Step by step: How to protect your Wi-Fi network

Fri May 16, 2008 4:53PM EDT

See Comments (81)

Reader Joshua writes: I have searched all over the net for detailed instructions on how to protect my Wi-Fi network, and I just can't seem to find them. I would appreciate some help.

Most vendors provide an installation CD with their routers, and if you use this CD (you never have to, by the way), you'll be walked through setting up security on your router, step by step.

Personally I find these programs cumbersome, and since I tend to swap out routers every couple of months, I never install them to avoid having multiple management applications which correspond to nothing on my network.

So, without further ado, here's how to set up security on your router without using a custom application.

1) Type in the IP address of the router in your browser. This is how you get to the management system. You will need to check your router's manual for the IP address (it's probably 192.168.0.1 or something close to that) and the default password for the router. Now every router's management interface is different, and I don't have every brand here to work with, so I'm just going to point you toward the areas you need to tweak. This isn't complicated, but it might take a little trial and error on your part. Just poke around until you find the appropriate section to manage. It's usually quite simple.

2) Set a new administrator password. Always a good first step so you don't forget it later. This is often not under the Security section, so don't forget to look under the Utilities or System Settings area. Once you find it, change the password here like you would with any user account.

3) Turn on encryption. Look under Wireless Security or a similarly tagged section. You want to turn on encryption here: Use WPA (or WPA-PSK) if all devices on your network support it. Otherwise use 128-bit WEP. Type in the key you'd like (or use a passphrase to generate the key if you're using WEP). Note  the passphrase you're using so you can type that password into your client machines.

4) Change the SSID. Nothing says "hack me" like a default SSID (essentially, the name of your router) like "linksys" or "belkin." Change it to something menacing, not "janesrouter." One router I can see from my office is named "virustrap." I can't imagine anyone willingly trying to hack into that network. Remember you'll need this SSID when you browse available wireless networks from your client machines. You'll find this setting under a menu called Channel or SSID, something like that.

After that, you've covered the basics of security. You'll probably have to reboot your router multiple times during this procedure (so it's best to use a cable to do the configuration), and don't forget to hit "Apply Changes" or "Save Changes" after every tweak you make.

You can continue to make more advanced wireless security changes if you'd like, but I think they're overkill. Still, if you're paranoid, you can turn off SSID broadcasting (so you have to type in the network name manually; it doesn't show up in the Windows scan). You can also turn on MAC address filtering, which limits access to your network to a list of clients that you specifically approve. If anyone really wants information about how to configure MAC filtering, email me or post a comment below and I'll whip up a blog post down the road.

Comments on Step by step: How to protect your Wi-Fi network

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by aazo11 on Thu Sep 3, 2009 2:43PM EDT Report Abuse

    Please note that not broadcasting the network SSID does not make your network any more secure. For more information on hididng the network SSID please refer to: http://www.microsoft.com/technet/itsolutions/network/evaluate/hiddennet.mspx While MAC address filtering is somewhat beneficial, it should not be the only security you use. The MAC address is sent non-encrypted between the client and the AP, and it is very easy for a malicious user to detect and spoof them. WPA2/WPA and to a lesser extent 128 bit WEP are the only real ways to secure a 802.11 (WiFi network).

  • 7 Posted by go_direct on Thu Sep 3, 2009 4:11PM EDT Report Abuse

    Great help all. So how does all this affect you upanddown speeds on cable or DSL? Does the encryption slow down uploads and downloads "significatly? Also, my D-link came with third party security.What others are you people using if any as this course seems to not use any. Thanks!! H

  • 8 Posted by markosians on Thu Sep 3, 2009 7:08PM EDT Report Abuse

    go direct, I have setup wpa2 security and have noticed very little if any degredation in speed. Nick

  • 9 Posted by erwin_aceh on Thu Sep 3, 2009 3:56PM EDT Report Abuse

    Dear Sir, I recently has one of PDA phone [ O2 XDA Atom ]. I just bought 1 month ago.and have network WI-FI. Now, i found one failure the function of WI-FI, which is i cannot check my email through yahoo. I can browse any other website, yahoo, etc. but, why when i explore yahoo, go to MAIL and fill up the name and password as well,and click SIGN - IN, unfortunettely, the page was white blank. not even one word or picture appears there. Please find out for me regarding this matter, Thanks.

  • 11 Posted by camedeirosjr on Thu Sep 3, 2009 3:17PM EDT Report Abuse

    What is the difference between WEP and WPA, regarding security? Which one is more hackerable?

  • 12 Posted by kupriaa1 on Thu Sep 3, 2009 4:54PM EDT Report Abuse

    I would not waste my time with MAC filtering or WEP for that matter. As pointed out earlier- MAC addresses can be spoofed easily. Furthermore- WEP keys can be quickly ascertained. WPA and 802.1X authentication are certainly your best bets. Forget static IP addresses. Once you have decrypted the WEP key- MAC addresses and IP addresses can be implemented.

  • 13 Posted by kupriaa1 on Thu Sep 3, 2009 4:54PM EDT Report Abuse

    Both of the encryption algorithms for WEP and WPA are secure- its the way we create the keys thats insecure with WEP. Certains patterns have been found using the ISV that allow programs to quickly guess keys (within a reasonable number of hous of course). WPA (TKIP) and WPA (AES) were designed to remove this flaw. Use WPA when possible. All encryption will slow stuff down. more cpu cycles will be needed to crank the encryption stuff. However, that is why you bought a fast PC. It really isnt that much slower unless you have a slow machine.

  • 14 Posted by wigginsmark on Thu Sep 3, 2009 10:45PM EDT Report Abuse

    Hey Wondered if you could help: I have a belkin router and had 4 pcs connected by wireless to it and it worked great just with a WEP64 encryption on it. I have now brought a Apple Macbook and tried to connect but failed until i tried MAC filtering and now i can connect with my mac. BUT I am only able to input 4 MAC addresses in the filtering option and i need 5. Everytime i try and add a new one i click "add" it says "applying changes" but doesnt add another one. Is there anyway to add 5 MAC addresses to the filtering??? Please help! //Wiggie

  • 15 Posted by michael.buskin on Thu Sep 3, 2009 7:17PM EDT Report Abuse

    I Agree with all above, below are some extra options 1) SSID Broadcast Power - Limit the Broadcast Power (Not all AP, Routers) 2) Wireless Isolation - Stops all Wireless Traffic from accessing LAN (Physical Connected) Computers

  • 16 Posted by jpav05 on Thu Sep 3, 2009 4:42PM EDT Report Abuse

    Hey I got a question what about if you don't have a router and you have high speed by using a cable modem how you u secure this connection?? I been trying to figure this out but I get to a certain point and I do not know what to do next. The other day I came home and somebody was using my connection so i just turned it off but I would like to know how to secure it.

  • 17 Posted by tonycom01@sbcglobal.net on Thu Sep 3, 2009 10:16PM EDT Report Abuse

    i recently backed up copies of my office 2k3 and all of a sudden the program came up missing and i've noticed that other back ups i had are missing important files is there any way to recover the lost files Tony

  • 18 Posted by hdzerrudo on Thu Sep 3, 2009 4:17PM EDT Report Abuse

    hi, i love reading all the stuff. i got my wgt624 router and can't even connect to my laptop with wg511t adapter. i am using clearwire right now...sorry me

  • 19 Posted by andreafriedell on Thu Sep 3, 2009 2:53PM EDT Report Abuse

    You guys are amazing. Please come over and do all that stuff. I was lost after the first "WEP."

  • 20 Posted by medullaboi on Thu Sep 3, 2009 7:14PM EDT Report Abuse

    Im so glad im not stupid so I can do it myself....Its not that hard..

  • 21 Posted by walt.bundy on Thu Sep 3, 2009 10:40PM EDT Report Abuse

    Have you ever seen a laptop with built in Wi-Fi using any Microsoft OS that will work with WEP. I have not. All require a plugin Wi-Fi device with its own software.

  • 22 Posted by audiotecnicality on Thu Sep 3, 2009 2:59PM EDT Report Abuse

    Changing your DHCP scope will cause you more problems than it's worth. Anybody dangerous enough to crack your WEP key will certainly be smart enough to just assign themselves a static IP... I recommend WPA at minimum, WPA2 if all your hardware supports it. WEP is no longer acceptable; it doesn't take a genius to crack WEP keys anymore, there are free tools available on the Internet. Use a long WPA passphrase, do not broadcast your SSID, change your default SSID and router password, as the article said. In response to the post about up/down broadband speeds, no, it does nothing to improve or degrade your bandwidth. If you pay attention to the numbers, you'll notice that your max down rate (faster than your max up rate) is significantly less than your wireless network speed (eg 1.5Mbps down vs. your 54Mbps network, nominal of course).

  • 23 Posted by maryjoyfulness on Thu Sep 3, 2009 7:10PM EDT Report Abuse

    would love info on how to do this for my mac/verizon acct thanks

  • 24 Posted by westhampnett on Thu Sep 3, 2009 10:43PM EDT Report Abuse

    Your pointers are helpful for home wireless networks. A bigger related problem that affects everyone who uses a laptop to access the internet on wireless public Wi-Fi networks ( hotel, coffee shop etc.) is how to protect your laptop's transmissions -- if possible at all. Maybe you could comment on this in a future article. Thanks much.

  • 25 Posted by jim54invc on Thu Sep 3, 2009 4:35PM EDT Report Abuse

    Ditto post #20. It's amazing how easy things can be when the directions are clear, simple and direct. Considering that the write-up warned that some of the info was necessarily-vague, it was still quite easy for me to do some of the tweake :-) If only software companies would realize the value of clarity when they do their doc.

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.