router

Serious Home Firewall and Router Solutions (pt. 2)

February 14, 2022

ABOUT

“Our mission is to continuously deliver the best quality and value of Computers solutions. We are committed to making sure that our service is a rewarding experience for both you and your clients.”

Last week, we introduced some ideas about securing your home network by understanding your router, firewall, and modem. This week, we’ll explore a little bit about home network accessibility—as in, “what is the best way of connecting to that router with your devices?” Crown Computers highly recommends Ubiquiti routers, firewalls, and access points, and we’ll use their products as a way of imagining the perfect home network. Ubiquiti offers every piece of hardware you would want for building the perfect home network, and if you’re serious about your connection’s speed, reliability, and security, then you should consider installing cat6 cable throughout your home to take full advantage of high-speed network connections.

Using WiFi How It Was Intended to Be Used

WiFi has come a long way since the days before 802.11g. It seemed like magic to have a laptop connected to the internet without a cable 20 years ago. Now, since it’s so prevalent, it’s easy to forget that WiFi is quite limited in what it can provide in terms of security, speed, and—most importantly—reliability. While a lot of security problems are mitigated with a strong, complex password that you reset occasionally on your home WiFi, the speed and reliability are contingent on the physics of radio signals. The best way to think about WiFi, though, is as a way to not plug mobile devices and laptops into the router, and it probably shouldn’t be thought of as the number one way to connect to your network.

The way to ensure WiFi reliability is to design your network so that wireless access points overlap as little as possible with other devices that use the same frequencies. 2.4 gHz networks are pretty noisy because other household devices use the same frequencies, such as Bluetooth devices and microwave ovens, but that isn’t the biggest noise problem… If you live in a densely populated area, all of the wireless networks within broadcast range are contributing to noisy airwaves, and will cause interference as everyone’s networks compete with each other for space on the channels. 5 gHz networks are typically less noisy, but that comes at the cost of covering less area (and being attenuated by walls). WiFi 6E is the next standard for high-bandwidth WiFi (at 6 gHz), but will have an even shorter range indoors—although it boasts even greater speeds.

All of this is not to say that WiFi is not a good solution for network connections, but that it’s the right solution for connections to devices that are, at most, one room away from the wireless access point.

There are a lot of wireless “mesh” networking devices that aren’t able to achieve the best results because each of the radios have to communicate with each other. Think of the WiFi connections as walkie-talkies; the access point and each of the connected devices talk to each other one after the other in rapid succession. This means that using one device to download at full speed can take all of the radio time from the other devices, who have to wait their turn to talk to the access point. If the access point in a mesh network then has to repeat that signal to the wireless router, then we’re going to see a huge slump in connection speeds for all of the devices.

Rethinking the Floorplan and your Network; Running Ethernet Cable through Your House

The best way to eliminate the radio noise in your house is to use wired networking for main connections to your network, and use WiFi access points to cover areas spanning just a few rooms each. This way, the access points use lower-powered signals to cover specific rooms and don’t overlap with one another, instead of trying to blanket the whole house with one signal. As long as the access points are configured to have the same settings, your wirelessly connected devices find the nearest access point with the best signal and jump to it seamlessly.

To accomplish this, you’ll want to run Cat6 cable through your house to strategically selected areas, where the cables terminate with wireless access points. To achieve the most reliable and speedy connections possible, the Cat6 cables will run from the access points to a router or switch at a central location. This is referred to as home run wiring or star wiring, where each line runs directly to the center of your infrastructure, and doesn’t rely on other devices to split or extend the signal. You can select the most convenient places in your floorplan to terminate the lines so that there is always one access point a room away. Ubiquiti even offers the Unifi Design Center, which lets you upload your floor plan and start designing your home network by dragging and dropping hardware directly on it.

If you’re not comfortable running your own cable through your walls or ducts, then a licensed electrician can do the job for you. If you are interested in running the cable yourself—and remember, you don’t necessarily have to run it through the walls, but could just find some nice surface boxes like these ones to mount on anything—then what you’re looking for is a box of solid core cat6 cable. These cables are different from your ordinary network cables (the ones that run from the router to the computer) because they are able to supply greater speeds over longer distances. While you’re buying bulk cable already, maybe you’ll want to grab patch cable material in bulk as well and work on your cable building skills. The patch cable uses stranded copper, making it flexible and suitable for short lengths, while the solid copper is not able to be moved much before it starts to ruin the wire.

One additional hardware consideration should be made when thinking of where to put the ethernet drops: power. While some of the access points that you place throughout your home, or even outdoors, will be near power outlets, others may not—like if you’re thinking of running cat6 cable outdoors to connect security cameras. Power over Ethernet (PoE) is slowly becoming more and more important for certain hardware; IP cameras and ethernet powered routers and switches are the most prevalent in home use. The PoE protocols make it simple to run a camera or access with just one cable, but this does require a PoE capable switch to send the power over the line.

Ubiquiti and the Perfect Home Network Setup

Crown Computers recommends Ubiquiti networking hardware and software, both because of the quality of the hardware and the simplicity and power of its software. With the UniFi Dream Machine at the center of your home network, you get a UniFi OS Console that can be extended by connecting more UniFi devices to your network. UniFi OS is the software that runs on all of your Ubiquiti devices so that they are all centrally managed from the same interface—including upgrading the firmware to keep yourself secure. This means that even if your network’s floorplan gets a little complex, you can use the apps on UniFi OS to set up and manage your network simply by going to https://unifi/ in a browser of your choice.

With the Dream Machine at the center of your network, your new cat6 cables can connect to wireless access points everywhere they’re needed, as well as other peripherals like cameras and VOIP phones. The access points can all be managed centrally, including the management of users and devices. Meanwhile, behind the scenes, you’ll have all the advantages of a modern firewall and the ability to use the Dream Machine as a network video recorder (which uses standard 3.5” hard disk drives).

UniFi’s firewall is far superior to the old, static firewall rules that we took a look at in the previous post. It uses features like deep packet inspection and WiFi AI to look for suspicious behavior on your network, and shut out attackers or block connections to wrongdoers. Instead of needing to know specific information about attacks, you can rest assured that UniFi’s firewall will assess threats and stop them before there is a problem.

-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team