How is your Wireless Network Configured?

Posted on 2012-09-18
Medium Priority
Last Modified: 2012-11-05
I just bought a Netgear RangeMax Dual Band Wireless Router and I want to make it as secure as possible.

I have a laptop, desktop, 2 wireless printers, and a smart TV for Netflix.

How would you configure your router to give maximize security without degrading performance? Is setting WPA the only thing I should do or can that be hacked?

Thank you.
Question by:RockySea
LVL 10

Expert Comment

ID: 38409876
If you can configure WPA2 use it. Then choose a long and complex wireless password.
You might also want to set a long and complex password for your router configuration itself to make sure the setup is not being changed by the legitimate users of your network.
Regarding security "WPA2" is considered secure, together with a strong password no successfull attacks are known yet.
LVL 21

Assisted Solution

Rick_O_Shay earned 400 total points
ID: 38409882
Using WPA2, or highest level your devices wil support, is a good idea.

Also you can turn off broadcasting your Network name or SSID. That means you will need to manually configure it on all of your devices but it helps to keep outsiders out.

On the Netgear routers you can set up an access list and allow only your specific devices, by MAC address, to have access.

Expert Comment

by:Joel Armstrong
ID: 38409904
Well, anything can probably be hacked but If you select WPA2-PSK and set a good password, at least 8 characters with numbers, letters, and a special character or two you should be ok.

You can also hide the SSID from being broadcast so users can't see the name of the access point.  Another thing you can also do is MAC Address filtering.  You will have to add each devices MAC address to the table in the router configuration.   MAC filtering can be an administrative hassle if you have guest come over with a laptop.

If the router allows you to limit power you can size the coverage area to just your property.

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

LVL 10

Accepted Solution

abbright earned 800 total points
ID: 38410033
When it comes to hiding the SSID just keep in mind that it just makes life only a little harder for a determined attacker as it is still possible to find the network.
The same holds true for MAC filtering: As MAC-addresses can be chosen arbitrarily on some devices it does not give you any _real_ additional security.
So the absolutely most important (and in the end sufficient) security means are:
- choose WPA2
- choose a long and complex password. I'd recommend some random character string with letters, numbers and special characters, length at least 16 (!).
LVL 44

Assisted Solution

Darr247 earned 800 total points
ID: 38410758
WPA2 / AES (not TKIP)

Use a complex passphrase of at least 10 characters, and definitely not a dictionary word.
By complex I mean consisting of mixed-case letters, numbers and symbols.

Use wired connections where possible.

WPA/TKIP is more secure than WEP but can still be hacked, mainly because it's really WEP with the password rotated every so many packets according to vectors negotiated during authentication. If WPA/TKIP-encrypted traffic is captured, it can be decrypted because the encrypted password is included with every packet, so your data would not be secure.  
WPA2/AES traffic encrypted with a complex passphrase can take a million-computer 'botnet hundreds of years to decrypt by brute-forcing the passphrase... and brute force is the only way to crack it because the passphrase is not ever exchanged between client and station.

However, you should be aware that any time you're connected to the internet, even by wire, and not on an encrypted link (e.g. http instead of https), your traffic can be intercepted and viewed... so if you want security you should ensure the URL starts with https or sftp, and use the highest number of bits possible. You can check your browsers' encryption levels at https://www.fortify.net/sslcheck.html

Author Closing Comment

ID: 38413582
Thanks! I will setup WPA2/AES with a long,complicated password.

I will also disable SSID broadcast(I will have to figure out how to manually configure each device to associate with this router).

Very helpful!

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question