After getting a high speed broadband Internet connection at home, many people want to share it between multiple computers. Most cable and DSL modems (or more generically, "broadband modems") support the connection of only a single computer at a time, so an additional piece of equipment is necessary to share the connection. We’ll examine three common home network configurations and their relative strengths and weaknesses.
Option 1: Broadband Router
The most common configuration involves an Broadband Router such as the Linksys BEFSR41 or the Microsoft MN-100. Other popular makers of home networking equipment include NetGear and D-Link. Installation is fairly straightforward in most cases. The router is plugged into the modem. All computers are then plugged into a network port of the router. Most of the time the router will automatically configure itself to use the Internet connection and allow it to be shared amongst the attached computers. In rare cases, the Internet provider will give you a 4-part numerical IP address to type in. The router will have instructions on where to type in this address.
This option is easy to install and pretty inexpensive — usually around $50 for the router and necessary network cables. The option tends to be relatively secure due to the fact that all of these routers provide NAT and almost all have built-in firewalls. The purpose and technology behind NAT and firewalls will be explained in detail in the future on this site, but in short, both technologies make it harder for hackers to get at machines inside our Local Area Network (LAN). This option is somewhat constrained in the number of computers that can be attached at one time, because of the limited number of network ports on the router (typically 4 or 8); however, it is possible to accommodate additional computers by using an inexpensive hub (about $20):
Each computer inside the LAN can communicate with each other at 100 mbps. The connection to the Internet is the slowest part of the whole network with typical speeds of 750 kbps.
Option 2: Internet Connection Sharing
In this option, we avoid the purchase of an Internet router. A computer running Windows 2000, Windows XP or Linux can easily play the same role. Microsoft calls the feature Internet Connection Sharing (ICS). To set up this option, the computer running ICS needs two network cards. One will connect to the modem. The other will be connected to a hub, which is used by all the computers sharing the connection. ICS is enabled for the connection to the cable modem, and the additional computers will all automatically configure themselves to use the ICS computer as the Internet router. If we are sharing the connection with only one other computer, we do not need the hub. Instead, we can connect the two computers directly with a special network cable called a crossover cable.
This option is a tiny bit harder to set up than Option 1 because of the need to install a second network card into the ICS computer, and then enable ICS in Windows. This option is cheaper because we need only a second network card ($5) and probably a hub ($20). The configuration is marginally less secure. While the ICS computer uses NAT and a software firewall to protect the LAN, it is directly accessible to hackers who attempt to intrude. The direct accessibility makes the ICS computer more vulnerable to intrusion than any computer in Option 1. The speed of the network will be identical to Option 1, and the expandability is limited only by the number of ports on the hub. The main disadvantage of this option is that the ICS computer must be on for any of the other computers to use the Internet connection.
Option 3: Wireless Networking
In the first two options, all of the computers had to be close enough to the modem for a network cable to reach. Network cables can be long (about 25 meters) and they can be placed inside walls, but there is a big advantage to setting up a wireless network instead. Computers can be placed anywhere in the house and one can pick up and move a laptop at any time. Many PDAs can also use a wireless network connection.
Instead of buying the router in Option 1, we need to buy a Wireless Access Point (WAP) such as the Linksys BEFW11S4 or the Microsoft MN-500 that also supports the capabilities of a router (not all WAPs do). The WAP is connected to the modem, and then each computer uses its wireless network card to connect through the WAP to the outside world.
This option is easy to set up. It costs more than the other two options because of the WAP ($100) and the wireless network cards for each computer ($50 each). The WAP provides NAT and a firewall, just as in Option 1, but it suffers from a security flaw:it is not difficult for a stranger to use the wireless network by getting close enough to the WAP to make the connection. Even a password-protected wireless network is not difficult to connect to. The speed of the LAN is slower than the other two options (11 mbps), but since the LAN is still much faster than the connection to the outside world, the difference will probably not be noticeable. Newer WAPs that support the wireless network protocol 802.11g are faster (54 mbps) but more expensive. This option easily supports a large number of computers because we don’t need a network port for each computer. A consumer-level WAP will probably support 10-15 computers before the wireless network becomes sluggish. One last point to note is that wireless networks can become flakey from interference from other devices that use the same radio frequency such as 2.4 GHz wireless telephones. For this reason, some people choose to connect at least one computer to a network port on the WAP with a cable.
These three options are summarized here:
| Broadband Router | ICS | Wireless Network | |
| Setup ease | Excellent | Good (must install a 2nd network card and configure ICS) | Good (should password-protect the wireless network) |
| Price | $50 | $20 | $100 plus $50 extra for each wireless network card |
| Security | Excellent | Good | Adequate |
| Expandability | Add a hub | Add a hub, or replace the existing hub with a larger one | Not constrained by network ports |
| LAN speed | 100 mbps | 100 mpbs | 11-54 mbps (though the speed decreases with distance from the WAP) |
| Reliability | Excellent | Excellent | Good |
| Convenience | Good | Adequate (because of the need to turn on the ICS computer) | Excellent (because of the lack of network cables) |
Security
One note that relates to security: in our options, we talked about how the router or ICS machine or WAP uses NAT and provides a firewall. If we don’t take further steps to secure our network, we end up with what is known in security circles as a LAN with a "hard crunchy exterior and soft chewy interior". It’s like having one lock on the outer-most door of a building and no doors at all inside the building. It’s a good practice to protect each individual computer in case an intruder gets into the network:
- Use antivirus software and keep its virus signature file up to date. The software should be configured to check all files for viruses.
- Regularly install security patches released by software vendors. Most known security flaws in software have corresponding patches that fix them. Microsoft makes it easy to find all Windows updates on their website http://windowsupdate.microsoft.com.
- Use a password with all user accounts and make a habit of changing the password regularly.
- Require a password for all shared folders. Hide the shared folders so they are not visible to someone browsing the network by giving them a name that ends with a $.
- Consider running a software firewall on every computer.
- Be very restrictive in how any firewall is configured — it should only allow network connections that are absolutely necessary.
- Don’t give administrative privileges to your normal user account. Instead, log in as the administrator only when you need to make a system configuration change.
- Shutdown any extraneous services in Windows. Each of these programs potentially have security holes. If they are not running, it’s less likely they can be used to compromise the security of a computer.
- Notice and investigate any unusual behavior on the computer.
Happy networking!