When I turn on my laptop at home and look for available wireless connections, I see a dozen of them. That’s not surprising given the number of broadband connections in my neighborhood, each of which comes with a free wireless router. What’s surprising is the fact that all of them, except a couple, are unsecured. Some of them still have the manufacturer’s default password. They all violate the first rule of wireless computing: ALL WIRELESS NETWORKS MUST BE SECURED.
Here are a few things you can do secure your wireless router and network:
1. Change your router’s default password
This should be the first step you take after you power up your router for the first time. Straight out of the box, most routers have a lame password such as "password" or no password at all. Not changing it is like leaving the front door of your house wide open before going on vacation. It’s an invitation to bad guys. Change it.
And write it down somewhere. If you forget it, (and you probably will because you don’t need it all that often) you will have to push is a little button at the back to reset it. Remember that resetting clears all settings. You will have to set all the configuration options again.
2. Disable your router’s remote administration option
The next step is to disable remote administration for your router. If remote administration is enabled, anyone can access your router across the Internet. This option is only suitable for people who don’t administer their own routers and commission some one else to do so for them over the Internet. Most people can do without it.
3. Disable wireless option if you don’t use it
If all your computers, printers, and pieces of other equipment are connected to the router by means of a cable, turn off the wireless connection, or "radio" as the documentation of some router calls it, on your router. If you can’t find the option in your router’s administration interface, your router is too old; you may want to get a new one.
4. Change your network’s name
Routers come with default names, of SSIDs as their names are called. Few people change them. That’s why you see so many networks named WLAN or Netgear. Change the name. But don’t change it to something like Joe’s Network. That’s a dead giveaway that it’s your network. Choose a name that you will recognize but others won’t.
5. Stop broadcasting the SSID
Out of the box, broadcasting of SSIDs is enabled on most routers because other computer equipment can "see" the router and connect to it. But if you can see the network, so can everyone else within the router’s wireless range. Stop broadcasting it.
If you do, you will have to memorize the SSID and enter it every time you want to set up a new wireless connection on a computer. This certainly is an inconvenience but it’s a small price to pay for maintaining a secure environment. Keep in mind that this simple maneuver will not stop determined hackers.
6. Enable encryption on your router
Wireless routers employ three kinds of encryption schemes — WPA2 (Wi-Fi Protected Access 2), WPA (Wi-Fi Protected Access), and WEP (Wired Equivalent Privacy). WPA2 is the most secure scheme and WEP is the least secure one. WPA2 is available only on the latest routers. Use it if it is available on yours. If it isn’t, see if WPA is. It is preferable to WEP which is relatively easy to crack and therefore the least desirable. But if WEP is all your router supports, use it anyway. It is still better than no encryption scheme.
Remember that all your wireless equipment must support the encryption scheme you choose. If you select WPA for your router, but your wireless network card only works with WEP, you won’t be able to connect to your router. The solution, then, is to either use the scheme which is the least common denominator on all your equipment or upgrade the older equipment which doesn’t support the encryption scheme of your choice to newer models which do.
7. Limit the number of IP addresses
Most routers have built-in DHCP servers. The DHCP server assigns IP addresses to computers and pieces of other equipment when they connect to the router. A typical home router can support a couple of hundred pieces of equipment. But you can limit the number of IP addresses that the DHCP server will dole out. If you have two computers and a network printer, you can limit the number of IP addresses your DHCP server issues to three.
Mind you, this is not a fool-proof scheme. If one of your computers is off, one IP address is still up for grabs if a hacker can grab it.
8. Enable MAC address filtering
Each network card or interface has a globally unique address called a MAC address. You can configure your router to allow connections which originate from the MAC addresses of your computer equipment.
It’s not easy to find MAC addresses of all your equipment. The best way to get them is to connect all your equipment to the router while MAC address filtering is disabled. When you do so, you will see all your equipment listed in your router’s administration interface along with their MAC addresses. Print the page for your reference. Then enable MAC address filtering and enter the MAC addresses from the printed page.
All these settings are accessible from your router’s administration interface which you can go to by typing your router’s IP address in your browser. Check your router’s manual for its IP address.
Conclusion
As you can see, securing a wireless network is not very difficult. Yet, most people don’t bother with it and end up exposing their networks to online threats. Don’t let it happen to your network.
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
Does my mac adresse change if I upgrade my computer with some other hardware? For example change the graphic card?