Wi-Fi Security Made Easy

Mon May 8, 2006 4:11PM EDT

See Comments (46)

A comment on my Wi-Fi dropouts post requested help in configuring security on a wireless router. I'm happy to oblige. Here are my suggestions for securing your wireless network, from most important to least. I'd love to show you exactly how to make all these changes, but unfortunately every router is different, even routers made by the same company can have wildly different management schemes. Consult your user manual for detailed instructions.

  • Change the administrator password. All routers ship with default passwords for the management account, and these are common knowledge on the Internet. Your first step should always be to change the admin password to something unique.
  • Turn on encryption. No wireless encryption method is perfect, but some is better than none. Without encryption, anyone in the neighborhood can hop on your network, and you probably don't want that. If all the devices you own support WPA, use it (WPA-PSK is the type you want, if that's an option). Otherwise, use 128-bit WEP, which you might have to use if you have older networking products around your office.
  • Change the name of your network. Many people never change the generic network names like "belkin" and "linksys," and not only will you have trouble identifying which network is yours, you're also telling the world your network may be in a default state and vulnerable to hacking.

Now we're getting into more advanced stuff. These are changes that only the security-paranoid need to consider. More casual users can stick with just those above.

  • Turn off SSID broadcasting. When you scan for networks in Windows, you get a nice list of networks because they are all broadcasting their SSID, a network ID code. If you don't want your network to show up in this list, turn off SSID broadcasting. The downside: You'll have to type in the network name manually when you first connect to it.
  • Turn on MAC filtering. A MAC is a unique code that every piece of network hardware has. You can set your router to only accept connections from devices with MACs that you allow. Just input the MAC address for your various PCs and other devices, and anything not on the guest list will be escorted to the door. Note that if you're not comfortable with hexadecimal and the inner workings of networking, this tip may be more trouble for you than it's worth.

Comments on Wi-Fi Security Made Easy

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 26 Posted by markosians on Thu Sep 3, 2009 7:08PM EDT Report Abuse

    marjpon7, I had never done it before and this is the article that got me through it. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002706&source=NLT_NET&nlid=27 Let us know how it goes. Nick

  • 27 Posted by bankerkxxxx@sbcglobal.net on Thu Sep 3, 2009 3:02PM EDT Report Abuse

    I suggest logging on to your router's admin. set-up and have a look see... It's not that hard to do. time consuming but easy.

  • 28 Posted by greerbarton on Thu Sep 3, 2009 4:12PM EDT Report Abuse

    I'm new to computers (yes, I'm a senior citizen late to the game so be kind). If someone is on your wireless network does this mean they can view your internet activity?

  • 30 Posted by mackhvac on Thu Sep 3, 2009 7:02PM EDT Report Abuse

    people are still using mac/apple? --well duh!--80's music was great but i think the most of us moved on!!

  • 31 Posted by yanalenny on Thu Sep 3, 2009 10:54PM EDT Report Abuse

    all this good except I do not know how to do that, any advise??

  • 32 Posted by egyption_goddess2002 on Thu Sep 3, 2009 3:52PM EDT Report Abuse

    JUST BUY A NINTENDO WIFI USB THEY USE A GRANT PERMISSION AND DENY PERMISSION WOW ITS SOO CAVEMAN NEANDERTHALIC THEN YOU CAN PLAY YOUR DS ON WIFI

  • 33 Posted by atv_rider2000 on Thu Sep 3, 2009 2:59PM EDT Report Abuse

    Disappointing to see that the final 2 items are listed for only those of us that are "security paranoid". It makes good sense to turn off broadcasting the SSID and MAC filtering. It's not that hard to make sure your network and computers are safe through these methods; not paranoia. Seems typical that those of us who put a little effort to the security of our networks have to be classified as paranoid.

  • 35 Posted by mbrookman10 on Thu Sep 3, 2009 7:12PM EDT Report Abuse

    I'm sitting here reading some of these posts and what the article contained, atv is right if turning off SSID broadcasting is to hard for you then you don't need to be using a computer. It's as simple as unchecking a txt box in your router settings. You don't need to go download anything from the net to find out your MAC address in a Windows environment. Pull up a command prompt (DOS prompt) and type "ipconfig /all" without the "" and hit enter. There is your MAC address for each network card. MAC filtering is not secure at all but it will deter the script kiddies from getting in. You only have to spoof the MAC, meaning I spoof your MAC address acting as your network card and hey I'm in your network. Write me if you want to know more or learn how to secure your network at a very high level. Please no newbies I don't have time for that right now but there is many many many articles on the net to help you. Best of luck.

  • 36 Posted by mangojulie on Thu Sep 3, 2009 7:05PM EDT Report Abuse

    Most of the posts assume that everyone is technically versed in this stuff. There are also cries for help by truly novice users. For the novices like me, there is NetWork Magic (networkmagic.com) that does a fine job of helping you set-up and maintain your home network including security options, and detecting and kicking out intruders. It requires no technical knowledge, it will access and configure your wireless router and gives you PICTURES of what's going on on your home network. All of this via user friendly, non-technical, screens. It would be great if one of the technies like markosians, djnewman or mbrookman10 could take a quick look at this software tool (just read networkmagic's webpage) and let us novices know if it is foolproof. If not, where in your estimation might there be big gaps in its security capabilities?

  • 37 Posted by judgegaffney2002 on Sat Feb 24, 2007 11:14AM EST Report Abuse

    Great topic. Have you seen D-LinkTV (www.dlinktv.com)? They have a video about securing a home network.

  • 38 Posted by hlsj_99 on Thu Sep 3, 2009 4:19PM EDT Report Abuse

    Using the MAC address filtering is easy and you should not be afraid to use it. To find your MAC address click Start Run and type cmd in the box - you will get a command line. Type "ipconfig/all" without the quotation marks and hit "Enter" The MAC address will look something like this: 00-14-A5-E7-10-F3 it is not case sensitive. If you have more than one ethernet adapter enabled you could see more than one MAC address - you can feel safe to enter both of them as each MAC address is unique - there are no two alike. that is why they are such a handy filtering value. If you use MAC filtering remember that you will have to enter and "Allow" the MAC of any computer before it will be able to use the Internet. As you can see this will keep your neighbors or someone in the car on the street from using your connection. You will probably also have a log of all the computers that have gotten access - you can review this from time to time. It' kind of fun, safer, and only takes a few minutes to set up - 5 at the most! HAve fun.

  • 39 Posted by sherrymazzetti1@prodigy.net on Thu Sep 3, 2009 9:19PM EDT Report Abuse

    This is addressed specifically to those who have Yahoo! DSL with a home wifi setup provided by them. Is the equipment and CD they send reasonably easy to follow? I am not an absolute tech newbie, but I am definitely no sophisticated user either, so I need to know that the instructions are clear. Also, will they provide adequate information on making the wifi secure, or will I be dancing all over trying to find instructions--like reading these blogs and trying to translate many of them into English? Answers truly appreciated, as I would like to make a decision to go wifi or not within a couple of days.

  • 40 Posted by jaguar07 on Thu Sep 3, 2009 4:27PM EDT Report Abuse

    Whenever you take the trouble to secure a network you should always do everything possible to make it as secure as possible. To that end: 1. Enable MAC address filtering. 2. DISABLE the SSID broadcast. 3. Change the wireless router's ID and administrative password. 4. Limit the DHCP server of your router to the absolute number of IP addresses you actually use. Example: You have one wireless printer, two desktop computers, two laptops, and a Wii. Only allow for 6 IP addresses from the router. 5. ENABLE WPA2 if you can, each device on your network has to support WPA2 to do this. 6. DISABLE remote administration of the router. 7. ENABLE the SPI (stateful packet inspection) firewall of your router if it has one. If all of that seems difficult to accomplish read the router's manual. If it still is out of your league, contact a Network Security Specialist in your local area by using local.yahoo.com

  • 41 Posted by surfvenkat on Thu Sep 3, 2009 9:49PM EDT Report Abuse

    Finding the mac address of a computer isnt difficult. click on start , then run and type cmd and u will get the dos prompt. Then type ipconfig/all and note down the physical address corresponding to the wireless adapter if the pc or the notebook is a wireless client. Make sure u enter the same address on the router settings page under under wireless clients.The router settings are specific for each vendor.

  • 42 Posted by hvmember on Thu Sep 3, 2009 4:21PM EDT Report Abuse

    Do not use wireless unless you have to. Run wires all over the house is my suggestion, is cheap and more secure. install the wireless router in the basemant instead of the attic. Change router name password and use some security encription. But why bother to steal internet if you can go almost anywhere and use it for free....Sam.

  • 43 Posted by alice123yang on Thu Sep 3, 2009 2:50PM EDT Report Abuse

    Yes, if you don't want to others use your Wi-Fi siganal, and it's very easy. You can set up your IP adress and a password and change it often. That's all.

  • 44 Posted by ferbuz on Thu Sep 3, 2009 3:59PM EDT Report Abuse

    For WinXP: Just go to Network Connections, right-click the Wireless Network Connection icon. Click Status, click the Support tab then click the Details button. Now find the Physical Address -- that's the MAC Address (a 12 hexadecimal code) of your wireless network adapter. And that's the value you enter on the 'allowed' list of your router's MAC Address Filtering page. Other router's like Netgear call it Wireless Access List instead of MAC Address Filtering. For WinVista: Go to Network & Sharing Center, click Manage Network Connection. Right-click the Wireless Network Connection icon, click Status then the Details button. There you'll see again the Physical (MAC) Address. Or for those who are comfortable w/ the Command Prompt, you can invoke this commands regardless of what version of Windows you have: Click Start, on type Address Bar type: CMD or Command, then it will show you the black Command Prompt window & the C: prompt. Now just type IPCONFIG /ALL, it will show you all the network adapter details (both Local Area & Wireless). Then just look for the Physical Address. That's it, you now have the information of what MAC Address to include in the 'Allowed' list of your router's setup page. =)

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.