More and more users use wireless connections to connect to the Internet, many do receive a wireless lan router by default from their internet provider and forget to protect the router and the connection properly. Insecure Wireless routers are a main target not only of hackers but also of neighbours in the vicinity who like to waste your bandwidth instead of their own.
While it does not seem to be that bad that someone else would use your wireless internet connection for surfing the web it becomes a very important matter if this is abused. Someone could download warez, pornography, commit fraud, send thousands of emails or share software in p2p networks. You will be held responsible for abuse that is done with your connection.
You need to know the basic information about your wireless router before you can begin to protect it.
* Who is the manufacturer
* What is the name of the wireless router
Visit the manufacturers website and search for updates for your router. Updates are normally in the form of firmware updates which update the internal functions to a new version which could result in additional features and security. Please consult the website for instructions on how to update the firmware of your router.
Make sure you update it using a wired connection because wireless connection tend to become unstable in the wrong moments. (Murphy’s law)
It is now time to protect the router further. Connect to the interface which is normally done by opening the IP of the router. (default 192.168.1.1 most of the time) Enter username and password and change them when your are logged in. Many routers get hacked because the user did not change the default login data that ships with the routers. Everyone can look them up and it is really easy to access the router even though everything else might have been optimized for security.
Now it is time to configure the security settings of the w-lan router. Add a service set identifier (SSID), it does not really matter how you name it, just remember the name. Make sure you disable the SSID broadcasting afterwards, this ensure that your wireless router does not show the SSID and it is a little bit more difficulty to find it out.
I know that this is a weak security tip but it could mean that this in addition with other security measures poses a problem for so called script kiddies.
Enable the strongest encryption method available, this is normally WPA2 with AES. If you have an older router or a device that does not support WPA2 you should think of buying a new router or updating the devices. Make sure you use a large string with numbers and letters. A good value would be between 20 and 30 chars for the key, make sure you remember it because you need to supply the key to the other devices that have to connect to the router.
Enable Mac filtering, look up your mac address by using the command line in Windows XP and typing ipconfig /all. The physical address is your mac address. This ensures that only computers with a Mac address that is listed in the router can connect to it. Please note that the Mac address can be faked.
If you do not need the full transmitter power because your router and computer are physically close to each other you could reduce the transmitter power to reduce the chance that someone from outside your walls will be able to find the router and connect to it. Please be aware that a good antenna on the device that wants to connect to your router is able to counter this strategy.
Here is a list of other ideas that are worth investigating.
* Disable all services that you do not need.
* It is a very good idea to power off the router when you do not need it to prevent anyone from connecting to it while you are away. Alternatively turn off the wireless function of the router.
* If you have the means monitor the traffic of your wireless connection to find out if someone else uses it as well.
* Enable the firewall of the router and configure it properly
* If the router has a logging feature enable it and analyze it regularly.
* Limit the maximum number of DHCP addresses if you use that feature.
* Use Authentication if possible.
While it does not seem to be that bad that someone else would use your wireless internet connection for surfing the web it becomes a very important matter if this is abused. Someone could download warez, pornography, commit fraud, send thousands of emails or share software in p2p networks. You will be held responsible for abuse that is done with your connection.
You need to know the basic information about your wireless router before you can begin to protect it.
* Who is the manufacturer
* What is the name of the wireless router
Visit the manufacturers website and search for updates for your router. Updates are normally in the form of firmware updates which update the internal functions to a new version which could result in additional features and security. Please consult the website for instructions on how to update the firmware of your router.
Make sure you update it using a wired connection because wireless connection tend to become unstable in the wrong moments. (Murphy’s law)
It is now time to protect the router further. Connect to the interface which is normally done by opening the IP of the router. (default 192.168.1.1 most of the time) Enter username and password and change them when your are logged in. Many routers get hacked because the user did not change the default login data that ships with the routers. Everyone can look them up and it is really easy to access the router even though everything else might have been optimized for security.
Now it is time to configure the security settings of the w-lan router. Add a service set identifier (SSID), it does not really matter how you name it, just remember the name. Make sure you disable the SSID broadcasting afterwards, this ensure that your wireless router does not show the SSID and it is a little bit more difficulty to find it out.
I know that this is a weak security tip but it could mean that this in addition with other security measures poses a problem for so called script kiddies.
Enable the strongest encryption method available, this is normally WPA2 with AES. If you have an older router or a device that does not support WPA2 you should think of buying a new router or updating the devices. Make sure you use a large string with numbers and letters. A good value would be between 20 and 30 chars for the key, make sure you remember it because you need to supply the key to the other devices that have to connect to the router.
Enable Mac filtering, look up your mac address by using the command line in Windows XP and typing ipconfig /all. The physical address is your mac address. This ensures that only computers with a Mac address that is listed in the router can connect to it. Please note that the Mac address can be faked.
If you do not need the full transmitter power because your router and computer are physically close to each other you could reduce the transmitter power to reduce the chance that someone from outside your walls will be able to find the router and connect to it. Please be aware that a good antenna on the device that wants to connect to your router is able to counter this strategy.
Here is a list of other ideas that are worth investigating.
* Disable all services that you do not need.
* It is a very good idea to power off the router when you do not need it to prevent anyone from connecting to it while you are away. Alternatively turn off the wireless function of the router.
* If you have the means monitor the traffic of your wireless connection to find out if someone else uses it as well.
* Enable the firewall of the router and configure it properly
* If the router has a logging feature enable it and analyze it regularly.
* Limit the maximum number of DHCP addresses if you use that feature.
* Use Authentication if possible.
