Wi-Fi Security Made Easy

Mon May 8, 2006 4:11PM EDT

See Comments (46)

A comment on my Wi-Fi dropouts post requested help in configuring security on a wireless router. I'm happy to oblige. Here are my suggestions for securing your wireless network, from most important to least. I'd love to show you exactly how to make all these changes, but unfortunately every router is different, even routers made by the same company can have wildly different management schemes. Consult your user manual for detailed instructions.

  • Change the administrator password. All routers ship with default passwords for the management account, and these are common knowledge on the Internet. Your first step should always be to change the admin password to something unique.
  • Turn on encryption. No wireless encryption method is perfect, but some is better than none. Without encryption, anyone in the neighborhood can hop on your network, and you probably don't want that. If all the devices you own support WPA, use it (WPA-PSK is the type you want, if that's an option). Otherwise, use 128-bit WEP, which you might have to use if you have older networking products around your office.
  • Change the name of your network. Many people never change the generic network names like "belkin" and "linksys," and not only will you have trouble identifying which network is yours, you're also telling the world your network may be in a default state and vulnerable to hacking.

Now we're getting into more advanced stuff. These are changes that only the security-paranoid need to consider. More casual users can stick with just those above.

  • Turn off SSID broadcasting. When you scan for networks in Windows, you get a nice list of networks because they are all broadcasting their SSID, a network ID code. If you don't want your network to show up in this list, turn off SSID broadcasting. The downside: You'll have to type in the network name manually when you first connect to it.
  • Turn on MAC filtering. A MAC is a unique code that every piece of network hardware has. You can set your router to only accept connections from devices with MACs that you allow. Just input the MAC address for your various PCs and other devices, and anything not on the guest list will be escorted to the door. Note that if you're not comfortable with hexadecimal and the inner workings of networking, this tip may be more trouble for you than it's worth.

Comments on Wi-Fi Security Made Easy

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by hackster666 on Thu Sep 3, 2009 4:15PM EDT Report Abuse

    mac address can be spoofed and or changed...although tedious it isnt that secure either.

  • 7 Posted by btam33 on Thu Sep 3, 2009 3:14PM EDT Report Abuse

    Your article on Wi-Fi Security was much to technical for this old illiterate PC man, I would like to isolate my equipment, but technical terms leave me in the dard

  • 8 Posted by thecyberfleamarket on Thu Sep 3, 2009 10:03PM EDT Report Abuse

    Great advice. The average home pc user may not know how to do some of the things suggested,but they also know they can look it up or theres normally a help tab or button that describes what your trying to do. I have turned my pc on and could see other networks in the neighborhood. I have mine secured now. When I first set it up, a lot of strange IP addresses were popping up and I would have an option of trusting them or not. After I secured it, that no longers happens. Linksys has a great help section online, and at their website and on the phone.

  • 9 Posted by medictft91158 on Thu Sep 3, 2009 7:14PM EDT Report Abuse

    WPA is best and not that difficult to set up. WEP is better than nothing. Using MAC filtering is also good and provides an additional layer of protection. Although MAC addresses can be spoofed it is not real easy and someone needs to know one of YOUR MAC addresses. You can also turn off DHCP and assign each computer or device on your network a static IP. You could also leave DHCP on and limit the number of addresses available to the number of devices connected to your network so when someone ties to access your network there is no addresses available providing your devices are always on. Further, make sure you have a firewall on each PC and that the firewall allows the router and the addresses or address range you have specified access to the internet or you won't be able to get out. If you have question about this email me.

  • 10 Posted by markosians on Thu Sep 3, 2009 7:08PM EDT Report Abuse

    I too used to think that MAC filtering was enough. When I started to research wireless security I realized it isn't. I recommend setting up WPA2 security on your wireless system. I know, many will say that it is overkill, but if your equipment is capable and your going to setup security anyway, why not setup the best available? Nick

  • 11 Posted by jchristingray on Thu Sep 3, 2009 4:30PM EDT Report Abuse

    Does this apply to broadband wireless cards, luke Verizon or Sprint wireless laptop card conntections?

  • 12 Posted by mjmmartinis on Thu Sep 3, 2009 7:23PM EDT Report Abuse

    How do I turn on encryption, and set up a password?

  • 13 Posted by skerett on Thu Sep 3, 2009 9:25PM EDT Report Abuse

    100% security on Wireless connection is MAC address filtering. Read your Wireless router manual. Only your designated PC can pass and use your "internet" network.

  • 14 Posted by rlaboucane on Thu Sep 3, 2009 8:43PM EDT Report Abuse

    Adding a further comment about WPA-PSK. There are 2 flavours, AES, and TKIP, AES being the stronger form. The only reason I mention them is because some wireless router manufacturers do not list WPA-PSK as an option, but rather list TKIP and/or AES. WPA-AES is also sometimes called WPA2 or CCMP.

  • 15 Posted by djnewman@pacbell.net on Thu Sep 3, 2009 3:44PM EDT Report Abuse

    How could MAC filtering not be enough? If the router doesn't accept the connection, then the only way to see the data stream is to intercept the RF. Any data being transmitted is between active network components, IE 2 PC's that have unique MAC addresses and the router. Assuming that the RF could be intercepted, understood and parsed (not too unlikely, but too much effort), you would be know the MAC addresses of the router and the 2 pc's. In order to enter the network, you would have wait until one of the PC's was not active, spoof its MAC address and move your data. HOWEVER: as soon as the spoofed pc attempts to transfer data, the networking would error out due to 2 sources of the same MAC address on the network. Did I miss something? Based on the above, I believe that the best course of action is to do all of the above and don't rely on just one item: 1) Use MAC filtering 2) Change all the passwords, names and ip addresses of the router 3) Turn off DHCP 4) Turn off SSID broadcasts 5) Use whatever encryption you can stand based on your data speed requirements. 6) Pay attention to the firewall in your wireless router and set up some rules to close ports and block sites you don't use. 7) Most important - turn things off when you aren't using them. None of the above rules are rocket science, and if you expose your network to the Internet or the Wireless world, you should be practicing them.

  • 16 Posted by isabelle_bourdonne on Thu Sep 3, 2009 4:25PM EDT Report Abuse

    Dear Christopher, You seem to be giving great advice, however being the novice that I am , I cannot figure out where half of what you are talking about is located on my computer. So, I'll just ask a simple question: If my router allows for wireless connection, but I am only using the router plugged into my computer with a cable (instead of using a wireless card), can people still connect to my router? thank you, isabelle

  • 17 Posted by markosians on Thu Sep 3, 2009 7:08PM EDT Report Abuse

    Mac filtering is NOT secure... Look here: http://arstechnica.com/articles/paedia/security.ars/3 google 'mac filtering' and see for yourselves. Hey, it's better than nothing, but don't kid yourselves it ain't secure. Nick

  • 18 Posted by dejarnettefl on Thu Sep 3, 2009 3:40PM EDT Report Abuse

    When all else fails. I love to state the obvious. Take no prisioners 2000.

  • 19 Posted by knowwhoiamns on Thu Sep 3, 2009 4:52PM EDT Report Abuse

    I have a lot of problems, me and my roomate secured our wireless using a wep encryption. His computer runs fine on the internet, but my connection which was strong before, now fluctuates and disappears at times. I can no longer play games online and I think it has something to do with the wep, any suggestions on how to fix it, or a different securing mthod which will enable me to play my games again? I would really appreciate the help, my email is knowwhoiamns@yahoo.com

  • 20 Posted by markosians on Thu Sep 3, 2009 7:08PM EDT Report Abuse

    Knowwho, turn off security and test that will tell you if it is the security that is causing your problems. A very good article that will hopefully help those who have been duped into thinking that wep, turning off ssid broadcasting and mac filtering is the way to go in securing a wireless network. http://www.microsoft.com/technet/technetmag/issues/2005/11/SecurityWatch/default.aspx

  • 21 Posted by markosians on Thu Sep 3, 2009 7:08PM EDT Report Abuse

    Sorry, didn't get the whole address in: http://www.microsoft.com/technet/technetmag/issues/2005/11/SecurityWatch/default.aspx

  • 22 Posted by marjpon7 on Thu Sep 3, 2009 7:07PM EDT Report Abuse

    Kindly give STEP BY STEP instructions to secure wireless router. Don't skip any steps for the benefit of us computers BEGINNERS.

  • 23 Posted by djnewman@pacbell.net on Thu Sep 3, 2009 3:44PM EDT Report Abuse

    markosians - The refernce just affirms my point. It's easy to sniff out the MAC, but then you are at the network level. Basic networking will stop when there is a collision of MAC addresses. You may be in there for a while, but as soon as local traffic reoccurs, the network will break and the local users will be notifed by the error. No, it's not perfect and there is overhead in a large organization. In a local LAN of 10 or less users (99% of wireless usage) it's a good solution to slow down outsiders. Nothing is perfect!

  • 24 Posted by markosians on Thu Sep 3, 2009 7:08PM EDT Report Abuse

    DJ, If you're right the fact is they got in and you have been compromised. Why not go with WPA at least? My thought has always been to go with the highest level of security that my network can achieve. For me to go with WPA2 I had to replace one wireless card in my son's desktop. It was only capable of WPA protection. If the other two computers in my network weren't WPA2 capable, then I would probably have gone with WPA and MAC filtering. Nick

  • 25 Posted by williame_johnson on Thu Sep 3, 2009 10:46PM EDT Report Abuse

    A lot of good info here but is there an easy way to tell if someone is on your network? Something like a utility that looks around and tells you all the ipaddresses it see's.

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.