Step by step: How to protect your Wi-Fi network
Fri May 16, 2008 4:53PM EDT
See Comments (81)
Reader Joshua writes: I have searched all over the net for detailed instructions on how to protect my Wi-Fi network, and I just can't seem to find them. I would appreciate some help.
Most vendors provide an installation CD with their routers, and if you use this CD (you never have to, by the way), you'll be walked through setting up security on your router, step by step.
Personally I find these programs cumbersome, and since I tend to swap out routers every couple of months, I never install them to avoid having multiple management applications which correspond to nothing on my network.
So, without further ado, here's how to set up security on your router without using a custom application.
1) Type in the IP address of the router in your browser. This is how you get to the management system. You will need to check your router's manual for the IP address (it's probably 192.168.0.1 or something close to that) and the default password for the router. Now every router's management interface is different, and I don't have every brand here to work with, so I'm just going to point you toward the areas you need to tweak. This isn't complicated, but it might take a little trial and error on your part. Just poke around until you find the appropriate section to manage. It's usually quite simple.
2) Set a new administrator password. Always a good first step so you don't forget it later. This is often not under the Security section, so don't forget to look under the Utilities or System Settings area. Once you find it, change the password here like you would with any user account.
3) Turn on encryption. Look under Wireless Security or a similarly tagged section. You want to turn on encryption here: Use WPA (or WPA-PSK) if all devices on your network support it. Otherwise use 128-bit WEP. Type in the key you'd like (or use a passphrase to generate the key if you're using WEP). Note the passphrase you're using so you can type that password into your client machines.
4) Change the SSID. Nothing says "hack me" like a default SSID (essentially, the name of your router) like "linksys" or "belkin." Change it to something menacing, not "janesrouter." One router I can see from my office is named "virustrap." I can't imagine anyone willingly trying to hack into that network. Remember you'll need this SSID when you browse available wireless networks from your client machines. You'll find this setting under a menu called Channel or SSID, something like that.
After that, you've covered the basics of security. You'll probably have to reboot your router multiple times during this procedure (so it's best to use a cable to do the configuration), and don't forget to hit "Apply Changes" or "Save Changes" after every tweak you make.
You can continue to make more advanced wireless security changes if you'd like, but I think they're overkill. Still, if you're paranoid, you can turn off SSID broadcasting (so you have to type in the network name manually; it doesn't show up in the Windows scan). You can also turn on MAC address filtering, which limits access to your network to a list of clients that you specifically approve. If anyone really wants information about how to configure MAC filtering, email me or post a comment below and I'll whip up a blog post down the road.
Top 5 Posts
More About Wi-Fi & Networking
Comments on Step by step: How to protect your Wi-Fi network
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
27 Posted by tss3232 on Thu Sep 3, 2009 10:23PM EDT Report Abuse
How to protect your Wi-Fi network? Step 1: Wire it.
-
28 Posted by chandlerda on Thu Sep 3, 2009 3:21PM EDT Report Abuse
Good info. One other thing that I personally do is to change the default (192.168.x.x) addressing scheme to another one of the private IP addressing schemes and play with subnetting what you need for the amount of computers you would like connected. Subnetting helps in that if you only allow a certain numbers of computers in a certain subnet, then even if the 'bad guys' do get an address, they wont be able to go anywhere. This option requires you to turn off the DHCP server that your router is using, so be prepared to create an IP addressing scheme.
-
29 Posted by angelicdreamzhome on Thu Sep 3, 2009 2:54PM EDT Report Abuse
AWESOME, Easy to understand, invaluable information. KUDOS! Thank you!
-
30 Posted by chrisandange1315 on Thu Sep 3, 2009 3:24PM EDT Report Abuse
DONT USE WIFI
-
31 Posted by heppert on Thu Sep 3, 2009 4:18PM EDT Report Abuse
RE Post #16 by jpav05 . . . "what about if you don't have a router and you have high speed by using a cable modem, how you u secure this connection." Get a WIRED router /firewall that will use NAT even if you only have ONE PC. Back on wireless networks, turning off SSID is fine for small home networks (as an ADDITIONAL step), as if you are not using it 20 hours a day, there are no packets to sniff and figure out the network ID. On a large network, it is just a pain not having the ID available. WPA is great if ALL your devices support it. All of the suggestions can be used for layers to make your network a less likely target as most casual browsers and bandwith moochers will just find a easier target elsewhere. Nothing is uncrackable for really determined users.
-
32 Posted by al_lehman61 on Thu Sep 3, 2009 2:51PM EDT Report Abuse
How do I find out if my hardware is WPA compatible?
-
33 Posted by tompeacock76 on Thu Sep 3, 2009 10:16PM EDT Report Abuse
WHAT about WEP 64-bit. That is what I was suggested to use as my encryption by the tech-support staff at the router company.
-
34 Posted by buckleyjames_jr on Thu Sep 3, 2009 3:15PM EDT Report Abuse
Yes i would like to know how to do MAC filtering please post it thank you
-
35 Posted by cooknn@sbcglobal.net on Thu Sep 3, 2009 3:29PM EDT Report Abuse
Could you please tell me how to set up security for my Mac wifi? Thanks
-
36 Posted by bujruk on Thu Sep 3, 2009 3:15PM EDT Report Abuse
I can't seem to have my westell versalink 327W support multiple wireless station with wep encryption. So I have to rely on MAC filtering. I guess nothing is safe, I thought MAC filtering was similar to host.allow table in unix.
-
37 Posted by mmmfiga1 on Thu Sep 3, 2009 7:24PM EDT Report Abuse
I have attempted to secure my home machines on several occasions. I have a combination of Windows and Mac OSX machines. I am able to secure the Windows machines, but cannot access the router (once secured) with the OSX computers. Any suggestions would be greatly appreciated.
-
38 Posted by shumon411 on Thu Sep 3, 2009 9:21PM EDT Report Abuse
thank you for your insight on how to set up the security on my router but you did not specgy as to which methood is better mac address filtering or wep. and how do i change the access passwork on the nic card on my pc or laptop to match the router. thank you. ps would like to know if possable i have a mac address filtering system on a netgear router and i have to restart the router almost every 2-3 days and its tidious work when its out i cant even log on the the router via its defult gateway please help
-
39 Posted by arjonestrucking on Wed Apr 4, 2007 5:48AM EDT Report Abuse
Great Information!! I'm a semi-truck driver and I use my laptop to get on the internet to find new loads for my business at wi-fi locations like truck stops, rest areas ect.. (flying J, TA travel centers,) I have webrot and pccillin. When I connect, I keep getting alerts that someone is trying to get on my internet. How do I stop this? And what do you suggest I use for security in the open world of wi-fi over the road? Please give detailed directions or explainations. I'm not the smartest computer person. Thank you
-
40 Posted by torti604@sbcglobal.net on Thu Sep 3, 2009 10:18PM EDT Report Abuse
The laptop that I am using has a Laplink card only capable of using WEP. I am able to communicate and access the internet with the router only when I don't have security off. When I set it up for WEP 128 bit the laptop has limited access to network and no internet access. I know I need to add something but I am at a loss of what to add? Any suggestions?
-
41 Posted by k_mccain@sbcglobal.net on Thu Sep 3, 2009 4:55PM EDT Report Abuse
These are very good suggestions but you stopped a little short. Becaust now anyone who may not be GEEK has lost their signal to their desktop and laptop. Probably should have said something about the changes over there!!
-
42 Posted by ericmathias59 on Thu Sep 3, 2009 3:55PM EDT Report Abuse
Ref post 27 and 30. If you are not interested in Wi-Fi then why did you bother ready the article (let alone add a comment)? If it were only that easy.
-
43 Posted by byrumm@sbcglobal.net on Thu Sep 3, 2009 3:15PM EDT Report Abuse
This doesn't really relate to security but... does anyone know why my laptop would only have a signal strength of 3 out of 5 bars when i am only about 3 feet from the router itself? It is a Vaio notebook and a linksys WRT54GS router. Is it the card in my notebook?
-
44 Posted by cosmopoulos on Thu Sep 3, 2009 3:30PM EDT Report Abuse
Question: What is the most straightforwrad way to determine if someone has hacked into my router?
-
45 Posted by voiceactor69 on Wed Apr 4, 2007 2:45PM EDT Report Abuse
i have a wireless router but no network. just a single computer. the article on changing the password was too complicated for me. can anyone simplify it? also do i NEED to change the password since i don't have a wireless network? thanks,
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
26 Posted by flupastu on Thu Sep 3, 2009 4:01PM EDT Report Abuse
I have done every step mentioned in this article thru trial and error ............ i sure wish i found this 2 yrs ago ........ great bit of info