Wireless Router Security
Wireless Router Security – Introduction
Configuring your wireless router security is key to ensuring that your wirless network is ‘locked down’ against attack from hackers and other online nasties!
This guide assumes that you already have a home wireless network and router installed.
A wireless network is a neat and convenient method of networking your home PCs and laptops – no trailing wires and cutting holes to route messy cables around your home.
But along with this convenience comes a wireless radio signal offering anyone within range of your network the opportunity to access your internet connection free of charge!
Anybody with a wireless laptop for instance can cruise down your street looking for an unsecured wireless signal to hop on to and take a free ride on. But that’s not the worst of it, what about someone with more sinister ideas in mind – your wireless signal can give hackers the opportunity to get into your home wireless network and access all of your files and data – maybe even password and account details!
It is vital to provide your home wireless network with some form of security and that can all be set up very easily by taking some simple setup and configuration steps.
Your wireless router lies at the heart of your home wireless network and is the key component to setting up your wireless network security.
Your wireless router sits between the internet and your home wireless network and provides the connection, via the built in wireless access point, between your wireless PCs, laptops and other wireless devices connected to your network.
You may say you don’t have any sensitive data on your network or you don’t mind your neighbour taking a free ride on your internet connection but let’s take a look at that statement shall we?
Firstly, the more people accessing your broadband internet connection the slower your connection speed will be and secondly, you may not have any sensitive files or data but what about your browsing activity?
Anyone with a wireless enabled PC or laptop within range of your wireless signal could use your network to download movies illegally, software or worse! Now, don’t you think you’d better do something quite simple to safeguard yourself?
If your connection is used illegally who do you think will be held responsible?
To be fair, if a hacker really wanted to gain access to your home wireless network they could do so quite quickly with a little persistence and time but we are going to show you how to take some easy steps to ‘lock down’ your home network to all but the most persistent of hackers who frankly really wouldn’t be interested in your little home network – they will be after far bigger fish.
Ok, not to worry – it’s all very easy to set up your wireless router security settings.
Wireless Router Security – Router Setup
Ok, let’s get down to business. We need to go into our router setup program and configure a number of settings to enable us to lock down our home wireless network.
To do this we will need to open up a web browser page and type in the router IP address in the address bar at the top of the browser page – for example, http://192.168.0.1
Once you have entered this you will be confronted with a logon page where you will need to enter your default username and password.
Note – If you can’t find the router IP address, open up a command prompt from the Windows Start menu and type ‘ipconfig’ in the command prompt window. You will now see a listing and amongst this you should find reference to the ‘gateway address’ – this is the router address
The username and password should be changed, once you have logged on for the first time, to something more secure.
You want to ensure that only you can logon to your router and change the security settings etc – if you leave them at their default settings it’s an open invitation to anyone with wireless access!
For reference – and to prove a point – popular router brand default login and IP addresses are as follows:
Make IP Address Username Password
Belkin 192.168.2.1 none none
D-Link 192.168.0.1 none none
Linksys 192.168.1.1 admin admin
Netgear 192.168.0.1 admin password
Now login and you will be presented with your router configuration page.
Ok, now we are logged on and we have our router configuration page in front of us look for the password settings section and change your password to something that is memorable to you but impossible for someone else to guess!
Use a mixture of numbers and letters for the strongest security.
Hmm – best write it down somewhere safe – don’t want to be locked out of our router configuration page in the future do we!
Now make sure that you save your settings before moving on to our next security task.
Wireless Router Security – SSID Name
Ok, the next important security factor to look at is your SSID (Service Set Identifier) which is a name given to help identify your wireless network from other close by networks.
Manufacturer’s set the name to a default name which usually reflects their brand name, i.e. Netgear, Linksys, D-Link etc.
Changing the SSID to something unique to your network will add a further level of security to our network and make life a little more difficult for anyone attempting to break into your network.
Look for the SSID setting option in the ‘Wireless’ section of your router configuration page. Change the default name to the name you have chosen and once again save your settings.
You should also see an option to ‘disable broadcasting’ of your SSID.
This can be useful once your network is set up and running as this option hides your home wireless network from anyone looking for a network to break into.
Our preference is to leave this ‘broadcasting’ enabled as you are making life much harder for yourself should a problem arise with your wireless network – a lot easier to diagnose if you can see it!
Wireless Router Security – Wireless Signal Encryption
Next step is to set up your routers wireless signal encryption to enable basic wireless router security.
This is where we really start locking down our home wireless network to any potential intruders!
Now we will be able to secure our network to all but the most determined of hackers who, frankly, probably won’t be the slightest bit interested in your home network!
You need to enable WPA (Wifi Protected Access) which is a method of securing your home wireless network by means of password and data encryption of your wireless signal.
Basically any data sent across your network gets encrypted (scrambled according to a set code) before being sent across the airwaves and then decrypted (descrambled) at the receiving end so that anyone intercepting the signal without the password cannot make sense of it.
This encoding and decoding of the signal does slow the process down a little but not so that you will really notice.
Now, the latest version of WPA, WPA2 would be our recommendation of choice for the best wireless router security levels protection level if your router supports this. Newer models should have this super secure option available for you and you should opt for this if possible.
You will though need to check that all of your PCs and laptops wireless adapters support this encryption method.
Older routers and PCs etc may only have the much less secure WEP (Wired Equivalent Privacy) level of encryption and if that is the case then you will need to activate this as any level of protection is better than nothing and to be honest WEP will probably do you fine especially if you do not live in a city or in a built up area.
So, to set up the encryption you will need to look in your router setup page menu for the ‘Security’ section, select the security type (i.e. WEP, WPA or WPA2) and then your password etc.
A note now to user’s of Windows XP and Windows Vista – before going any further make sure that you have downloaded and installed the latest Window Service Pack updates available on the Microsoft website.
For Windows XP that means installing Service Packs 2 & 3 and if you intend using WPA2 then possibly the Windows XP WPA2 update.
For Vista users check that you have Service Pack 1 installed.
Windows Service Packs contain important security updates which make Windows Networking easier and more secure.
Right, select WPA or WPA2 encryption and choose the AES (Advanced Encryption Standard) as the cipher type for WPA2 or TKIP (Temporal Key Integrity Program) as the cipher type for WPA.
For both WPA and WPA2 you will now need to select an ‘Authentication’ type which will be referred to as Pre-Shared Key or PSK.
Now select your ‘Passphrase’ (password) using a combination of numbers and letters as directed (between 8 and 63 characters – the longer the better!).
Remember, choose wisely, something you will remember but no one else will guess!
Note down your passphrase for when you come to entering this data into each of your PCs and laptops wireless adapter setup programs.
Yes, you will have to visit each and every one and enter all of the above information before they can talk to each other across your wireless network!
If WEP is the only option available to you then select WEP and the ‘Authentication type’ as ‘Automatic’.
Now set the ‘Encryption Strength’ to 128 bit and finally input your WEP Key ‘Passphrase’.
So, now your wireless network can be considered secure – you can breath easy!
But there are a few other steps we can take to make our network super bullet proof – well, pretty much anyway!
Read on to discover further methods of improving your wireless router security.
Wireless Router Security – MAC Filtering
Most routers will give the option to only allow connection to devices with specific MAC (Media Access Control) addresses which you can specify in a table on the router configuration setup page.
Every PC and laptop wireless adapter will have its own unique 12-character MAC address code.
Setting your router to only allow access to specific MAC addresses will give you even greater security and could be worth the effort if you feel you want the added peace of mind this gives.
First you will need to visit all your PCs and laptops to make a note of their individual MAC addresses.
Simply power up your PC or laptop and go to the ‘Start’ button then click on ‘Run’. Now type ‘cmd’ in the window that appears and then press the ’Enter’ key.
You will now be presented with a command window and you need to type in ‘ipconfig/all’ and again hit the ‘Enter’ key.
Next you will be presented with a screen and you will need to search through the list of information for the ‘Physical Address’ which has a set of characters (6 sets of 2 hexadecimal numbers) which is in fact your PC or laptops MAC address.
Make a note of these as you go round to each in turn and then input them into you router MAC address filtering table.
Note that once done all devices will be blocked from connecting to your network unless their MAC address has been added to your router MAC address filter list.
Wireless Router Security – Hardware Firewall
Your wireless router contains a ‘hardware firewall’ – this si not the same as the ‘software firewall’ that comes with Windows or as part of an Internet Security Suite.
Your hardware firewall provides protection from hackers on the internet and you should check that your router firewall has been enabled.
A hardware firewall on its own should be enough to protect you but we recommend using both for full security and of course any laptops should always have a software firewall installed as security for when using ‘Wireless Hotspots’ or other wireless networks when using your laptop away from home.