Protect your Wireless Lan
More and more users use wireless connections to connect to the Internet. Many do use a wireless LAN router by default that they get from their internet provider and while there are certainly some that go right ahead and secure the router or modem properly, it is likely that many do not and are just happy that it works right away.
Insecure Wireless routers are a main target ofÂ hackers but also of neighbors who like a free ride on the Internet.
While it does not seem too bad on first glance, you need to understand that all activities of the third party falls back to you in first place. If they download copyrighted files, commit fraud, spam, access pornography or spread malicious software, then it is you who gets the (first) blame if detected. You will be held responsible for abuse that is done with your connection.
You need to know the basic information about your wireless router before you can begin to protect it.
- Who is the manufacturer
- What is the name and model of the wireless router
Visit the manufacturers website and search for updates for your router. Updates are normally in the form of firmware updates which updates the device, often to include additional features or security updates.Please consult the website for instructions on how to update the firmware of your router.
Make sure you update it using a wired connection because wireless connection are less stable and any interruption to the process may brick the router or modem.
It is now time to protect the router further. Connect to the interface which is normally done by opening the IP of the router. (default 192.168.1.1 most of the time) Enter username and password and change them when your are logged in. Many routers get hacked because the user did not change the default authentication of the device.
You just have to search on the Internet for a name and model to find the default admin username and password listed on websites.
Now it is time to configure the security settings of the w-lan router. Add a service set identifier (SSID), it does not really matter how you name it, just remember the name as you need to select it when you are connecting to the device.
Enable the strongest encryption method available, this is normally WPA2 with AES. If you have an older router or a device that does not support WPA2 you should think of buying a new router or updating the devices. Make sure you use a large string with numbers and letters as the encryption key. A good value is at least between 20 and 30 chars long. Make sure you remember it because you need to supply the key to the other devices that have to connect to the router (you can look it up in the dashboard though).
Enable Mac filtering, look up your mac address by using the command line in Windows XP and typing ipconfig /all. The physical address is your mac address. This ensures that only computers with a Mac address that is listed in the router can connect to it. Please note that the Mac address can be faked.
If you do not need the full transmitter power because your router and computer are physically close to each other you could reduce the transmitter power to reduce the chance that someone from outside your walls will be able to find the router and connect to it. Please be aware that a good antenna on the device that wants to connect to your router is able to counter this strategy.
Here is a list of other ideas that are worth investigating.
- Disable all services that you do not need.
- It is a very good idea to power off the router when you do not need it to prevent anyone from connecting to it while you are away. Alternatively turn off wireless.
- If you have the means monitor the traffic of your wireless connection to find out if someone else uses it as well.
- Enable the firewall of the router and configure it properly
- If the router has a logging feature enable it and analyze it regularly.
- Limit the maximum number of DHCP addresses if you use that feature.
- Use Authentication if possible.