Wireless computer networks are now prevalent in most residential neighborhoods. If you were to take a wireless enabled laptop and stroll down your street, you would probably detect dozens of wireless networks. Some of these networks would have tight security while the majority of them would have weak security or no security at all. The ones with no security could easily be compromised by a malicious attacker who is “war driving” or even innocently stumbled upon by your average neighbor. The ones with weak security can be compromised in minutes by a skilled hacker.
If someone has access to your wireless network, they can use it to partake in illegal activities on the Internet while remaining completely anonymous. If the authorities caught on to what the hacker was doing, they would trace the illegal activity back to you and your Internet connection and you could be held liable. A hacker could also use special tools to view confidential information such as email and web passwords emitted by your unsecured wireless network.
In this article, you’ll learn how to properly lock down your wireless network to stop the bad guys from getting in.
DETERMINE YOUR CURRENT LEVEL OF SECURITY
A wireless router, straight out of the box, is not secure. By default, the router will accept connections from any computer within range (Approximately 35 Meters). The router becomes secure once you enable some form of encryption. After you enable encryption, computers will be required to supply a password before they are allowed on your network. The two most common types of encryption for wireless networks are:
1. WEP – Although this standard will prevent your neighbors from accidentally stumbling upon your network, it won’t stop a determined hacker from getting in. Several flaws have been discovered in this standard which make it easy for a knowledgable person to bypass.
2. WPA – Designed to replace WEP and its weaknesses. As long as you choose a random, difficult to guess password, this standard will keep the bad guys out.
One easy way to determine whether or not your network is secure is to scan for wireless networks using Windows XP’s built-in utility. To access it, go into your control panel and open “Network Connections”. From there, right-click on your wireless network adapter and select “View Available Wireless Networks”.
Here is a screen shot of some example results:
You can see that there are several secure networks in the area. However, the only one with strong WPA protection has “(WPA2)” at the end. The other “Security-enabled” wireless networks are using the older encryption standard WEP. There is also one “Unsecured wireless network” which is open for anyone to use, most likely unbeknownst to the owner.
*** Note: If your router has just come out of the box, the network name will probably be the manufacturer of the router (IE: “Linksys”, “Netgear”, “D-link”, etc.). The name can be changed by logging into the router’s configuration page, which we will do in the next step.
LOGIN TO THE ROUTER CONFIGURATION PAGE
You should do the following steps from a computer that is directly connected to your router (with an Ethernet cable) because once you enable encryption on your router, all your wireless devices will lose their connection until you configure them with the password.
The next step is to login to the router and enable wireless encryption. Before you can login however, you must determine the IP Address of your router. Most of the time, the router’s IP address is either 192.168.0.1 or 192.168.1.1. To verify, go into the control panel and open “Network Connections”. Right-click on the network adapter that’s connected to the router and select “Status” from the popup menu. In the Connection Status window, click on the “Support” tab. The “Default Gateway” is the IP Address of the router:
Now we can login to the router through a web browser like Internet Explorer or Firefox. Type the IP Address of the router into the address bar in your web browser and press enter. You will then be prompted to enter a username and password. Quite often, the username is left blank and the password is admin. Otherwise, consult the instructions that came with your router (If you’ve lost the manual, you can probably find it at the manufacturer’s website).
ENTER THE WIRELESS CONFIGURATION PAGE
This stop onward will vary depending on the make and model of your wireless router. In this example, I’m using a Linksys WRT54G so the screen shots may look different from what you see.
Once I’ve entered in the username and password for my router, I’m presented with the main configuration page. Since I’m dealing with the wireless configuration, I click on “Wireless” on the top panel. Then from the options below, I click on “Wireless Security”. As you can see, by default, the Security Mode is disabled.
There are several different “Security Modes” to choose from. On the screen shot below, you will notice two that we discussed earlier, WEP and WPA Personal. WPA Enterprise is only used in large organizations where further authentication is required. As a home or small business owner, you only need to consider WEP, WPA, and WPA2. WPA2 adds a stronger level of encryption called AES. However, WPA is quite secure so long as you choose a difficult password.
*** Note: If WPA encryption is not available on your router, it may be because its too old. You can try downloading a newer firmware version from the manufacturer’s website that might allow you to use WPA. Otherwise, you’ll have to settle for WEP until you purchase a new router.
*** Note (Feb 14, 2009) : Recently, a security flaw has been discovered in WPA (TKIP mode) that could allow an attacker to crack very small packets on your network. It’s not a serious flaw that would allow an attacker to compromise your data or connect to the Internet through your wireless router. However, if you are concerned, choose WPA2 Personal and use AES encryption instead of TKIP.
SET THE WIRELESS SECURITY MODE
In this example, I’ll choose “WPA Personal” from the menu because it’s much more secure than WEP and more compatible with older devices than WPA2.
*** Note: If you have a device on your wireless network that only supports WEP (such as a Nintendo DS), then you must choose WEP for compatibility. There is a complicated way to support WEP and WPA by using three routers, however that is not covered in this tutorial.
Set the “WPA Algorithm” to TKIP.
It’s important that you create a rather long and random “WPA Shared Key”. This is the password that other computers will need to connect to your wireless network. Creating a password with random numbers and letters (both upper and lower case) is the best way to thwart an attack on your WPA wireless network. I recommend that you write this password down on a sticky note and slap it on your router so that you do not forget it.
If you are configuring the router from a computer with a wireless adapter, you will lose your connection after you save these settings. This is because you are now unauthorized to be on your network. You must enter the password into your computer’s wireless configuration before you can reconnect.
ENTER THE KEY ON YOUR WIRELESS DEVICES
On your computer, scan for wireless networks again. This time your network name should appear as “Security-Enabled”. Congratulations, you have now blocked unauthorized wireless access to your network!
Select your network from the list and click “Connect”. You will now be asked to enter a key (the password):
Enter the key and press “Connect”. You should now be connected securely to your wireless network:
Now no one can use your Internet connection for illegal purposes and no one can listen in on your confidential data as it streams through the air. I hope you found this tutorial helpful!