Anyone have a site or a guide to set up a secured network that older (less tech-savvy) folk would understand?

I was supposed to head to someone's house to secure their WiFi network, but don't have the time this week so instead they're looking into getting the Geek Squad come in and do it (buying their stuff at BB). It can't possibly be that hard for them and I'd rather they give it a try and save some money first. I can come in a week later and clean up whatever mess they make, but that guide might be able to get them going.

Thanks.

Wireless isn't all that hard. Just imagine it as a really big Ethernet cable that everyone could possibly hack into.

First, obviously, connect and install everything. Once the hardware is done and drivers are loaded, start working on the config.

I usually begin with the router. First download the latest firmware, and put the file on the PC you will use to config the router. Connect that computer to the router without plugging the router into the cable/dsl modem.

Your instructions should have the default address to plug into your browser, it's usually 192.168.0.1.

When you get into the interface, update the firmware. If you get a WRT54G below version 5.x (or a GL or GS), you have options for some really sweet third-party firmwarez (http://en.wikipedia.org/wiki/Wrt54g) (check the list for the serial numbers of the pre-5.x versions).

WRITE DOWN WHAT CHANGES YOU MAKE!!!! A lot of times people forget this stuff. Personally, I put the info on a post-it under my router at home. It's REALLY bad in terms of office security, but if someone is in my home, them taking the post-it under my router is the least of my concerns (OMG, they might put a few gigs of pr0n on my HD...).

Anyhow. To start, you ALWAYS, ALWAYS, ALWAYS want to change the SSID, and disable SSID broadcasting. Then after that, change the admin password.

From there, I usually advise changing the IP address (stick a private IP address range (http://www.duxcw.com/faq/network/privip.htm)), and limiting the pool of addresses available to DHCP (I usually only allow 5-15 addresses). You can get fancier by using subnet masking, but that isn't really necessary (especially if you ain't down wit' TCP/IP. Yeah you know me).

After this change is made, you are going to have to release/renew your IP address (if you are using DHCP. If you are static, just put in something inside your IP range, but outside the DHCP pool [so you don't get an IP Address conflict]), and connect the browser to the new IP address to get to the config page.

If you can, do a survey of the wireless activity in your area (I use HyperWRT for my WRT54G, which has a site survey feature, but you can also do so with a wireless client card supported by NetStumbler (http://www.netstumbler.com/)), this will let you see what channels are being used. Or, more importantly, which AREN'T being used. You want to have a gap of more than +-1 channel (most wireless hardware defaults on channel 6). Bear in mind that 2.4ghz phones, as well as "Pigpen devices" (aka Bluetooth) also use (hog) the same bandwidth. So if you have performance issues with one channel, try another range.

At this point, turn off all your hardware, connect your router to the cable/dsl modem, and any wired computer(s) to the router. Now start with the modem, then the router, then the computer(s), waiting about two minutes between each. Check your router config, it should now have an external IP address from the modem. If you are using DSL, you may have to clone the MAC address of the PC you originally connected with (this can get more involved, and may require a call to your ISP).

Set your wireless clients up with your SSID and Channel info, and they should now get an IP address from the router. Sorry for the brevity, I'm getting a bit tired (and Im still at work!). If you have questions or get stuck, either myself or someone else can explain further.

I'll just explain WEP a bit, since it's mainly what I know. You will use either 64 or 128 bit. If you have good equipment (no MSRP $9.99 wireless cards), you will probably be ok with 128. If not, or if it's too slow, 64 bit is fine. The point of WEP isn't to make your network Ub3r-1337-h@Xx0r proof, it's to pretty much just stop the kid or nosy neighbor next door (or whereever) from either looking at what webpages you go to or whatever you are doing (since the wireless traffic is being transmitted, in most cases, in plain text). It's also there to stop unauthorized people from connecting to your router (and thus, your network).

If someone can break 64-bit encryption, they probably have the time and dedication to also break your 128-bit encryption. I am more worried about casual snooping, since is somebody is specifically targetting me, they will figure out a way to get on my network (including coming into my house, of course). So, essentially, the 64/128 thing isnt too big a deal for home users. The goal is to have SOME form of encryption (something > nothing).

WEP is easy. Some setups allow you to input a passphrase, which is a short... passphrase... which will then be hashed to come up with your WEP key. From the four row, hex WEP key, you will pick one prefered key (1-4). If all your gear allows you to input a passphrase, life is good. Just write down the passphrase and the prefered key. Otherwise, just write down the four rows of hex data and put a checkmark by your prefered key. Not a big deal, just takes longer; make sure you write everything out clearly and correctly.

[ ] Change "admin" password (____________________________)
[ ] Change SSID (____________________________)
[ ] Disable "SSID Broadcast"
[ ] Change IP Address Range (____________________________)
[ ] Set smaller DHCP Range (____________________________)
[ ] Set Channel (____________________________)
[ ] Turn off everything, connect modem to router to PCs, reboot
[ ] Confirm wireless clients are connecting to internet through router
[ ] Turn on, configure WEP (or other supported encryption) (____________________________)
[ ] Activate WEP on clients, configure.
[ ] Check connectivity; it had a connection pre-WEP, so if the config is correct, it should work.

Wow, thanks a bunch. I'm copy/pasting and sending this to them. Makes sense to me anyway, so it should work great. I really appreciate you taking the time to type that out.

No problem. Just doing my part to make sure people don't have their home networks hacked into ;)