Community Pick: Many members of our community have endorsed this article.

Securing a Home Router (Wireless)

GUEEN
CERTIFIED EXPERT
Published:
Updated:
In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you strengthen the  out of the box  default mode that was set by the manufacturer.

Wi-Fi or 802.11 networking uses radio waves to transmit data.  Most wireless routers provide a range of up to 300 feet in all directions and if you do not secure your network then just about anybody will be able to peruse your files!  For minimum security levels you will at least want to set up a Wired Equivalency Privacy (WEP) key.

You might be surprised to know that spammers and malware users could be "Wardriving" in your neighborhood with their laptops and Wi-Fi detectors seeking a wireless connection to tap into.  These hackers know default router passwords and often will find an open portal where NOTHING can be traced back to them. Unfortunately, every nasty act that they perform on an unsecured and open wireless network will be traced back to you.

Since your router is connected to the internet and stands in front of your computer -- there is no firewall that will warn you about this type of intrusion.  The router firewall can block users from the internet from accessing your computer but this same firewall will not stop people in range of your local Wi-Fi signal from getting into your network. Local traffic can slow down your internet performance, browse your file system, drop dangerous malware on your system, read your email, intercept your user name and password, send you spam, surf porn, and perform myriad illegal activities with your internet connection.

Always read the instructions that come with your wireless router.  Since you are using this technology it is up to you to secure it as best you can.

How to secure your wireless router:
Linksys
Go to http://192.168.1.1 and Change the I.P. address of your router to a valid private address like 192.168.3.1 -- You will always be able to get to the web interface by typing the IP address of your router (default gateway into the browser navigation toolbar): http://192.168.3.1/ 
Always change the default settings on your router. The first thing you should do is to change the default administrative login and password.  This should never be a word that you find in your dictionary!
Wireless Network Mode = mixed.
Turn on the router hardware firewall - Block Anonymous Internet Requests, Filter IDENT at Port 113, and filter multicast. Editor's note: Check your specific routers manual for how to enable its firewall as this can be brand specific.
Set your Service Set Identifier (SSID) wireless network name to something unique that will not be confused with your neighbor's name.
To protect your router DNS settings from being hijacked you should install EZDNSWatch.  (This application is totally free for personal use).
Set a different default channel (default is channel 6.) Use channel 1 or channel 11.
Disable remote administration.
USE DATA ENCRYPTION.  Try to use Wi-Fi Protected Access (WPA) encryption instead of WEP.  WEP can be easily compromised.  For WPA Algorithms, use TKIP. To create a strong password for WPA -- use Steve Gibson's strong password generator.
DO NOT USE MAC FILTERING!  A MAC address is a 12 digit long HEX number that can be easily sniffed by a hacker.
DO NOT Auto-Connect to Open Wi-Fi Networks.
DHCP -- Eliminate or reduce the allocation of IP addresses.  Give your nodes static addresses or reduce the size of the address pool.  Limit the amount of DHCP addresses to the amount of devices on your network that will require DHCP.
Make sure that your router has the latest firmware installed. Your router manufacturer will periodically issue firmware updates so you should check the manufacturer website for updates on a quarterly basis.

9
11,027 Views
GUEEN
CERTIFIED EXPERT

Comments (8)

Administrative

Commented:
This article has been updated so that the last line was removed and the zone was changed to Networking Routers.  If you have any objections, or would prefer for this to get deleted, please let me know.

Thanks shekerra!
CERTIFIED EXPERT
Distinguished Expert 2020

Commented:
There are a couple of editorial items to be addressed in this article...

1. Check your acronyms: in step 9 you state "WPA (Wired Equivalency Privacy) encryption instead of WEP (Wi-Fi Protected Access)" but the acronyms are inconsistent with the words (are they reversed?). You do the same in the 2nd paragraph.

2. A number of odd characters appear: a bit further on in step 9, "WPA  use Steve Gibsons  strong" has a box with 00 and 13 stacked after WPA, and a box with 00 and 19 stacked where the apostrophe should be in Gibson's. This can happen if you prepare the copy in a word processor and then paste it into the article. To get around it, try going through a basic editor like Notepad (copy, then paste to Notepad, select all, copy, then paste into the EE dialog).

However, I have a more serious problem with this article, and I hope you don't mind my constructive criticism.

What is your assumed audience for this? From the lead in, I assume you are aiming it at novices, but if so, you need to assume a MUCH more basic knowledge level and include more information.

For example, in step 1, "something like" is too vague: would it be okay to use "123.456.7.8" or "my personal router"? No, I know it wouldn't be, but are you sure your reader would know? Be specific.

And in step 4, if the user has no idea about how to "turn on the router hardware firewall" they will not be able to "Block Anonymous Internet Requests, Filter IDENT at Port 113, and filter multicast". If you provide the instruction, you should let them know what these items are, even if you just provide links. I wouldn't classify myself as a novice, but I know I would need to look these up to understand what they do.

Sorry, but while I was attracted by the topic title, I did not find anything in this article beyond what I would expect to find in a manufacturer's manual. These articles will be found by people using online searches for information about a topic. If they are to be useful, they will need to provide more than what is generally available elsewhere. Unfortunately, I don't think this is the case for this article.
Yes , Accept it..

But For more secure, Change the router firmware with open-source linux firmware like DD-wrt, and then build the Radius server and use the router with Radius Authentication..
Also wasn't there an exploit of the WPS functionality in some of the newer routers? just as a be aware for those who use that to setup their pc to communicate with their router.

Thanks,
http://mjddesign.wordpress.com
Christopher Jay WolffWiggle My Legs, Owner

Commented:
This article was helpful to me.  I cannot get a manual for my Pace router and have not easily found what I want with search engines.  I have been working hack issues for a while and most recently have the neighbor's satellite router listed as my Network Infrastructure in FE.  I'm new with all this and am trying to lock things up.  My router stuff is here...

https://www.experts-exchange.com/questions/28864339/I'm-supposed-to-be-on-a-Pace-router-not-a-Cisco-router-and-not-dish-satellite.html

The follow-up comments are helpful also.  Thank you all.

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community