One of the biggest differences between XP and earlier versions of Windows is its built-in support for wireless Ethernet networks. Wireless Ethernet, also known as Wi-Fi or 802.11b for the IEEE standard that defines them, has become popular in the past year; network adapter prices have dropped below the magic $100 point, and wireless access points have become similarly affordable for home as well as office users. Access points are even sprouting up in major metropolitan cities, some intentionally for public access (more on that in a moment).

A wireless network has two basic components:

• Most noticeable is the wireless adapter, which is typically a PC Card with a special radio transmitter that fits inside your computer. Some laptop vendors include wireless components, either partially (like Apple) or wholly (like IBM and Toshiba) in some of their newer laptops, so you don't even need to think about this piece. For desktop computers, wireless adapters are also sold as PCI cards, and some vendors also sell wireless USB networking adapters.
• Second is the wireless access point, which you can think of as a central radio tower that communicates with these adapters. Access points have both wireless and wired interfaces, and they act as bridges between the two so that your mobile users can still connect to your organization's wired infrastructure.

Locating the best spots for your access points is more an art form than anything else and outside the scope of this article. The key thing to remember is that they will need to be connected to your wired network and AC power, so finding a place where you have both does tend to limit their placement. And if you have a choice you want them to be located at the highest elevation possible: putting them under your desk or in a sub-basement will limit their effective range. A good rule of thumb is about 100 feet radius for the typical access point.

XP supports many wireless network adapters out of the box, without the need to install special drivers. (Well, the few I tested didn't need drivers; I can't guarantee this for all of you.) You can get a rudimentary wireless network up and running within minutes. That is the good news. The bad news is that you are going to have do a bit of work to configure things outside of XP if you want a secure network that blocks unauthorized users from surfing your network from nearby locations, such as sitting in their cars in your company's parking lot.

This is a big problem. Check out what the guys at ExtremeTech did around the US: they found that they could gain access to numerous networks, a process called war driving, because about half of the wireless LANs they found were using no encryption or other security measures.

Let's walk through some of the screens and configurations you need to get going. For our example, we are using the Orinoco WaveLAN Gold wireless adapter, which is one of the better ones available. After you insert the PC Card in your computer, XP tells you what it found and proceeds to install the drivers to operate the card. Once this is done, you'll need to open up the Control Panel | Network Connections | Wireless Network Connection to make any further adjustments.

You'll notice, as you see in the screenshot below, that in addition to the standard information you'd see for an ordinary network connection, such as packets sent and received, you also have a signal strength indicator. This shows you whether you are in the range of at least one wireless access point. If you don't have a couple of "bars" showing on this indicator, either move your PC closer to the access point or move your access point to a higher elevation. If neither of these does the trick, you have some major troubleshooting ahead of you.

Figure 1. Wireless connection status.

The first thing you'll want to do is set your adapter to communicate with the appropriate access point(s). If you have already plugged in an access point nearby, XP will tell you what it has found. Click on the Properties button and go to the Wireless Network tab and you'll see something like the screenshot below.

Figure 2. Setting up wireless connection properties.

Note that there is a list of the different access points (if there are more than one) shown in the upper dialog box under Available Networks. Some of them may be listed by name, while others are listed by a special number which could be taken from the media access control address of the unit's wired Ethernet interface, or could be a special ID name called service set ID (SSID) that has been set up for the particular device. You might want to hit the Refresh button to reload this list periodically.

All wireless networks include some kind of encryption to keep unauthorized users out of your network and authorized ones in. The trouble is that most people don't make use of these encryption tools - nearly half of the networks surveyed by the ExtremeTech analysts driving around major US cities were found to have no encryption whatsoever. This is not a good idea, especially when you combine this with a DHCP server that many access points have also built in. Anyone driving by can easily grab an IP address and gain access to your network with nothing more than a standard laptop. It's easy, and my colleague Mark Gibbs goes into further details here in his Network World column.

So we are going to turn on the encryption and get protected. First, you need to connect to your access point via a wired connection and set up its security features. Each access point has a different way of doing this: some make use of built-in Web browsers (like the 2Wire and Farallon products), while others come with a Windows or Mac-based installation program that will set this up for you. You want to set up the following three pieces of information: the SSID, the wireless encryption protocol or WEP key, and the key length. Let me show you how it is done on the Farallon Wireless Broadband Gateway box, and you should be able to get an idea of what to do on your own equipment.

On the Farallon box, you need to connect via a Web browser, and it has a default IP address of 192.168.0.1. Go to Configure | Wireless and you'll see the screen shown below. You'll notice I have entered "farallon" for the SSID, chosen the 128-bit WEP key, chosen the Shared Key item (meaning that everyone is going to use the same key) and typed in a bunch of numbers for the key itself. You'll need to remember this bunch of numbers, and I would not choose mostly zeros as I have shown you in the screenshot: pick some random string of digits, and copy these down. Don't pick a key based on your telephone number, street address, or any other identifying characteristic, and while you're at it, don't use these values for the SSID, either.

Figure 3. Setting up the Farallon access point.

One other matter: you should disable the DHCP server on the access point (if it comes with one) and set up your own series of private IP addresses, using something other than the default address range that came with the access point. This is an extra security measure and some trouble, but worthwhile if you want to protect your network. You'll also notice that there is one other selection at the bottom of this screen that offers additional security: you can limit this access point to certain users, or you can allow anyone to connect provided they know the shared key. That is your choice.

Once you have set up your access point, we need to finish up the configuration. Go back to your Wireless Network configuration screen on the computer with the wireless adapter. You need to highlight the access point name, click Configure, and you'll see this last screen:

Figure 4. Setting up wireless encryption.

There are two check boxes, WEP enabled and shared mode. You should check both of these. Next, you need to enter the shared key you typed in in the previous screen for your access point. Astute readers will notice that the choices here don't necessarily match the ones on the Farallon access point: the Farallon offered none, 64-bit or 128-bit keys. XP offers either 40 bits or 104 bits. The two are actually the same, just expressed differently. You'll notice that the number of digits typed into the key field on the Farallon correspond to the number of digits shown by XP in parenthesis here (5 or 13 characters). Welcome to the wild and wacky world of encryption.

One final thing: click on OK, go to the Authentication tab on the Wireless Properties screen, and make sure the box is checked next to "enable network access control using IEEE 802.11x." If all goes well, you should be able to connect to the access point and wirelessly roam about your enterprise. XP will notify you on the taskbar when it connects to a wireless access point, and if your access point is set properly.

But you aren't completely done. You should do one more thing, and that is to put on your "hacker" hat and make sure your network is properly protected. Maybe one of your colleagues brought in his or her own access point when you weren't looking. Or maybe you didn't really turn on encryption when you think you did. You should periodically scan your perimeter with a product like NetStumbler and make sure no one can gain access. If you come into range of a wireless access point, NetStumbler will pick it up and let you know several things: whether the access point has encryption turned on or not, what its Media Access Control address is, the name of the network or vendor, and signal strength and other parameters.What it won't tell you is the packet stream coming from that access point - but that is easily enough accomplished with other "sniffing" tools that you can load on your laptop.

Going wireless with XP is a great way to roam about your enterprise. Just make sure you protect your network properly and keep the war drivers out.

David Strom is author of The Home Networking Survival Guide and hundreds of technical articles for a variety of computer trade publications, Web sites, and email newsletters. He publishes Web Informant, an almost weekly series of essays about Web marketing and technologies, and was the founding editor-in-chief of Network Computing magazine. He can be reached at david@strom.com.