• Telecommunications Consulting

    Telecommunications Consulting

    Consulting Services from Network Design to Project Management Read More
  • Internetworking Training Experts

    Internetworking Training Experts

    Click on Training and then Courses. Read More
  • Wireshark Experts

    Wireshark Experts

    Packet analysis expertise is critical in today's networks, and being able to use the best packet analyzer application is a skill we can help you and your team attain. Read More
  • Are you a Network Scientist?

    Are you a Network Scientist?

    Online Learning, Instructor Led in person or Web-based delivery. Check out our online school. Read More
  • Online Certification Training

    Online Certification Training

    Find out about our Network Self Certification Program for Rural Service Providers here! Read More
  • IPv6 Experts

    IPv6 Experts

    Along with other Internet regions, ARIN is out of IPv4 Addresses. Are you IPv6 fluent? Are you IPv6 ready? Read More
  • Enabling the IoT with Wireless

    Enabling the IoT with Wireless

    Without wireless, we cannot have the Internet of Things. Read More
  • MPLS Book for iPad and iPhone

    MPLS Book for iPad and iPhone

    Get Mr. Walding's book here! Read More
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

Welcome to CellStream, Inc. - Telecom Consulting and Training!

Welcome to our home on the Internet, where we can not only share information, but also interact with each other. If you are a visitor to the site, there are a number of things to view: our FAQ'sNetworking and Computing Tips, our CellStream Blog, and other fun reading can all be found in the drop down menus above.  The Training menu provides access to our courses, our course calendar, and learning services.  The Consulting Menu provides information on our consulting services and a place to meet our consulting and teaching team.  Registered CellStream folks and our clients will log in using their private credentials to access projects, calendars and discussions.

Thanks for visiting! We always welcome comments and suggestions.

In this article we will show you how to secure your home network in a great way using IP Addressing. By making some simple changes to the way you address the home or small business network, you can easily provide visitors with Internet access, without exposing your own computers, appliances and servers to them. By logically separating visitors from your own devices you greatly reduce the chances of virus infection and loss of personal information.

Section 1: Setting Up WEP - DON’T - WEP IS NOT SECURE – USE WPA2 [or WPA3 when available]

[When this article was originally written, WEP had not been hacked.  We have left the instructions for those of you who have older wireless routers without WPA, as well as historical interest.  The process of using addressing is still valid in Section 2 below.]

Nonetheless, this section provides instruction on setting your WEP (Wired Equivalency Privacy) keys to lock down your wireless router. This should be mandatory for everyone that owns a wireless router.

You will want visitors to be able to use your network from time to time, so you must provide that key or password. So further protection is discussed in Section 2.

Your wireless router will connect to any Wi-Fi device when it comes out of the box. This is great to get started, but you don't want anyone just pulling up to your home or small business using the Internet you pay for. Also, you definitely don't want anyone attacking your computers or Internet appliances like gaming, iPods, and other devices. The solution to this is create an encrypted environment where messages between your wireless router and anything using the wireless are encoded with secret keys.

Because encryption is so important to network security, manufacturers build it into many wireless routers and AP’s (access points). Two popular encryption standards are WEP (Wired Equivalency Privacy) and WPA (Wi-Fi Protected Access); your AP may support one or the other, or both. We’ll show you how to set up the older (but still serviceable) WEP encryption.It’s worth noting that wireless adapters that don’t support your AP’s encryption standard (WEP or WPA) can’t connect to your network. If you buy a new AP for an old network, you may need to upgrade some components to take advantage of the AP’s best encryption.

WEP uses a key (a string of characters) to encrypt your vulnerable data. For example, your AP uses the key to encrypt the data before it’s released into the air. When your adapter receives the data, it uses that same key to decrypt the data. Only your devices know the key, which means that a hacker can’t break into the network until he determines the key. Of course, hackers have programs that attempt to crack the key, which is why you’ll want to change your key on a regular basis. If you set a key when you first install your AP and then ignore it, you’re ensuring that any hacker who manages to crack the key has access for an unlimited amount of time.

When you enable WEP for your network, you can most likely choose between 64-bit and 128-bit encryption. The key makes up 40 and 104 bits, respectively, and each key has a 24-bit code (hence 64-bit and 128-bit encryption). Choose the latter to provide the strongest defense. That said, you can’t expect 128-bit strength to completely protect you, as some cracking techniques can crack either standard over the course of a few hours. Think of WEP as latches on your home’s windows: they prevent average snoops from climbing into your home, but a skilled criminal is going to find a way to enter your house.

Keep in mind that WEP encryption may slow your network a little. If you find that 128-bit encryption has a large impact on network performance you may need to back down to 64-bit encryption.

To determine whether you are attempting to connect to a WEP-protected network, check your PC wireless adapter’s network utility or open Windows’ Wireless Network Connection feature (you’ll find the icon in your System Tray when your wireless adapter is active). The Windows Wireless Network Connection lists available networks and uses a lock symbol to indicate protected networks, but it doesn’t indicate whether the encryption standard you are facing is WEP or WPA.

You can set up your network’s encryption when you first install an AP or router, as well as any time after you’ve completed the network. Keep in mind that as soon as you enable WEP encryption, your PCs and notebooks no longer communicate with your network; you’ll need to supply the key for each device so it can re-enter the network.

The AP’s (or router’s) configuration menu houses your wireless encryption options. Browse your manual to find the device’s IP address (such as 192.168.1.245) and then enter the address in your Internet browser. The configuration menu varies by device and manufacturer, but you probably won’t have much trouble finding the section that handles wireless security; the configuration menus generally aren’t very complicated.

You may need to create your own key. To do this, simply enter random numbers and letters into the appropriate field: letters between A and F, and numbers between 0 and 9. If you use 64-bit encryption, enter 10 characters; if you choose 128-bit encryption, enter 26 characters.
Many of the configuration menus let you enter a passphrase that you can more easily remember. The menu then generates a key based on your password. You can use the password in lieu of the key on other devices from the same manufacturer, but devices from other manufacturers may not support passphrases, so be sure to write down the key, even if you use the pass-phrase feature. In our experience, you can use your passphrase to generate an identical key (to your AP’s key) even with adapters from other manufacturers.

The configuration menu may offer up to four key fields, but you’ll only need to enter one key. If you enter a different key into each field, you’ll find that three of the keys are inactive. Some vendors add those extra fields so you can save time when you come back later to enter a new key: You can simply select one of the other three keys, rather than enter a new key.

Once you enable WEP via your router or AP, you can reconnect the network’s computers to the network. If you want to use Windows’ Wireless Network Connection feature, right-click its icon in your System Tray and then click View Available Wireless Networks. The feature displays any networks that your adapter can reachyou may find many nearby networks if you live in a crowded area. Select your network from the list and then click Connect. Next, you’ll need to supply the WEP key. The feature then lets your computer connect to the WEP-encrypted network.

Many adapters include their own wireless networking utilities. If you open your adapter’s utility, you may see a message that asks permission to disable Windows’ Wireless Network Connection. Disable the feature and then use the adapter’s utility to select your network. Enter the wireless key (or passphrase, if the utility supports it). Finally, open your browser (or your Network Connections folder) to make certain you can access the network.

Click Here for the definition of WEP in Wikipedia.

 

Section 2: Segregating Your Network into Two Subnetworks

This section discusses how you can create two subnetworks in your home or business: one for your personal use and one for visitors. This is a great way to prevent access to your personal information and block harmful virus infection from visiting computers and appliances that you cannot control.

The way to separate your home or small business into two logical networks is to use IP addressing. One logical subnetwork will support your personal computers and internet appliances, while the other can be used for visitors.

Subnetting is essentially the modification of a single IP network to create two or more logically visible sub-networks or sub-sections. This is accomplished by changing the network mask (sometimes called the subnet mask) in IP addressing It entails changing the subnet mask of the local network number to produce an even number of smaller network numbers, each with a corresponding range of IP addresses.

While we don't fully explain subnet masks here, you can still do this by following these simple instructions.

Before you continue - one downside is that once you do this, the equipment that is in obe logical subnetwork cannot communicate directly with the other subnetwork (but isn't that the whole point?) unless they are allowed to with routing. Of course, that does not mean that they cannot send email to each other or use any other Internet application.

The home router/gateway is probably set for IP address 192.168.1.1 with a mask of 255.255.255.0. Each connected device is getting its IP (Internet Protocol) address from the gateway via DHCP (Dynamic Host Control Protocol) whether they are wired or wireless.

To separate the users into two logical networks that cannot see each other, you first need to change the default network mask in the gateway/router to 255.255.255.128. This breaks your network into two groups: 192.168.1.1 through 192.168.1.127 and 192.168.1.129 through 192.168.1.255.

All the DHCP users will continue to work in the first of the two groups.

The PC's you want to separate must be manually configured on each device (Network Settings, select the interface, click the properties, select IPv4 and change from automatic) to be in the upper IP address range with the .128 mask and a default gateway of 192.168.1.1.

The result is the gaming systems will be DHCP, whereas you sensitive computers will be manually configured by you smile.

You can certainly do this the other way, but my experience is that the gaming systems are a pain to configure. Also, if you have laptops that then move to the office, you will probably have to change the IP settings to get their addresses automatically.

Click Here to view the Subnetting Definition in Wikipedia.

Comments powered by CComment

Our Latest Content

  • Linux Starting Point - Commands You Need To Know

    My recent blog post regarding Linux being the operating system of choice if you are supporting/testing/operating a network has spawned

    Read More
  • What is the 'cat' command, and how can I use it?

    The 'cat' [short for “concatenate“] command is one of the most frequently used commands in Linux and other operating systems. The

    Read More
  • IPv6 Settings (SYSCTL) on Linux

    Is there a simple way to display all the IPv6 settings on a Linux machine? Absolutely!  I have done the

    Read More
  • How to use Wireshark to capture between VirtualBox VM's

    A great question and problem. The fundamental answer is you can't.  Why?  Depends on who you believe.  My conclusion is

    Read More
  • Zenmap - the nmap GUI

    In our previous articles on nmap - we ran everything from the command line interface of various Linux distributions.  When you

    Read More
  • 1
  • 2
  • 3
  • 4

Our Most Popular Articles

  • What is the 'arp' command, and how can I use it?

    Let's answer the question.  If you want more details than what we have provided below, check out our chapter on

    Read More
  • Neighbor Discovery (ND) Table in IPv6 Windows, Linux and MAC Machines

    A great question I was asked in class was: "If Neighbor Discovery processes have replaced ARP in ICMPv6, how do

    Read More
  • IPv6 Windows Command Line Examples

    Here are some great Windows command line entries you can make to examine and configure IPv6 (assuming your version of

    Read More
  • How do I reset my "Default" profile in Wireshark?

    This is a commonly asked question that usually results from users learning the can have different profiles after they have

    Read More
  • A List of Network Monitoring Tools for Network and System Administrators

    Monitoring, analyzing, managing, and diagraming a network can often be a huge problem for Network and System Administrators.  They are

    Read More
  • 1
  • 2
  • 3
  • 4

Event Booking Mini Calendar

October   2018
S M T W T F S
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Subscribe to our Newsletter!

Find by Tag

4G Networks 5G Networks 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az Ad-Hoc Addressing Analysis Ansible Apple Architecture ARP Assessment AToM Automation Baseline BGP Bloom's Taxonomy Bluehost BPF Briefings Cable Capture Filter cat CellStream Cellular Central Office Cheat Sheet Chrome Cisco Cloud CMD Company Policy Computer Consulting Data Center Data Networking Dependencies DHCPv6 Display Filter DNS Documentation dumpcap Earth Earthquakes ECMP Ethernet Ethics Etiquette Evaluation Field Operations Five Monkey Rule G-MPLS Gauge GeoIP GNS3 Google GQUIC Hands-On History Home Network ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 India Internet IoT IPv4 IPv6 IRINN IS-IS L2VPN L3VPN LDP LifeNet Linux LLN LoL M-BGP MAC Macro Microsoft Milky Way mininet Monitoring MPLS mtr Multicast Murphy Name Resolution Netcat NetMon netsh Networking nmap NSE Observations OLPC Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX OTT Parrot PIM Policy POTS POTS to Pipes PPP Profile Project Management PW3E QoS QUIC Railroad Remote Desktop Requirements Resume Review RIP Routig Routing RPL RSVP Rural SDN Security Service Provider Small Business SONET Speed SSL Status Storms Subnetting Support SYSCTL T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telephone Testing Tools Traceroute Traffic Engineering Training Travel Tunnel Ubuntu Utility Video Virtualbox Virtualization VoIP VRF VXLAN Wi-Fi Windows Wireless Wireless 5G Wireshark WLAN Writing Zenmap ZigBee

Twitter Feed