Home Networking

Wireless Security
The wireless technology used by CACHE to deliver internet to homes and businesses is a closed system which uses proprietary equipment from Trango Broadband and is NOT the same as the "Wi-Fi" wireless standard. Information which passes over the CACHE network including the Trango Broadband wireless links is secure from interception. However, the traffic on a personal wireless network using the Wi-Fi technology (802.11b/g) can be intercepted unless certain security features are enabled within the router. To truly protect your wireless network from unauthorized users and packet-sniffing devices, the WPA (Wi-Fi Protected Access) feature must be enabled with a robust encryption key. If your network is not secured with WPA and you would like it to be, you can contact the CACHE office to enable the WPA encryption features of your router with a random encryption key or with a key you supply. If you would like to manage your own wireless network, contact the CACHE office and they will release management access for the router to you. For specific instructions, consult the documentation for your router, available on the manufacturer's website.

Some older wireless devices only support WEP encryption (Wired Equivalent Privacy). WEP is a poorly designed protocol and has been circumvented. Given time, a malicious user could gain access to your WEP enabled network, however such activity is illegal (whereas unauthorized joining of an unencrypted wireless network is a grey area). WEP does require an encryption key to join and will deter casual users from using your wireless network - but WEP should not be relied upon if true security is required.

Additional resources concerning wireless security:

Wikipedia Articles:

• http://en.wikipedia.org/wiki/Wifi
• http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
• http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy

Security Now! with Steve Gibson (audio and transcriptions):

• http://www.grc.com/sn/SN-010.htm - Open Wireless Access Points
• http://www.grc.com/sn/SN-011.htm - Bad WiFi Security (WEP and MAC address filtering)
• http://www.grc.com/sn/SN-013.htm - Unbreakable WiFi Security

Voice over IP (VoIP):
CACHE does not directly offer Voice over IP (VoIP) service, however 3rd party VoIP services such as provided by Lingo (http://lingo.com/) are known to work over our network. If you contact CACHE *before* you configure and connect your VoIP device, we can prepare your connection for the best VoIP performance.

1) The wireless equipment used by CACHE has a provision for time-sensitive traffic such as voice. If you are planning to use VoIP, we can set your equipment in a priority polling cycle to ensure quick response times.

2) VoIP connections work most reliably on a public IP address. CACHE subscribers are assigned a private IP address by default, but public addresses available upon request and will be assigned in the case of a VoIP connection. If requesting assistance from your VoIP provider, a public address will be required for them to remotely connect to your device.

3) Routers supplied with the wireless service are configured to be connected directly to the wireless equipment - before any other device on your network. However, VoIP providers recommend that their device be placed in that 1st position. When installed this way, the VoIP device is able to prioritize voice traffic over regular internet traffic. In addition to obtaining the proper IP Address, Subnet Mask, Gateway Address, and Domain Name Server settings from the CACHE office for configuring the VoIP device. The router will also need to be configured to operate behind the VoIP device.

If you leave the VoIP device configured to automatically retrieve the IP address and other settings - placed either before or after the router - it will be assigned a private address. Public addresses must be manually configured in the VoIP device.

Remote Access, VPN, and advanced usage:
Unless you have specifically requested a public IP address for a home wireless connection, your equipment will be configured with a private IP address on a network using Network Address Translation (NAT). Since NAT shares a range of public IP addresses among many private addresses, it is not possible for a remote user on the internet to connect directly to a private address on the CACHE network. While this increases security and preserves the finite number of public IP addresses available on the internet, it can be a barrier to applications and services that are not capable of NAT Traversal (however as NAT technology is becoming more widespread, more and more programs support NAT Traversal). Public IP addresses are available upon request and management of the supplied router can be turned over to the subscriber if port forwarding or other advanced configuration is required.