I had a request from one of Scoble's loyal readers to post my reccommendation for a WiFi setup. I helped Scoble set up his when I was in Redmond last month, and from what he says, it seems to be working great. So here it goes.
BoyWonder.NET's Golden Rule:: AVOID D-LINK AT ALL COSTS. I don't care what the price is. I don't care what the box tells you. D-Link has a hard enough time interoperating with other D-Link equipment, LET ALONE other manufacturers. This is because it tries to achieve 22MBps by going across 2 channels at once. AVOID IT LIKE THE PLAGUE. Want more proof? Scoble's access point was a D-Link. We drop-kicked that thing like Jackie Chan on Coke. Moving on.
I only stick with Linksys products. With one exception. Motorola came out with a combination Cable Modem, Broadband Router, Print Server, and Wireless Access Point that I've heard is top-notch. It interoperates with Linksys stuff very well. I don't own it, but if they had a Wireless-G version I'd buy it.
Now that 802.11G is a standard, go ahead an pick yourself up a Linksys Wireless-G Combo Router/Access Point. I've had nothing but positive experiences from this router. It is super east to configure, and secure bu default, which is always nice. With the G standard, you'll be able to use B and G products at the same time. Good for you. Bad for 802.11a. Personally, I'm still using B at home, and I'll only upgrade if I get a G-enabled laptop.
The best part about this router, besides the secure by default setup and simple web-based configuration, is the ability to open it up to be configured remotely. Anyone that needs help setting up their box, I'd be more than happy to do so, from the comfort of my own home :)
Next, make sure you get these Wireless-G PCMCIA cards. Same as above, and you'll find that they work very will with any WiFi access point. it's super easy to set up and configure.
Now that you've got everything running, log into your router. There are a few basic steps you can take to make sure you aren't hacked, and no one else leeches off your bandwidth. First, on the first page, re-assign your router IP address. It is 192.168.0.1 by default. Make it something like 192.168.146.254, and go ahead and keep the subnet the same. For those of you that don't know what IP's and subnets actually do, this means that your network is based on the 192.168.146 address, and you have 253 available nodes to work with. This is more than adequate in most if not all situations. And, by using a nonstandard internal IP address, you have reduced your risk of someone getting in.
Next, change your SSID. Something random that only you would know. Don't make it a password, because it is possible to sniff these right out of the air. That is harder to do so, however, if you turn off SSID broadcasting. This will require you to set up WindowsXP to connect to it manually later, but this is no big deal. Speaking of passwords, click the next tab and change your administrative password. Something unique with letters and numbers. Try using the hacker code of using numbers to signify letters. If your favorite place is Redmond, then your password could be r3dm0Nd. Chances are you'll beat most dictionary attacks. Try combing two words for greater protection. Now, make sure UPnP is off (who invented that anyways?), and move to DHCP.
You may not like me for this, but I don't care. Turn it off. Yeah, you're gonna have some extra work to do. But it will be a tad bit harder getting onto your network if you're not handing out IPs to any random schmuck. The rest of the basic settings you won't have to worry about. Click the advanced tab and continue.
Now, make sure the Block WAN Requests option is enabled. This prevents any kind of remote attack from crippling your computer. It's REAL nice, and my favorite feature. Make sure all your passthroughs are enabled if you have any kind of VPN connection. If you decide you want to have remote management on, PLEASE change the port. Lets move on to Forwarding.
Forwarding. This is how you open up the firewall. My recommendation: only open up what you have to. NOTE: Netmeeting runs on ports 389, 522, 1503, 1720, and 1731. If you're using Remote Desktop Connection and you're remapped the port (like all good RDC users should), make sure you upen up that port too. Now, skip the routing tables, and move to the MAC Address tab.
Here's where I run a rather nifty little trick. Sometimes I use apps that need a direct connection to the net. In these cases, I have to unplug my router from the modem and plug my NIC card into the modem. The problem with most providers is that the cable modem is tied to the MAC address on whatever network card you are using. Usually, when you make this change, you have to reboot the modem to rebind to the new MAC address. Well, here you can make the router spoof the MAC address on your LAN card, so you don't have to make that reboot. Nifty, huh?
Now for the good stuff. Click the “Wireless” tab. Increase your “Basic Rates” dropdown to the 2nd option (you'll get higher transmission rates). Leave everything else alone, but enable your MAC filter. Look at the active MAC table, and see which MACs are connected. You shouldn't have any unless you set up your PCMCIA cards already. Pop those bad boys out of the case, and look on the backside. They should have the MAC address printed on the back. Enter them into the filters table, and turn the filters on. Now, only the cards in the table will be able to get a Station ID.
All together, this will deter most would-be hackers. The hard core guys will be able to sniff out the information they need to get in, and you're SOL anyways. Now, use all those settings to set up the PCMCIA cards, and you're golden.
That's it. I would have loved to have done some screenshots and stuff, but I wouldn't want to give away MY configuration now would I? Hope that helps.