high bit-rate DSL (VDSL), rate-adaptive DSL (RADSL), symmetric DSL (SDSL), and asymmetric DSL (ADSL). The most popular in-home form of DSL is ADSL. It's asymmetrical because it supports download speeds that are faster than upload speeds. Dividing up the total available bandwidth this way makes sense because most Internet traffic is downloaded, not uploaded. Imagine a 10-lane highway. If you knew that 8 out of 10 cars that drove the highway went south, wouldn't you make 8 lanes southbound and only 2 lanes northbound? That is essentially what ADSL does.

The first ADSL standard was approved in 1998 and offered maximum download speeds of 8 Mbps and upload speeds of 1 Mbps. Today, you will see telephone companies offer maximum DSL download speeds of around 30 Mbps with 5 Mbps uploads. The speed you actually get will vary on a lot of factors, including the distance you are from the phone company's equipment.

One major advantage that DSL providers tout is that with DSL you do not share bandwidth with other customers, whereas that may not be true with cable modems.

To summarize, here are some advantages to using DSL:

• It's much faster than dial-up.
• Your bandwidth is not shared with other users.
• It's generally very reliable (depending on your ISP).

There are some potential disadvantages as well:

• DSL may not be available in your area. There are distance limitations as to how far away from the phone company's central office you can be to get DSL. Usually this isn't a problem in metro areas, but it could be a problem in rural areas.
• DSL requires more hardware than dial-up: a network card, a network cable, a DSL modem, and a phone cord. And you usually pay a monthly rental fee for the DSL modem.
• The cost is higher. Lower-speed packages often start off at around $30 to $40 per month, but the ones they advertise with the great data rates can easily run you $100 a month or more.
• If you are in a house or building with older wiring, the older phone lines may not be able to support the full speed you pay for.

That said, DSL is a popular choice for both small businesses and home users. If it's available, it's easy to get the phone company to bundle your service with your landline and bill you at the same time. Often you'll also get a package discount for having multiple services. Most important, you can hook up the DSL modem to your router or wireless router and share the Internet connection among several computers. The phone companies don't like the fact that you can do this (they want you to pay for more access), but as of now there's not a lot they can do about it.

With many people using their cell phones as their home phones and landlines slowly fading into history, you may wonder if this causes a problem if you want DSL. Not really. Many phone providers will provide you DSL without a landline (called naked DSL). Of course, you are going to have to pay a surcharge for the use of the phone line if you don't already use one.

Cable

The other half of the popular home-broadband duet is the cable modem. These provide high-speed Internet access through your cable service, much like DSL does over phone lines. You plug your computer into the cable modem using a standard Ethernet cable, just as you would plug into a DSL modem. The only difference is that the other connection goes into a cable TV jack instead of the phone jack. Cable Internet provides broadband Internet access via a specification known as Data Over Cable Service Internet Specification (DOCSIS). Anyone who can get a cable TV connection should be able to get the service.

As advertised, cable Internet connections are generally faster than DSL connections. While cable is generally regarded as faster than DSL, a big caveat to these speeds is that they are not guaranteed and they can vary.

One of the reasons that speeds may vary is that you are sharing available bandwidth within your distribution network. The size of the network varies but is usually between 100 and 2,000 customers. Some of them may have cable modems too, and access can be slower during peak usage times. Another reason is that cable companies make liberal use of bandwidth throttling. If you read the fine print on some of their packages that promise the fast speeds, one of the technical details is that they boost your download speed for the first 10 MB or 20 MB of a file transfer, and then they throttle your speed back down to your normal rate.

It may seem as though I am a bit negative about cable modems, but you need to understand exactly what you are getting. In practice, the speeds of cable modems are pretty comparable to those of DSL. Both have pros and cons when it comes to reliability and speed of service, but most of that varies by service provider and isn't necessarily reflective of the technology. When it comes right down to it, the choice you make between DSL and cable (if both are available in your area) may depend on which company you get the best package deal from: phone and DSL through your telephone company or cable TV and cable modem from your cable provider.

To summarize, here are the advantages to using cable:

• It's much faster than dial-up, and it can be faster than DSL (particularly for uploads).
• You're not required to have or use a telephone landline.
• It's generally very reliable (depending on your ISP).

  As with anything else, there are possible disadvantages:

• Cable may not be available in your area. In metro areas this normally isn't a problem, but it could be in rural areas.
• Cable requires more hardware than dial-up: a network card, a network cable, and a cable modem. Most ISPs will charge you a one-time fee or a monthly lease fee for the cable modem.
• Your bandwidth is shared with everyone on your network segment, usually a neighborhood-sized group of homes. Everyone shares the available bandwidth. During peak times, your access speed may slow down.
• The cost is higher. Lower-speed packages often start off at around $20 to $30 per month, but the ones they advertise with the great data rates can easily run you $100 a month or more.

Cable modems can be connected directly to a computer but can also be connected to a router or wireless router just like a DSL modem. Therefore, you can share an Internet connection over a cable modem.

Fiber-Optic Internet

Fiber-optic cable is pretty impressive with the speed and bandwidth it delivers. For nearly all of fiber-optic cable's existence, it's been used mostly for high-speed telecommunications and network backbones. This is because it is much more expensive than copper to install and operate. The cables themselves are pricier, and so is the hardware at the end of the cables.

Technology follows this inevitable path of getting cheaper the longer it exists, and fiber is really starting to embrace its destiny. Some telephone and media companies are now offering fiber-optic Internet connections for home subscribers.

An example of one such option is FiOS, offered by Verizon. It offers Fiber-to-the-Home (FTTH) service, which means that the cables are 100 percent fiber from their data centers to your home. At the time we were writing this book, the fastest speeds offered were 500 Mbps download and 35 Mbps upload. That means you could download a two-hour HD movie in about two minutes. That's ridiculous.

Are there any downsides to a fiber Internet connection? Really only two come to mind. The first is availability. It's still pretty spotty as to where you can get it. The second is price. That great fast connection can cost you about $200 a month.

Satellite

One type of broadband Internet connection that does not get much fanfare is satellite Internet. Satellite Internet is not much like any other type of broadband connection. Instead of a cabled connection, it uses a satellite dish to receive data from an orbiting satellite and relay station that is connected to the Internet. Satellite connections are typically a lot slower than wired broadband connections, often maxing out at around 4 Mbps.

The need for a satellite dish and the reliance on its technology are one of the major drawbacks to satellite Internet. People who own satellite dishes will tell you that there are occasional problems due to weather and satellite alignment. You must keep the satellite dish aimed precisely at the satellite or your signal strength (and thus your connection reliability and speed) will suffer. Plus, cloudy or stormy days can cause interference with the signal, especially if there are high winds that could blow the satellite dish out of alignment. Receivers are typically small satellite dishes (like the ones used for DIRECTV or Dish Network) but can also be portable satellite modems (modems the size of a briefcase) or portable satellite phones.

Another drawback to satellite technology is the delay (also called connection delay), or latency. The delay occurs because of the length of time required to transmit the data and receive a response via the satellite. This delay (between 250 and 350 milliseconds) comes from the time it takes the data to travel the approximately 35,000 kilometers into space and return. To compare it with other types of broadband signals, cable and DSL have a delay between customer and ISP of 10 to 30 milliseconds. With standard web and email traffic, this delay, while slightly annoying, is acceptable. However, with technologies like VoIP and live Internet gaming, the delay is intolerable.

Of course, satellite also has advantages or no one would use it. First, satellite connections are incredibly useful when you are in an area where it's difficult or impossible to run a cable or if your Internet access needs are mobile and cellular data rates just don't cut it.

The second advantage is due to the nature of the connection. This type of connection is called point-to-multipoint because one satellite can provide a signal to a number of receivers simultaneously. It's used in a variety of applications from telecommunications and handheld GPSs to television and radio broadcasts and a host of others.

Here are a few considerations to keep in mind regarding satellite:

Installation can be tricky. When installing a satellite system, you need to ensure that the satellite dish on the ground is pointed at precisely the right spot in the sky. This can be tricky to do if you're not trained, but some have a utility that helps you see how close you are to being right on (you're getting warmer... warmer...).

Line of sight is required. Satellite communications also require line of sight. A tree between you and your orbiting partner will cause problems. Rain and other atmospheric conditions can cause problems as well.

Latency can be a problem. Because of the long distance the message must travel, satellites can be subject to long latency times. While it happens with wired connections, it disproportionately affects satellite transmissions. Have you ever watched a national news channel when a reporter is reporting from some location halfway across the world? The anchor behind the desk will ask a question, and the reporter will nod, and nod, and finally about five excruciating seconds after the anchor has finished speaking, the reporter will start to answer. That's latency.

Most satellite connections are also pretty slow compared to the other broadband methods. Average speed for downloads is often 256 Kbps to 1.5 Mbps, and uploads are in the 128 Kbps to 256 Kbps range. In addition, many providers set thresholds on the amount of data you can download per month. Going over that amount can result in extra charges.

Cellular (Cellular Networking)

The cell phone, once a clunky brick-like status symbol of the well-to-do, is now pervasive in our society. It seems that everyone—from kindergarteners to 80-year-old grandmothers—has a cell. The industry has revolutionized the way people communicate and, some say, contributed to furthering an attention-deficit-disorder-like, instant-gratification-hungry society. In fact, the line between cell phones and computers has blurred significantly with all of the new smartphones on the market. It used to be that the Internet was reserved for “real” computers, but now anyone can be online at almost any time.

Regardless of your feelings about cell phones, whether you are fanatical about checking in every time you visit a local eatery to ensure you're the “mayor” or you long for the good-old days when you could escape your phone because it had a functional radius as long as your cord, you need to understand the basics of cell technology.

Cellular Technical Specifications

For years, there have been two major cell standards used around the world. The Global System for Mobile Communications (GSM) is the most popular, boasting over 1.5 billion users in 210 countries. The other standard is code division multiple access (CDMA), which was developed by Qualcomm and is available only in the United States.

Both are considered 3G (or third-generation) mobile technologies, and each has its advantages. GSM was introduced first, and when CDMA was launched, it was much faster than GSM. GSM eventually caught up, though, and the two now have relatively similar data rates. The biggest issue is that GSM and CDMA are not compatible with each other. Whatever technology you get is based on the provider you sign up with. Sprint and Verizon use CDMA, and AT&T and T-Mobile use GSM. That means that if you have a CMDA phone through Verizon, you can't switch (with that phone) to AT&T. And, your CDMA phone won't work outside the United States.

Now we have 4G technology available, which is the new global standard designed to make 3G obsolete. If you turn on the TV, you can't help but be bombarded with commercials (if you don't fast-forward through them) from cell providers pitching the fastest or widest or whatever-est 4G LTE (Long-Term Evolution) network.

The biggest enhancement in 4G LTE over 3G is speed. Whereas with 3G technology you were limited to about 500 Kbps downloads, some 4G LTE networks will give you download speeds of 10–20 Mbps and upload speeds of 3–10 Mbps. (The theoretical maximum for LTE is 300 Mbps download and 75 Mbps upload.) The range of 4G LTE depends on the tower and obstructions in the way. The optimal cell size is about 3.1 miles (5 km) in rural areas, and you can get reasonable performance for about 19 miles (30 km).

Mobile Hotspots

Many cell phone providers offer network cards (or they incorrectly call them modems) that allow your laptop computer or other non-cellular device to connect to the cellular network (and the Internet) from anywhere you can get a cell signal. This is called a mobile hotspot. Some providers will bundle that service with your normal monthly cell service at no additional charge, while others will charge you an incremental fee. The term you'll hear a lot in connection with this is MiFi. Figure 5.3 shows a Verizon MiFi hotspot.

FIGURE 5.3 MiFi hotspot

A MiFi card such as this allows you to connect up to five Wi-Fi–enabled devices as a MiFi cloud to get Internet access. After you purchase a MiFi device, you first connect it to your laptop via USB cable for activation and setup. Once that step is complete, you can go entirely wireless. MiFi supports Wi-Fi security such as WEP, WPA, and WPA2, which we will talk about later in this chapter.

Table 5.1 summarizes the connection types you have just learned about. In Exercise 5.1, you will scout out the Internet connection options in your area.

TABLE 5.1 Common Internet connection types and speeds

Choosing Internal Network Connections

Along with deciding how your computers will get to the outside world, you need to think about how your computers will communicate with each other on your internal network. The choices you make will depend on the speed you need, distance and security requirements, and cost involved with installation and maintenance. It may also depend some on the abilities of the installer. You may feel comfortable replacing Category 6 cables but not so much when it comes to fiber-optic. Your choices for internal connections can be lumped into two groups: wired and wireless.

Wired Network Connections

Wired connections form the backbone of nearly every network in existence. Even as wireless becomes more popular, the importance of wired connections remains strong. In general, wired networks are faster and more secure than their wireless counterparts.

When it comes to choosing a wired network connection type, you need to think about speed, distance, and cost. Your two choices are unshielded twisted pair (UTP), which is copper, and fiber-optic. You'll run one of the two (or maybe a combination of the two), with UTP being by far the most common choice. The most common configuration when you use either of these is to connect all computers to a central connectivity device, such as a hub or a switch. If you're using a wireless router with some wired ports, that works too.

The first question you need to ask yourself is, “How fast does this network need to be?” For most networks, the 100 Mbps provided by UTP running Fast Ethernet is probably sufficient. If you have higher throughput requirements, then you can start looking into Gigabit Ethernet (1 Gbps) or faster (10 Gbps).

The second question is then, “What is the maximum distance I'll need to run any one cable?” In most office environments, you can configure your network in such a way that 100 meters will get you from any connectivity device to the end user. If you need to go longer than that, you'll definitely need fiber for that connection unless you want to mess with signal repeaters.

As you're thinking about what type of cable you will go with, also consider the hardware you'll need. If you are going to run fiber to the desktop, you'll need fiber network cards, routers, and switches. If you are running UTP, you'll need network cards, routers, and switches with RJ-45 connectors. If you're going to run Gigabit, all of your devices will need to support it.

The third question to ask yourself is, “How big of a deal is security?” Most of the time, the answer lies somewhere between “very” and “extremely”! Copper cable is pretty secure, but it does emit a signal that can be intercepted, meaning people can tap into your transmissions (hence the term wiretap). Fiber-optic cables are immune to wiretapping. Normally this isn't a big deal because copper cables don't exactly broadcast your data all over as a wireless connection does. But if security is of the utmost concern, then fiber is the way to go.

Fourth, “Is there a lot of electrical interference in the area?” Transmissions across a copper cable can be ravaged by the effects of electromagnetic interference (EMI), which is interference from objects like motors, power cables, and fluorescent lights. Fiber is immune to those effects.

Finally, ask yourself about cost. Fiber cables and hardware are more expensive than their copper counterparts. Table 5.2 summarizes your cable choices and provides characteristics of each.

TABLE 5.2 Cable types and characteristics

Fiber-optic cabling has some obvious advantages over copper, but as you can see it may be prohibitively expensive to run fiber to the desktop. What a lot of organizations will do is use fiber sparingly, where it is needed the most, and then run copper to the desktop. Fiber will be used in the server room and perhaps between floors of a building as well as any place where a very long cable run is needed.

Wireless Network Connections

People love wireless networks for one major reason: convenience. Wireless connections enable a sense of freedom in users. They're not stuck to their desk; they can work from anywhere! (I'm not sure if this is actually a good thing.) Wireless isn't as fast and it tends to be a bit more expensive than wired copper networks, but the convenience factor far outweighs the others.

Wireless LAN (WLAN)

When thinking about using wireless for network communications, the only real technology option available today is IEEE 802.11. Bluetooth and infrared (which I'll cover in just a bit) can help mobile devices communicate, but they aren't designed for full wireless LAN (WLAN) use. Your choice becomes which 802.11 standard you want to use. Table 5.3 summarizes your options.

TABLE 5.3 802.11 standards

So how do you choose which one is right for your situation? You can apply the same thinking you would for a wired network in that you need to consider speed, distance, security, and cost. Generally speaking, though, with wireless it's best to start with the most robust technology and work your way backward.

Security concerns on wireless networks are similar regardless of your choice. You're broadcasting network signals through air; there will be some security concerns. It really comes down to speed and cost.

In today's environment it's almost silly to consider 802.11a or 802.11b. Deciding that you are going to install an 802.11b network from the ground up at this point is a bit like saying you are going to build a mud house. You could, but why?

That brings you to your most likely choices: 802.11n and 802.11ac. Devices are plentiful and are backward compatible with the previous versions. (You will see some products branded as 802.11g/n, which means they support both standards.) It will come down to cost. In Exercise 5.2, you will go shopping for Wi-Fi gear to understand the cost differences.

Bluetooth

Bluetooth is not designed to be a WLAN but rather a wireless personal area network (WPAN). In other words, it's not the right technology to use if you want to set up a wireless network for your office. It is, however, a great technology to use if you have wireless devices that you want your computer to be able to communicate with. Examples include smartphones, mice, keyboards, headsets, and printers.

Nearly every laptop comes with built-in Wi-Fi capabilities, but they don't necessarily come Bluetooth enabled. To use Bluetooth devices, you will need to add an adapter, such as the one shown in Figure 5.4.

FIGURE 5.4 Bluetooth USB adapter

Bluetooth devices can belong to one of three classes. Most mobile Bluetooth devices are Class 2 devices, which have a maximum range of 10 meters.

One of the unusual features of Bluetooth networks is their temporary nature. With Wi-Fi, you need a central communication point, such as a wireless access point or router. Bluetooth networks are formed on an ad hoc basis, meaning that whenever two Bluetooth devices get close enough to each other, they can communicate directly with each other. This dynamically created network is called a piconet. A Bluetooth-enabled device can communicate with up to seven other devices in one piconet.

Infrared

Infrared waves have been around since the beginning of time. They are longer than light waves but shorter than microwaves. The most common use of infrared technology is the television remote control, although infrared is also used in night-vision goggles and medical and scientific imaging.

In 1993 the Infrared Data Association (IrDA) was formed as a technical consortium to support “interoperable, low-cost infrared data interconnection standards that support a walk-up, point-to-point user model.” The key terms here are walk-up and point-to-point, meaning you need to be at very close range to use infrared, and it's designed for one-to-one communication. Infrared requires line of sight, and generally speaking, the two devices need to be pointed at each other to work. If you point your remote away from the television, how well does it work?

Some laptops and mobile devices have a built-in infrared port, which is a small, dark square of plastic, usually black or dark maroon. For easy access, infrared ports are located on the front or side of devices that have them. Figure 5.5 shows an example of an infrared port.

FIGURE 5.5 Infrared port

Current IrDA specifications allow transmission of data up to 1 Gbps, and IrDA claims that 5 Gbps and 10 Gbps standards are being worked on. Because infrared does not use radio waves, there are no concerns of interference or signal conflicts. Atmospheric conditions can play a role in disrupting infrared waves, but considering that the maximum functional range of an IrDA device is about 1 meter, weather is not likely to cause you any problems.

Security is not much of an issue with infrared. The maximum range is about 1 meter with an angle of about 30 degrees, and the signal does not go through walls, so hacking prospects are limited. If someone is making an attempt to intercept an infrared signal, it's going to be pretty obvious. The data is directional, and you choose when and where to send it.

Comparing and Contrasting Data Connections

After all of that material on which network connections to choose, I hope you feel much more knowledgeable about the options available to you. The most popular way to set up a home or small office network today is to pick DSL or cable as your broadband connection and then run wireless inside your home or office. Mobile devices can easily participate on wireless networks, and then they can use cellular service when you're not in range of your wireless router.

The CompTIA IT Fundamentals exam objectives ask you to compare and contrast cellular, wireless, and wired data connections on seven different attributes. The fact that there are several different types of wired and wireless connections could complicate things, but in general, it's safe to assume that you'll need to compare 4G LTE cellular, Wi-Fi (802.11), and twisted-pair connections. I talked about several of their attributes in the previous sections, but it will be good to summarize them here all in one place:

Mobility Cellular clearly wins here, since you can take your phone almost anywhere you want. Once you're out of the range of one cell tower, you will be handed off to the next one automatically. Wi-Fi has good mobility; at least it lets you untether from your desk. With a wired connection, you're pretty much limited to the length of your leash.

Availability and Reliability These are two different objectives, but the answers are really the same for all three types of networks. Wired networks will be the best in these two areas, simply because you're directly connected and not usually worried about interference. Cellular and wireless networks will have lower availability and reliability than wired networks. For the most part, cellular networks perform well on both attributes. If they didn't, they would lose customers. It depends on the carrier, though. Everyone knows of a dead spot where their mobile phone just refuses to work. Wireless networks are probably the lowest on these two attributes, because it's you and me managing them as opposed to an organization that's worried about losing money.

Throughput/Bandwidth This one is easy. Wired networks are the best, followed by wireless, and then cellular.

Connection Delay Here too, wired networks are the king. Electricity on the wire travels a lot faster than radio waves. Wireless networks are second, because you're sending the signal no more than a few hundred feet, at most. Cellular signals have to go to a tower that could be several miles away, so they have the most delay.

Number of Concurrent Connections On this one, both wired networks and cellular networks score high. Wired networks, if configured properly, can easily support thousands of users, and in most cases thousands of users are in range of a single cell tower. Wireless networking falls behind here. For an 802.11n network, you should really limit it to no more than 30–40 users per access point, and 802.11ac networks should be limited to 90–100 users per access point.

Levels of Security For security, I need to make the assumption that everything is configured properly. That might be a big assumption, but it's all I can go on. Wired networks will be the best, simply because you're not throwing your signals into the air. Wi-Fi will be second best, because if nothing else the range is far more limited than cellular. Cell networks do use encryption, but the fact remains that you could be sending a signal several miles through the air, which means it has a higher likelihood of being intercepted.

Network Connectivity Essentials

The ultimate goal of this chapter is to teach you how to successfully set up your own SOHO network. Sure, the objectives say you need to set up a router, but that more than implies that you're setting up a network. In order to do it right and really understand what you're doing, it's important to know some critical details. After all, there's a difference between plugging in a box and having it work and being able to make it work if things don't quite go smoothly.

In the first section of this chapter, you learned how to physically connect your computers to the Internet, as well as to each other via cables or wireless connections. That's the first part. But now that they're connected to each other, how do they communicate? That's just as important, and that's what I'll cover here in the second part.

The “how” is by using a protocol. Specifically, this section will teach you the basics of TCP/IP, which is the language that most computers speak when they talk to each other on a network.

Networking Protocol Basics

Networking protocols are a lot like human languages in that they are the language that computers speak when talking to each other. Technically speaking, a protocol is a set of rules that govern communications. If computers don't speak the same language, they won't be able to talk to each other. To complicate matters, there are dozens of different languages that computers can use. Just like humans, computers can understand and use multiple languages. Imagine you are on the street and someone comes up to you and speaks in Spanish. If you know Spanish, you will likely reply in kind. It doesn't matter if both of you know English as well because you've already established that you can communicate. On the other hand, it's going to be a pretty quick conversation if you don't know Spanish. This same concept applies to computers that are trying to communicate. They must have a network protocol in common in order for the conversation to be successful.

Throughout the years, hundreds of network protocols have been developed. As the advent of networking exploded, various companies developed their own networking hardware, software, and proprietary protocols. Although a few achieved long-term success, most have faded into oblivion. The one protocol suite that has sustained is TCP/IP. While it has some structural plusses such as its modularity, it didn't necessarily succeed because it was inherently superior to other protocols. It succeeded because it is the protocol of the Internet.

This is why I focus on TCP/IP. It is the protocol used on the Internet, but it's also the protocol used by the vast majority of home and business networks today. I'll start by taking a quick look at the history of TCP/IP, the model on which it's based, and a few of the common protocols you'll hear about. Then, I'll spend some time on IP addressing, which is essential for proper communication. Entire books have been written on TCP/IP—there's no way I could cover it entirely in one chapter. Instead, I'll give you the foundation you need to understand it well and set up your own network.

TCP/IP Essentials

Every computer protocol that's created needs to accomplish a specific set of tasks for communication to be successful. To give some structure to these tasks, theoretical networking models were developed in the 1970s. TCP/IP's structure is based on a model created by the United States Department of Defense: the Department of Defense (DoD) model. The DoD model has four layers that specify the tasks that need to happen: Process/Application, Host-to-Host, Internet, and Network Access.

The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is based on the DoD's theoretical model. While the protocol suite is named after two of its hardest working protocols, Transmission Control Protocol (TCP) and Internet Protocol (IP), TCP/IP actually contains dozens of protocols working together to help computers communicate with one another. Figure 5.6 shows the DoD model's four layers and the TCP/IP protocols that correspond to those layers.

FIGURE 5.6 TCP/IP protocol suite

Think of TCP/IP as a puzzle. You need one item from each layer to make the puzzle fit together. The majority of TCP/IP protocols are located at the Process/Application layer. You might already be familiar with a few of these, such as Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP).

At the Host-to-Host layer, there are only two protocols: TCP and User Datagram Protocol (UDP). Most applications will use one or the other to transmit data, although some can use both but will do so for different tasks.

The most important protocol at the Internet layer is IP. This is the backbone of TCP/IP. Other protocols at this layer work in conjunction with IP, such as Internet Control Message Protocol (ICMP) and Address Resolution Protocol (ARP).

You'll notice that the Network Access layer doesn't have any protocols per se. This layer describes the type of network access method you are using, such as Ethernet, Token Ring, Wi-Fi, or others.

Understanding IP Addressing

To communicate on a TCP/IP network, each device needs to have a unique address, which is called an IP address. Any device with an IP address is referred to as a host. This can include servers, workstations, printers, and routers. If you can assign it an IP address, it's a host.

An IP address is a 32-bit hierarchical address that identifies a host on the network. It's typically written in dotted-decimal notation, such as 192.168.10.55. Each of the numbers in this example represents 8 bits (or 1 byte) of the address, also known as an octet. The same address written in binary (how the computer thinks about it) would be 11000000 10101000 00001010 00110111. As you can see, the dotted-decimal version is a much more convenient way to write these numbers!

The addresses are said to be hierarchical, as opposed to “flat,” because the numbers at the beginning of the address identify groups of computers that belong to the same network. Because of the hierarchical address structure, we're able to do really cool things like route packets between local networks and on the Internet.

A great example of hierarchical addressing is your street address. Let's say that you live in apartment 4B on 123 Main Street, Anytown, Kansas, USA. If someone sent you a letter via snail mail, the hierarchy of your address would help the postal service and carrier deliver it to the right place. First and broadest is USA. Kansas helps narrow it down a bit, and Anytown narrows it down more. Eventually they get to your street, the right number on your street, and then the right apartment. If the address space were flat (for example, Kansas didn't mean anything more specific than Main Street), or you could name your state anything you wanted to, it would be really hard to get the letter to the right spot.

Take this analogy back to IP addresses. They're set up to logically organize networks to make delivery between them possible and then to identify an individual node within a network. If this structure weren't in place, a huge, multinetwork space like the Internet wouldn't be possible. It would simply be too unwieldy to manage.

Each IP address is made up of two components: the network ID and the host ID. The network portion of the address always comes before the host portion. Because of the way IP addresses are structured, the network portion does not have to be a specific fixed length. In other words, some computers will use 8 of the 32 bits for the network portion and the other 24 for the host portion, while other computers might use 24 bits for the network portion and the remaining 8 bits for the host portion. Here are a few rules you should know about when working with IP addresses:

• All host addresses on a network must be unique.
• On a routed network (such as the Internet), all network addresses must be unique as well.
• Neither the network ID nor the host ID can be set to all 0s. A host ID portion of all 0s means “this network.”
• Neither the network ID nor the host ID can be set to all 1s. A host ID portion of all 1s means “all hosts on this network,” commonly known as a broadcast address.

Computers are able to differentiate where the network ID ends and the host address begins through the use of a subnet mask. This is a value written just like an IP address and may look something like 255.255.255.0. Any bit that is set to a 1 in the subnet mask makes the corresponding bit in the IP address part of the network ID. The rest will be the host ID. The number 255 is the highest number you will ever see in IP addressing, and it means that all bits in the octet are set to 1.

Here's an example based on two numbers I have used in this chapter. Look at the IP address of 192.168.10.55. Assume that the subnet mask in use with this address is 255.255.255.0. This indicates that the first three octets are the network portion of the address and the last octet is the host portion. Said another way, the network ID is 192.168.10, and the unique host ID is 55.

All of this is important to know because it governs how computers communicate. If a computer wants to send a message to another computer on the same network, it just spits the message out on the wire (or wireless) and the other computer receives it. If the destination is on a different network (as determined by the network address), then the router comes into play. The sender will forward the message to the router to send to the destination. In this case, your router is called a default gateway. It's basically the door from your network to the outside world.

DHCP and DNS

Two critical TCP/IP services you need to be aware of are Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). Both are services that are typically installed on a server (or in the case of DHCP, a router) and both provide key functionality to network clients. I'll talk about them now because they're important components of TCP/IP, and you will see them come up when you configure your router.

DHCP servers can be configured to automatically provide IP configuration information to clients. The following configuration information is typically provided:

• IP address
• Subnet mask
• Default gateway
• DNS server address

DHCP servers can provide a lot more than the items on this list, but those are the most common.

The alternative to DHCP is for an administrator to enter in the IP configuration information manually on each host. This is called static IP addressing and is administratively intensive as compared to DHCP's dynamic addressing.

DNS has one function on the network, and that is to resolve hostnames to IP addresses. This sounds simple enough, but it has profound implications.

Think about using the Internet. You open your browser, and in the address bar you type the name of your favorite website, something like www.google.com, and press Enter. The first question your computer asks is, “Who is that?” (Remember, computers understand only 0s and 1s.) Your machine requires an IP address to connect to the website. The DNS server provides the answer, “That is 72.14.205.104.” Now that your computer knows the address of the website you want, it's able to traverse the Internet to find it.

Think about the implications of that for just a minute. We all probably use Google several times a day, but in all honesty how many of us know its IP address? It's certainly not something we are likely to have memorized. Much less, how could you possibly memorize the IP addresses of all of the websites you visit? Because of DNS, it's easy to find resources. Whether you want to find Coca-Cola, Toyota, Amazon.com, or thousands of other companies, it's usually pretty easy to figure out how. Type in the name with a .com on the end of it and you're usually right. The only reason this is successful is that DNS is there to perform resolution of that name to the corresponding IP address.

DNS works the same way on an intranet (a local network not attached to the Internet) as it does on the Internet. The only difference is that instead of helping you find www.google.com, it may help you find Jenny's print server or Joe's file server. From a client-side perspective, all you need to do is configure the host with the address of a legitimate DNS server and you should be good to go.

Automatic Private IP Addressing

Automatic Private IP Addressing (APIPA) is a TCP/IP standard used to automatically configure IP-based hosts that are unable to reach a DHCP server. APIPA addresses are in the 169.254.0.0 range with a subnet mask of 255.255.0.0. If you see a computer that has an IP address beginning with 169.254, you know that it has configured itself. If this is the case, that computer will not be able to get on the Internet.

Typically the only time you will see this is when a computer is supposed to receive configuration information from a DHCP server but for some reason that server is unavailable. Even while configured with this address, the client will continue to search for a DHCP server so it can be given a real address once the server becomes available. In Exercise 5.3, you will find your computer's IP configuration information.

Public vs. Private IP Addresses

All of the addresses that are used on the Internet are called public IP addresses. They must be purchased, and only one computer can use any given public address at one time. A problem quickly arose—the world was running out of public IP addresses while the use of TCP/IP was growing. Additionally, the structure of IP addressing made it impossible to “create” or add any new addresses to the system.

To address this, a solution was devised to allow for the use of TCP/IP without requiring the assignment of a public address—private IP addresses. Private addresses are not routable on the Internet (meaning, they won't work on the Internet). They were intended to be used on private networks only. Because they weren't intended to be used on the Internet, it freed us from the requirement that all addresses be globally unique. This essentially created an infinite number of IP addresses that companies could use within their own network walls. Table 5.4 shows what the private IP address ranges are.

TABLE 5.4 Private IP address ranges

When you did Exercise 5.3, if you were on a corporate network or even on your home network, I'd give it about a 90 percent probability that your IP address was in one of those ranges. And, you can likely get on the Internet right now. So what's going on here?

The fact is that private addresses cannot be used on the Internet and cannot be routed externally. However, your router (that gateway to the Internet) has a capability called Network Address Translation (NAT) that was created to address this problem. NAT runs on your router and handles the translation of private, nonroutable IP addresses into public IP addresses.

This is how it works: You or your network administrator sets up a NAT-enabled router, such as a wireless router, which functions as the default gateway to the Internet. The external interface of the router has a public IP address assigned to it that has been provided by the ISP, such as 155.120.100.1. The internal interface of the router will have an administrator-assigned private IP address within one of these ranges, such as 192.168.1.1. All computers on the internal network will then also need to be on the 192.168.1.0 network. To the outside world, any request coming from the internal network will appear to come from 155.120.100.1. The NAT router translates all incoming packets and sends them to the appropriate client. This type of setup is very common today.

So that's why when you look at your own computer, which probably has an address in a private range, you can still get on the Internet. The NAT router technically makes the Internet request on your computer's behalf, and the NAT router is using a public IP address.

Setting Up a SOHO Router

Finally, the part you have been waiting for! This is the section where I will show you how to configure a router for your SOHO network. The exam objectives mention wired/wireless routers, because most of the routers you buy today for SOHO use are wireless but have around four wired ports as well. Plugging your computer into one of those ports makes you wired, but you still use the router to get to the Internet as a wireless client would.

Each wireless router manufacturer uses different software, but you can usually configure their parameters with the built-in, web-based configuration utility that's included with the product. While the software is convenient, you still need to know which options to configure and how those configurations will affect users on your networks. The items that require configuration depend on the choices you make about your wireless network. I will divide this part into three sections: basic configuration, security options, and additional services.

Basic Configuration

The Wi-Fi Alliance (www.wi-fi.org) is the authoritative expert in the field of wireless LANs. It lists five critical steps to setting up a secured wireless router:

1. Change the router's SSID.
2. Change the administrator username and password. Make sure it's a strong password.
3. Enable WPA2 Personal with AES encryption.
4. Choose a high-quality security passphrase.
5. From the clients, select WPA2 and enter the security passphrase to connect.

This list has a few new acronyms in it, and I'll get to what each of those means in just a minute. The CompTIA IT Fundamentals exam objectives cover those five crucial steps (in slightly different words) and also list a few additional items you need to do for basic router setup and configuration:

• Verify wired connection, if applicable
• Connect to the new network
• Verify Internet connectivity
• Update firmware if necessary

I will cover each of those steps here. To do that, I am going to walk you through the setup of a Linksys EA3500 wireless router, because that's what I have. Its setup will be pretty similar to other routers on the market. A prerequisite step I have already taken is to get DSL set up through my phone provider, so I have my DSL modem ready to go. (Of course, you could use a cable modem or other broadband connection as well.)

The Linksys router comes with a setup CD. I put it in my CD-ROM drive and let it automatically run the setup program. Now, you get a guided tour of setup.

Step 1: Accept the License Agreement

As you will recall from reading in Chapter 4, “Software Applications,” this is a nonnegotiable step. If you want to use their product, check the box and click Next. The screen is shown in Figure 5.8. There's no sense in fighting the system here, so I checked the box and clicked Next.

FIGURE 5.8 Router setup initial screen

Step 2: Connect the Router

This step corresponds to the “verify wired connection, if applicable” test objective. I am trying to set up a connection to the Internet, so this step is applicable. The screen showing you what to do is shown in Figure 5.9, and it gives you a pretty good explanation of what to do: plug the router into an outlet, and connect a network cable between the router and the modem. After verifying my connection, I dutifully clicked Next.

From here, your computer will look for the router to begin setting it up, as shown in Figure 5.10.

FIGURE 5.9 Verify wired connection.

FIGURE 5.10 Connecting to the router

Sometimes after running for a few minutes, your computer will return an error message that it couldn't find the router, as you can see in Figure 5.11. If this happens to you, you can try a few troubleshooting steps. Of course, the first step is to check the easy stuff: make sure that your computer is near the router, your wireless is enabled, and the router is powered on. Then click Next and try it again. If it still doesn't detect your router, the best course of action is to plug in a network cable from your computer to your router and try again. Sometimes these things can be a little finicky.

FIGURE 5.11 Error message: Can't find router

Step 3: Finish Basic Configuration

The setup process will continue and eventually finish, giving you a screen similar to the one in Figure 5.12.

It's important to notice a few things here. First, your router is operational at this point. Second, the important settings are all defaults, meaning that your network name and password are so easy to guess that most seven-year-olds could probably hack your network.

FIGURE 5.12 Router is configured.

If you click Next, this particular router asks if you want to create a Linksys Smart Wi-Fi account, as shown in Figure 5.13. It's a good idea to do this, just so you have another way to manage your router. Keep in mind that the account and password you create are not the same as your local router password. You can make them be the same, but that increases your security risk a bit.

FIGURE 5.13 Create a Linksys account.

I chose not to do this, because I already have an account, and clicked Continue. Then, I received the screen in Figure 5.14, warning me that my router is not in fact set up properly because it is unsecured. Check the box and click Continue. You will be asked to sign in to the router, as shown in Figure 5.15. Remember that the password is still the default. In this case, it's admin.

FIGURE 5.14 Your network is not secure.

FIGURE 5.15 Sign in to the router.

Once you're signed in to the router, you will get the main configuration screen like the one in Figure 5.16. Here is where you'll be able to set up the other parameters you need to in order to make your network secure. It doesn't matter in which order you take the next two steps, but both need to be performed for your network to have any security.

FIGURE 5.16 Linksys Smart Wi-Fi configuration screen

Step 4: Secure the Network

The next three parameters you need to configure all happen to be on the same screen in this configuration utility. To get to it, I clicked the Wireless option in the left navigation area (Figure 5.17).

The three parameters you're looking for here (which correspond to test objectives and are smart to configure in real life) are these:

• Change SSID from default
• Set security (WEP versus WPA versus WPA2)
• Apply a new wireless password

FIGURE 5.17 Wireless configuration

The parameter that you will configure first is the Service Set Identifier (SSID), which is your wireless network name. An SSID is a unique name given to the wireless network. All hardware that is to participate on the network must be configured to use the same SSID. When you are connecting clients to a wireless network, all available wireless networks will be listed by their SSIDs. As you saw in Figure 5.16, the default network name was Linksys03451. You need to change the default to something more memorable.

The second option you need to configure is the security mode. You can see in Figure 5.17 that I chose WPA2 Personal. WPA2 is the best of the options and I'll tell you why in the “Wireless Router Security” section. The third critical option on this page is the wireless password (it just says Password in Figure 5.17.) This is the password that clients will need to enter to join your network. It should be something that's not too easy to guess; otherwise you defeat the purpose of setting up security in the first place. Whether you as the admin type it into the client computers or you tell your users what to type in is up to you. Obviously, the former is more secure and makes it harder for people to set up devices on your wireless network that are unknown to you.

Once you've finished configuring these options, you can click Apply to save the changes and leave the screen open, or click OK to save the changes and close the screen.

Step 5: Change the Administrator Password and Update Firmware

The password I configured in step 4 was for the clients to join. My router still has the default password of admin, and this is a huge security issue. By clicking the Connectivity option on the left, I got the screen shown in Figure 5.18.

FIGURE 5.18 Connectivity options

You'll notice that I can also configure my wireless network name and password here, and they are displayed for me. The administrator password is under the section Router Password. Give your router a very strong password. For the love of all that's secure in this world, please make it different than the network password!

This screen also lets me configure my time zone and update the router's firmware. I checked the box for it to update automatically, which is a good option. I could also click Check For Updates if I wanted to manually update the firmware.

Step 6: Connect to the Network and Verify Internet Connectivity

Having a wireless router with no clients is like having a port with no ships. The reason the first exists is to support the second! To connect your wireless clients to the router, you need the network password. Here are two examples of how to connect a wireless client to the router.

Windows clients will likely have an icon in their System tray (next to the clock) that looks like cell phone signal strength bars. Clicking that will open the Wireless Network Connection window (Figure 5.19). You can also get there by going to Control Panel Network And Internet and selecting Connect To A Network.

FIGURE 5.19 Wireless Network Connection window

To connect to a network, click it in the list. A Connect button will appear under it. Click that button, and you will be asked for the network password. Enter the correct password and you will connect.

Mobile clients will follow a similar procedure. On an iPhone, go to Settings Wi-Fi and you will have a list of available networks like the one in Figure 5.20. You can see which ones are secured because they have a padlock icon next to their signal strength indicator. Tap the network you want to join, enter the password, and you should connect.

FIGURE 5.20 Wireless networks on an iPhone

Once you are connected to the network, verify Internet connectivity. Do this by opening the browser of your choice and seeing if you can get to a website such as www.google.com.

Wireless Router Security

By their very nature, wireless routers are less secure than their wired counterparts. The fact that their signals travel through air makes them a little harder to contain. Here I'll review a few things you can do to increase the security of your wireless installation. Specifically, you can implement the following:

• Wireless encryption
• Disabling SSID broadcasts
• MAC filtering

Wireless Encryption Methods

The growth of wireless systems has created several opportunities for attackers. These systems are relatively new, they use well-established communications mechanisms, and they're easily intercepted. Wi-Fi routers use SSIDs to allow communications with a specific access point. Because by default wireless routers will broadcast their SSID, all someone with a wireless client needs to do is search for an available signal. If it's not secured, they can connect within a few seconds.

The most effective way of securing your network is to use one of the several encryption methods available. Examples of these are WEP, WPA, and WPA2.

WEP

Wired Equivalency Protocol (WEP) was one of the first security standards for wireless devices. WEP encrypts data to provide data security. It uses a static key (password); the client needs to know the right key to gain communication through a WEP-enabled device. The keys are commonly 10, 26, or 58 hexadecimal characters long.

The protocol has always been under scrutiny for not being as secure as initially intended. WEP is vulnerable due to the nature of static keys and weaknesses in the encryption algorithms. These weaknesses allow the algorithm to potentially be cracked in a very short amount of time—no more than two or three minutes. This makes WEP one of the more vulnerable protocols available for security.

Because of security weaknesses and the availability of newer protocols, WEP is not used widely. It's still better than nothing, though, and it does an adequate job of keeping casual snoops at bay. But if you have any other options, it's best to avoid WEP.

WPA

Wi-Fi Protected Access (WPA) is an improvement on WEP that was first available in 1999 but did not see widespread acceptance until around 2003. Once it became widely available, the Wi-Fi Alliance recommended that networks no longer use WEP in favor of WPA.

This standard was the first to implement some of the features defined in the IEEE 802.11i security specification. Most notable among them was the use of the Temporal Key Integrity Protocol (TKIP). Whereas WEP used a static 40- or 128-bit key, TKIP uses a 128-bit dynamic per-packet key. It generates a new key for each packet sent. WPA also introduced message integrity checking.

When WPA was introduced to the market, it was intended to be a temporary solution to wireless security. The provisions of 802.11i had already been drafted, and a standard that employed all of the security recommendations was in development. The upgraded standard would eventually be known as WPA2.

WPA2

Even though their names might make you assume that WPA and WPA2 are very similar, they are quite different in structure. Wi-Fi Protected Access 2 (WPA2) is a huge improvement over WEP and WPA. As mentioned earlier, it implements all of the required elements of the 802.11i security standard. Most notably, it uses Counter Mode CBC-MAC Protocol (CCMP), which is a protocol based on the Advanced Encryption Standard (AES) security algorithm. CCMP was created to address the shortcomings of TKIP, so consequently it's much stronger than TKIP.

Since 2006, wireless devices have been required to support WPA2 to be certified as Wi-Fi compliant. Of the wireless security options available today, it provides the strongest encryption and data protection.

Other Security Options

Setting up Wi-Fi encryption is the best thing you can do. There are two other options as well, but neither is truly secure. They will do a decent job of thwarting casual amateur hackers, but real hackers will defeat these next two measures very quickly.

Disabling SSID Broadcasts

Disabling the SSID broadcast makes it a little harder to find your network—not impossible, just harder. (Figure 5.17 shows you where to disable this on the example router.) Casual hackers won't be able to “see” your network, but someone with a wireless packet sniffer could still detect your network transmissions and attempt to hack in. The only downside to disabling your SSID broadcast is that the SSID won't appear on the network list for your legitimate clients. You will have to configure client computers manually with the network name.

MAC Address Filtering

The last one to look at is MAC filtering. The Media Access Control (MAC) address is the unique hardware address associated with every network adapter. All NICs, wired or wireless, have a unique MAC address. By enabling MAC filtering, you can limit the computers that have access to your network.

On my sample router, the MAC filter is in the Wireless configuration under the MAC Filtering tab (Figure 5.21). You check the Enabled box, choose to deny or allow those on the list, and then click Add MAC Address to enter your MAC addresses.

FIGURE 5.21 MAC filtering

As with most other security options, MAC filtering isn't totally foolproof either. If a hacker wanted to badly enough, they could spoof a MAC address of one of your wireless clients and get access.

Additional Wireless Router Services

Wireless routers offer many more services than I've been able to cover to this point, and most of them are out of the scope of IT Fundamentals exam training. Still, there are a few items covered earlier in this book that I want to cover while on the subject.

Guest Access

Clients who access your wireless network can see other clients on the network and access their resources that are shared. (Chapter 6, “Network Sharing and Storage,” covers this in depth.) If you have clients who need Internet access but you don't want them to see the rest of the network, you can let them on as guests.

Guest clients will need to know the SSID of your guest network as well as the password. Of course, make sure this password is different than the other ones you have configured so far. Figure 5.22 shows the guest network configuration on my router.

FIGURE 5.22 Guest network configuration

DHCP

Earlier in this chapter I talked about DHCP and how it automatically configures your clients with IP addresses. This router has it enabled (Figure 5.23), and you can see some of the configuration options. For the most part, you won't need to change any of these, unless perhaps you want to allow more than the default of 50 clients onto your network. Odds are if you have that many clients, you will need a second wireless access point to handle the traffic.

NAT

If you'll recall, Network Address Translation allows you to use a private IP address internally but still get to the Internet. Figure 5.23 showed you the DHCP range for this router, which is a private range. You might assume that means NAT is enabled on this router, and sure enough it is. Figure 5.24 shows that the NAT box is checked.

FIGURE 5.23 DHCP configuration

FIGURE 5.24 NAT enabled

Firewall

I talked about software firewalls in Chapter 4, “Software Applications.” A router is often used as a hardware firewall to protect several computers. Figure 5.25 shows you the Security section of the router's configuration, which allows you to set up your firewall rules.

FIGURE 5.25 Firewall settings

On these three security tabs, you can set an Internet access policy and block protocols such as HTTP, FTP, and others. You can also block websites by URL and limit Internet access times by using the Parental Controls feature.

Summary

This chapter was the first in-depth discussion of networking concepts in this book. You started off by learning about connection types and features of each. For example, external connections to the Internet are generally broadband today, and the most popular choices are DSL and cable Internet. For internal networking, you have two primary choices: wired and wireless. Wireless networking really means Wi-Fi, which is based on the IEEE 802.11 standard. Other wireless connection types include Bluetooth and infrared, but those are specialized connection types not intended for full-scale networking.

Next, you compared and contrasted wired, wireless, and cellular connections on several vectors: mobility, availability, reliability, throughput/bandwidth, delay, number of concurrent connections, and security. Generally speaking, wired connections are the most secure and reliable and give you the most bandwidth with the least delay but are also the most constraining from a mobility standpoint.

The next topic was network communication basics. You learned about protocols and in particular the most important protocol used today, TCP/IP. You learned about IP addresses, subnet masks, and default gateways. In addition, you learned what DHCP and DNS do for you, as well as about private addresses, NAT, and APIPA.

This chapter finished with a detailed look at how to set up a wireless/wired router. Important facets included changing the SSID, setting up the best security possible, and making sure clients can access the Internet.

Exam Essentials

Understand what the common options are for Internet access. Options include dial-up, DSL, cable modems, fiber-optic Internet, satellite, and cellular.

Know the two types of internal network connections and pros and cons of each. The two choices are wired and wireless. Wired is more secure and faster, but wireless is popular because of its vastly superior mobility.

Understand how to compare wired, wireless, and cellular connections in regard to mobility, availability, reliability, throughput, delay, concurrent users, and security. In general, wired connections are less mobile but more available and reliable, and they have greater throughput, lower delay, a larger number of users, and better security. Cellular has the best mobility but the lowest throughput, the worst security, and the highest delay.

Know which IP configuration options are required. To communicate on a network, every host needs an IP address and a subnet mask. If you want to get on the Internet, you also need a default gateway (such as a wireless router).

Understand what DHCP and DNS do for you. DHCP automatically assigns TCP/IP configuration information to clients. DNS resolves user-friendly hostnames such as www.google.com to an IP address.

Know the best wireless security options. WPA2 is the best, followed by WPA, and as a minimum, WEP.

Understand other available security options. You should not rely on these methods to protect you from hackers, but you can also disable SSID broadcasts and enable MAC filtering.

Chapter 5 Lab

The Chapter 5 lab has two parts to it. In part 1, you will set up your own secure network. In part 2, you will see how well others around you have done.

Part 1: Setting Up Your Wireless Router

1. Plug in your router per the manufacturer's instructions, and configure the connection to your Internet device (if applicable).
2. Run the setup routine.
3. Set your SSID.
4. Set security to WPA2.
5. Change the wireless password to something that is challenging to guess.
6. Change the administrator password to something that's even harder to guess.
7. Connect your client computer to the network.
8. Verify Internet access.
9. Update the firmware; set the firmware to automatically update if you would like.

Part 2: Testing Your Neighbors

In this part, you will check to see how well your neighbors have set up their wireless networks.

1. Open the list of available networks on your client computer (or mobile device). How many do you see available?

   If you live in a densely populated area, especially an apartment or condominium, you will probably have a really long list of available networks.

2. How many of those networks are unsecured?

   Don't try to connect to neighbors' unsecured networks. One big reason is it's illegal. Another reason is that it could expose your computer to potential threats on that unsecured network.

Review Questions

1. You are configuring a computer to participate on a network. Which of the following are mandatory? (Choose two.)
   1. IP address
   2. Default gateway
   3. DHCP server
   4. Subnet mask
2. Which one of the following types of network connections can give you the highest data transfer rates?
   1. Wired
   2. Cellular
   3. Broadband
   4. Wireless
3. You are configuring a wireless router to let clients get on the Internet while using private IP addresses. In this scenario, which of the following services do you need to make sure is enabled on the router?
   1. DHCP
   2. DNS
   3. NAT
   4. APIPA
4. You have a scenario where you need to disable the guest network on your wireless router. You try to log in, but your password does not work. After several attempts you realize you forgot your password. What can you do?
   1. Use the password reset option in your router configuration utility.
   2. Unplug the router and plug it back in.
   3. Use the default password of admin.
   4. Hold the reset button down for 30 seconds to reset the router.
5. On Monday, you log into your computer at work, but you are not able to access any network resources. You run ipconfig and see that your IP address is 169.254.18.53. What is the most likely cause of the problem?
   1. The DNS server is down.
   2. The DHCP server is down.
   3. The NAT server is down.
   4. Your default gateway is set incorrectly.
6. This question refers to the scenario at the end of the chapter, in “Configuring a Small Office Network.” When connecting client computers to the network, what password do they need to enter?
   1. tpg$2015
   2. 7ygH$2p*
   3. Tx$pr4y2
   4. No password is required.
7. Your friend Maria asks you which of the following are the most secure. What do you tell her?
   1. 802.11n
   2. Infrared
   3. Cellular
   4. UTP
8. Which one of the following addresses is considered a private IP address?
   1. 192.168.100.101
   2. 168.192.100.101
   3. 19.21.68.100
   4. 172.15.100.101
9. Your friend Michael is setting up a wireless network and asks you which security option he should choose to make the network the most secure. What do you suggest?
   1. WEP
   2. WPA
   3. WPA2
   4. NAT
10. Which of the following connectivity options gives you the best mobility?
    1. Cellular
    2. Wireless
    3. Wired
    4. Broadband
11. You need to set up a wireless network. Which standard will give you the highest speed?
    1. 802.11a
    2. 802.11ac
    3. 802.11g
    4. 802.11n
12. Your friend Barbara needs to set up an Internet connection. In this scenario, which of the following options will give her the best speed? (Choose two.)
    1. Cable Internet
    2. DSL
    3. Satellite
    4. Cellular
13. Which one of these connection types has the longest delay?
    1. Wireless
    2. Infrared
    3. Wired
    4. Cellular
14. Of your internal network connection options, which one can provide the fastest speeds?
    1. UTP
    2. Fiber
    3. Infrared
    4. 802.11n
15. You have decided to retire to a remote mountain cabin and write books. You need an Internet connection to send material to your publisher. What is the option most likely to work for you?
    1. DSL
    2. Cable Internet
    3. Dial-up
    4. Satellite
16. You configured a wireless network for your neighbor, and he wants to implement additional security measures beyond the standard wireless encryption. What options does he have? (Choose two.)
    1. Use NAT.
    2. Disable SSID broadcasts.
    3. Enable DHCP.
    4. Use MAC filtering.
17. What command would you use on a Mac to determine your TCP/IP configuration information?
    1. ifconfig
    2. ipconfig
    3. ipinfo
    4. tcpipconfig
18. By definition, what is an SSID?
    1. A wireless network name
    2. A wireless network security protocol
    3. A wireless network security password
    4. A wireless network authentication method
19. When configuring a wireless router, which of the following should you always do? (Choose two.)
    1. Enable DHCP.
    2. Change the SSID.
    3. Change the admin password.
    4. Configure the firewall.
20. This question refers to the scenario at the end of the chapter. Your friend wants the tax prep agents to be able to let their clients connect their wireless devices to the network. Which password should she tell the agents to give to clients?
    1. 7ygH$2p*
    2. tpg$2015
    3. Tx$pr4y2
    4. No password is required.