Monday, November 09, 2009

How to secure your wireless network

Note: The following is a repost of how-to of the same name I wrote tonight at my IT notes site.

Intro

Do you have a wireless router and a wireless device and want to make sure your neighbours aren't freeloading your internet connection or snooping through your network? Follow these instructions to lock down your wi-fi.

Get what you need

  1. A router that has both wired ports and wireless capability.
  2. A computer with a wired connection to the router.
  3. A computer with a wireless network connection (it could be the same computer as in #2).
  4. A piece of paper large enough to write 5 lines of text on it. You will be filling in the following template:
    IP Address


    User Name


    Password


    SSID


    Passphrase

  5. A pen.
  6. Some adhesive if the paper in #4 did not have its own.

Let's get started!

  1. Plug your computer into the router (and switch off or unplug the wireless network adapter if your computer has both). This makes sure you're configuring the right router (and not your neighbour's) as well as gives you a way to fix it if you accidentally lock yourself out. Some routers only allow you to configure them through a wired connection anyway.

  2. Find out what your gateway's IP Address is. It will be something like 192.168.0.1 but it depends on the manufacturer and model, as well as the initial set-up.

    • Windows XP:
      1. Start > Control Panel
      2. Double-click on Network Connections
      3. Double-click on the Local Area Connection icon
      4. Click on the Support tab
      5. Write down the numbers that are next to Default Gateway as the IP Address.

    • Windows Vista and 7:
      1. Show the Start menu
      2. Type network connections in the search box and select View network connections
      3. Double-click on the Local Area Connection icon
      4. Click on the Details... button
      5. Write down the numbers that are next to IPv4 Default Gateway as the IP Address.

  3. Open your web browser and in the address bar, type http:// followed immediately by the gateway's IP address. For example: http://192.168.0.1

  4. You should be prompted for a user name and password. If you have never set this, then you have a few options for figuring out what the default user name and password are:

    • Find the little user's manual that came with the device. It should have a section on administration or remote access. Worst case, you flip through the 10-20 pages looking for either an image similar to what's on your screen right now or some mention of any of the following words: admin, login, password or user name.

    • Find a digital version of the user's manual:

      1. Go to the manufacturer's website. If it's not printed on the router anywhere, search the web.
      2. Navigate to their Support section of the website.
      3. Look for a Product or Model Search and type in the model number of your router.
      4. One of the links for your router's page (when you eventually find it) should be for the manual, usually as a PDF file.

    • Guess! Here are some common combinations:

      1. user name admin and no password
      2. no user name and admin as the password
      3. user name admin and password admin
      4. no user name and no password

    • Now that you have found the default user name and password, you should change them as soon as possible. Look under Tools, Advanced or Maintenance. Invent a password you don't use for anything else and write both the User Name and the Password on your piece of paper.

  5. Look for a Wireless or WLAN menu. You will know you have found the right page when you see words like SSID, WEP, WPA, Passphrase and Channel.

  6. Your Network Name is commonly called SSID. You change this from its default of default (or sometimes it's the manufacturer's name) and set it to something that's easy for you and your guests to know it's your router. Keep it simple and a single word if possible, like the name of a pet. Whatever you choose, write it down on your piece of paper.

  7. The next part is a little trickier. You usually need to select what kind of security you want. If you're reading this, you want to change it from None or Disabled to WPA.

    • Side note: Avoid WEP at all costs as it is too easy to break in. Protecting your wireless network with WEP is like putting a sign in front of a pool, kindly asking people not to go swimming. Protecting your wireless network with WPA is like building a fence around your pool. The most determined swimmers can still climb your fence, but casual swimmers that would not have been deterred by the "please don't swim" sign will go look for easier pools to break into.

    • Side note number 2: Your router might allow you to select WPA2. In my experience, this protocol is not as compatible with as many devices, so I would not recommend it.

  8. Now you get to pick a Passphrase (also known as a shared key). A passphrase is like a password, but it's longer and it can contain spaces. Pick an easy to spell one-liner that you and your guests can easily type, something like I am one with everything. It usually needs to be at least 8 characters long and, just like a password, it will be case-sensitive. When you have typed it twice, click whatever Save button there is and you're almost done!

  9. At this point, your router might want to think for a few seconds or maybe it will automatically reboot. In any case, wait 10-30 seconds and then try connecting to your router using a wireless-capable device. If you are using the same computer, unplug the network cable and then switch on (or plug in) your wireless network adapter. After another 10-15 seconds, you should get a message saying some wireless networks were detected and to click to see a list. You should see your newly-named wireless network in that list with a little padlock indicating it needs a key. If your network is not listed, you can wait another minute or two and then start over in case you got something wrong along the way.

  10. It works! Yeehaw! Now attach your piece of paper under your router using some light adhesive so that the next time you need to fix something, you will be able to skip steps 2 and 4. It will also be useful when you want to give your guests access to your wireless network; you won't have to try to remember anything, you can just lift up your router and read off the SSID and Passphrase to them.

2 comments:

sarathainside said...

Hi, I use WEP with MAC filter, on.
Even with WAP , putting the MAC filter on is a good idea to ensure that the neighbours don't piggyback on your WIFI.

Olivier Dagenais said...

A MAC address filter means a bit more work for you whenever you have a guest at your place that wants to use your router and a bit more work to break into your router, but it won't keep out determined crackers who will sniff out your MAC addresses and then configure their wireless adapters to use them. In other words, the MAC address does not necessarily uniquely identify network devices, but if you don't mind the extra step of whitelisting your guests in exchange for crackers having to set their MAC address to one that's on your whitelist, then go for it! :)