Two of the most popular posts on Technically Easy has to do with securing two different wireless routers: the Linksys WRT54G Wireless-G router and the D-link DI-524 Wireless router. At this time I only have those two guides available on securing wireless routers.
For those with other wireless routers, I decided to outline some of the security settings you can enable, if available, on your wireless router to make it secure.
The Settings
There are several settings, that by default, aren’t usually setup to provide a secure wireless connection. This is probably done this way to make it easier for you to secure your router the way you want to.
The settings outline below are the ones I deem important and should be set to ensure your connection is secure.
- Admin ID and Password. Routers have a default user ID and password that is widely published. Before making any other changes, ensure that you change the administrative ID and password of your router. If you can’t change the ID, ensure you change the password.
- Limit the Number of IP Addresses. Each router assigns a unique IP address to each computer that is connected to it. If you have a set number of computers that connect to your router, limit the number of IP addresses that the router can assign. This way if all the IP addresses are assigned to your computers, and an unwelcome visitor attempts to connect, they won’t be able to.
- Enable WPA or WPA2. New routers sold today contain the option of WPA, WPA2 or WEP. WEP is the older standard of security that has since been breakable. WPA or WPA2 are more secure than WEP so you should enable one of those instead.
- Enable AES. If you choose WPA, ensure you also set the algorithm/cypher type to AES. If you have problems with using AES, you can select TKIP.
- Set a Strong Passphrase. When you create a passphrase, ensure you use as many letters, numbers, and punctuation, in your passphrase as possible. The more of each type of character you use, the harder it is for someone to guess your passphrase.
Optional Settings
While the settings listed above provide a secure connection, there are additional settings that can be changed. For the most part, I don’t use the settings specified below, unless indicated, but you can if you choose.
- Don’t Broadcast the SSID. This one is a personal choice, and I don’t turn off my SSID broadcast. There are a few reasons why I don’t. First, at times I had trouble connecting my wireless network when it wasn’t broadcasted. Second, there are many tools that can display the SSID, whether it is broadcasted or not.
- Enable MAC Filtering. I used to enable this option, but at times found it a pain to maintain the list of MAC addresses. If you don’t mind managing MAC addresses, you can use this feature that may provide a bit more security from the usual web surfer. A true hacker can easily get by this setting.
- Enable HTTPS. This setting may not be available on all routers, but it is available on the Linksys WRT54G Wireless-G router. When this setting is enabled, a secure SSL is established when accessing the administrative pages from a web browser. I use this setting with my router.
Final Thoughts
If you make a mistake when securing your wireless router, you can easily reset the router back to factory defaults and start again. Routers come with a reset switch (you will need to look it up in the manual) that will remove any security settings you have set.
When you unplug the router, or power is lost, your security settings are not deleted. They will still be there when power is restored to the router.