Step by step: How to protect your Wi-Fi network

Fri May 16, 2008 4:53PM EDT

See Comments (83)

Reader Joshua writes: I have searched all over the net for detailed instructions on how to protect my Wi-Fi network, and I just can't seem to find them. I would appreciate some help.

Most vendors provide an installation CD with their routers, and if you use this CD (you never have to, by the way), you'll be walked through setting up security on your router, step by step.

Personally I find these programs cumbersome, and since I tend to swap out routers every couple of months, I never install them to avoid having multiple management applications which correspond to nothing on my network.

So, without further ado, here's how to set up security on your router without using a custom application.

1) Type in the IP address of the router in your browser. This is how you get to the management system. You will need to check your router's manual for the IP address (it's probably 192.168.0.1 or something close to that) and the default password for the router. Now every router's management interface is different, and I don't have every brand here to work with, so I'm just going to point you toward the areas you need to tweak. This isn't complicated, but it might take a little trial and error on your part. Just poke around until you find the appropriate section to manage. It's usually quite simple.

2) Set a new administrator password. Always a good first step so you don't forget it later. This is often not under the Security section, so don't forget to look under the Utilities or System Settings area. Once you find it, change the password here like you would with any user account.

3) Turn on encryption. Look under Wireless Security or a similarly tagged section. You want to turn on encryption here: Use WPA (or WPA-PSK) if all devices on your network support it. Otherwise use 128-bit WEP. Type in the key you'd like (or use a passphrase to generate the key if you're using WEP). Note  the passphrase you're using so you can type that password into your client machines.

4) Change the SSID. Nothing says "hack me" like a default SSID (essentially, the name of your router) like "linksys" or "belkin." Change it to something menacing, not "janesrouter." One router I can see from my office is named "virustrap." I can't imagine anyone willingly trying to hack into that network. Remember you'll need this SSID when you browse available wireless networks from your client machines. You'll find this setting under a menu called Channel or SSID, something like that.

After that, you've covered the basics of security. You'll probably have to reboot your router multiple times during this procedure (so it's best to use a cable to do the configuration), and don't forget to hit "Apply Changes" or "Save Changes" after every tweak you make.

You can continue to make more advanced wireless security changes if you'd like, but I think they're overkill. Still, if you're paranoid, you can turn off SSID broadcasting (so you have to type in the network name manually; it doesn't show up in the Windows scan). You can also turn on MAC address filtering, which limits access to your network to a list of clients that you specifically approve. If anyone really wants information about how to configure MAC filtering, email me or post a comment below and I'll whip up a blog post down the road.

Comments on Step by step: How to protect your Wi-Fi network

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by scottiecordes on Mon Aug 21, 2006 9:38PM EDT Report Abuse

    Absolutely, positively, enable and use MAC filtering. Just be sure that the first MAC address you enter is the machine you are using at the time...how do I know this? Don't ask!

  • 2 Posted by kkelley1980 on Tue Aug 22, 2006 8:48PM EDT Report Abuse

    This was very helpful. I've been looking for this information for a few months and the information that comes on my computer wasn't helpful. I had to take my router off of my computer and go back to using the LAN line. What a bummer. The information above about the MAC address is helpful too. Thanks!!!

  • 3 Posted by rlesovoy@sbcglobal.net on Thu Aug 24, 2006 1:26AM EDT Report Abuse

    Ok..I understand about Mac filtering...the question is, once you address the computers on your LAN to be accepted via MAC addressing and they were the only computers you wanted to enter your LAN, do you really need any other password type encryption? I guess if you wanted to temporarily add another computer without entering the MAC address, you could set up WPA or WEP-128 encryption.

  • 4 Posted by tokeersheikh on Sat Aug 26, 2006 5:01PM EDT Report Abuse

    Do not rely on MAC filtering as your sole security solution, MAC filtering isn't foolproof. Your MAC address can spoofed.

  • 5 Posted by dukeofhmong on Tue Aug 29, 2006 12:16PM EDT Report Abuse

    Yes. The article is very informative. With all wireless security... I'd suggest that you turn on WPA... but if all your devices dont' work.. then turn on 128 WEP with MAC filtering. WEP is like closing your door to outsiders. WPA is like closing your door and Locking it. WPA with MAC filtering is like Closing your door and having a screen door to allow in only the MAC's that are allowed. Then again, like everything out there, if a Hacker really wants he can still hack into a WPA encrypted router with a spoofed MAC address. Also, if you're going wired... then anyone with a CAT5 cable can get into your network w/o having to deal with all that wireless encryption. Also, most people have their routers to generate IPs automatically... that's good to have, but for more security, I'd suggest doing static IPs, which makes things a bit harder and also make your IP scope smaller as well.. that way, if a person were to plug into your router with a cord they won't get an IP, meaning no internet because you did static IPs so the auto DHCP server on the router will not give out IPs. And if you have 3 machines, then turn your IP scope to three to only support the three static IPs assigned to your three computers. So... with WPA encrpytion, MAC filtering, & Static IPs, your network is secure... but I give no guarentees because if a Hacker were up to the challenge... they'd need to break into your router and reset it then force it to distribute more IPs (if wired). If wireless, then there are programs that hacker's use to break WPA & WEP encryption and then spoof a MAC address to get in and then change your router settings and they could.... kick you out and disable your MAC and IPs... which would really suck.

More Posts: First Prev 1 2 3 4 5 Next Last

Post a Comment

Sign In to Post a Comment

 

Sign In to see your profile information, saved products and more...

Register Sign In

My Favorite Gadgets

 



Quick Compare See All Favorite Gadgets
 

Recent Activity

 

Recently Viewed

on | off on | off
 

Recent Searches

on | off on | off
 
 
 

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.