Using an Internet connection on a single PC is a pretty simple task that can be done by connecting an Ethernet cable, but wireless-enabled devices such as smartphones, tablets and laptops require wireless connectivity, which brings in the need for a router. Most users step out and buy a wireless router off the shelf and install it on their own. And since wireless routers usually can operate directly out of the box, they are not secured by default. Some routers, such as Belkin, provide a secured wireless network out of the box, whereas routers from other manufacturers usually have open networks and common administrative passwords. This is an open invitation to anyone in the vicinity to simply search and connect to your network with ease, thus jeopardising your data and even utilising your expensive Internet bandwidth.
Change the default password of the router
Here is a step by step procedure on how you should configure the router and prevent intruders from entering into your wireless network. Do note that though routers from various manufacturers have different interfaces, the settings should be similar. We will be showing you an example using a Linksys router’s user interface. Perform the following steps after connecting the router to the PC.
To begin with, check the router’s user manual or the sticker on the rear or lower panel of the router for the default IP address, username and password. It would most commonly be 192.168.0.1 or 192.168.1.1. Type this IP address in any Internet browser and you should be greeted with the routers main interface, asking you to give in the username and password.
Change the default IP address and set the DHCP accordingly
Change the default password
Once you are logged in, change the password. You should consider this mandatory as routers usually have a common username and password and anyone can easily get in. You should see the option in the Administration section. You can choose to go ahead with the setup wizard to configure the router or stick to manual configuration. We show you the manual method.
Change the default IP address
Next, you should set a local IP address for the router. By default, the manufacturer uses IP addresses such as 192.168.0.1 or the 192.168.1.1. We recommend that you change second-last section to a random number between 1 and 254. For example, you can change it to 192.168.25.1 or to make it safer, you can change the entire subnet to 10.20.xxx.xxx or 172.16.xxx.xxx to be safer. This will now be your router’s default IP address to configure it in future, unless you decide to factory reset the router again.
Set the DHCP server mode to disable
This is a service built into your router, which automatically assigns an IP address to every computer or device that connects to it. Disabling it will mean every computer or device on the network will have to be assigned with a static IP address. In this way, if a user has access to the router’s username and password, he would still have to guess an IP address to enter the network. If you wish to keep it enabled, you should set the IP address range to a minimum. For example, if you have five devices connecting to your router, set the DHCP server to give out only five IP addresses. This way, the sixth device will not be able to get an IP address and get on the network easily.
Change the channel of the wireless operation accordingly
Set up the wireless network
Head on to the wireless section. Here you should give your wireless network an SSID or a network name. Change the default to something else, but resist putting in sensitive information that can give out details stating that it is your network. So if an outsider is scanning for a wireless network and sees your SSID, he should not know whose it is.
Set the wireless channel
A wireless channel is the frequency zone of operation for your router's wireless network. This ranges from channel 1 to 11 with each channel differing marginally in frequency values to keep them apart. This should be done because if you are having other wireless routers in your area (or neighborhood), you could be using the same channel they are using, which will cause interference in both networks and reduce the efficiency and speed of your wireless network. If you know what channel other routers in your area are using, set yours apart from theirs by at least three channels apart. In order to find out the channel numbers of other routers in the vicinity, you can use a utility that will scan the wireless network and list it out to you. You can use inSSIDer for Windows on a laptop or WiFi Analyzer on an Android device.
Check the signal strength, channels and other wireless networks in the area with utilities
Disable the Wireless SSID broadcast
This feature will hide your wireless network from anyone who is scanning for an available wireless network in your area. If you disable the broadcast, you will need to manually add your wireless network every time you set up a new device to connect to your router. This feature is recommended for use, as a hidden network is safer than a visible one.
Enable the WPS or SES mode
This is a feature used by most wireless devices to securely connect to a wireless router without entering any passwords. For example, if you want to connect a device to your router, you should press the physical WPS or SES button on the router to allow your device to be connected without entering any password. So if anyone needs to gain access, he has to press the button on your router.
Set up the wireless security
Head on to the wireless security section. By default the manufacturer, in most cases, keeps the wireless security disabled. This is highly vulnerable if left untouched, as anyone can wirelessly connect to your router without a password. Always select WPA2 Personal with TKIP or AES algorithms. You will then need to enter a password. Opt for an alphanumeric password and try not using simple or dictionary words that can make it easy for anyone to guess, or for a password cracking utility to break through. Try using longer passwords.
Ensure the strongest security configuration for the wireless network
Use MAC filters
Using the wireless MAC filter is one of the best security feature possible for a router. You can configure the router in such a way that it can only allow known computers and devices to enter the network and reject all unknown ones. You should configure this section carefully and only after noting the MAC addresses of every computer and device you will connect to it. To get the MAC address of each device, you can check the network device’s properties section or check out for any sticker on the product itself.
Enable MAC filters to deny unknown devices to the network
Tweak signal strength
Head on to the advanced wireless settings if your router features it. Here you can fine tune the router’s wireless network to work more efficiently. Basically, we would recommend tweaking the transmission strength or the wireless signal settings to the required level. This feature will only beam out your wireless signals in your area of required coverage and not further. If all your wireless devices are located inside your house, there should be no reason the wireless signals should go outside your house. To know the signal strength, you can use InSSIDer or WiFi Analyzer to know the signal strength of your wireless network and increase/lower it accordingly. Note: Some routers do not have this feature and you can skip this section.
Access restriction and parental control
This section can be set up if you want to control how your users can access the Internet. You can set up devices to use the Internet at particular times or on specified days of the week only. This way you can control your Internet bandwidth wastage and also set up access restrictions to other users on the network. This section also can help block websites by name or keywords. Use this feature if you want parental control over your users.
Set up access restrictions and parental controls
Logging and updates
Logs and firmware updates should be monitored frequently. Enable logging to know your router's network usage where you can be informed about devices connecting and leaving the network, or the bandwidth used by particular devices. This feature can help you check if anyone is entering your network without your knowledge. If your router has options to send you alerts via email or SMS, we recommend using it. Lastly, keep your router’s firmware updated to the latest. This can help you gain additional features and improve its security if the manufacturer has rectified some bugs in the firmware. Use the auto update feature if available.
Keep the firmware updated at all times
Maintain the habit of using random passwords and changing them frequently—try this weekly or at least twice a month. This can act as an additional security level—it can hurl out an undetected user who has already logged on to your network, without your knowledge, the next time he or she connects again. It can also discourage them from trying to hack into your network again as it would involve a lot of hard work hacking all over again.
Place the router in a perfect area to maximise its coverage and get the highest speed. As most routers use an Omni-directional antenna, the radio waves are spread all around instead of being thrown a in a single direction. Hence, routers placed near a wall have their transmission half inside the room and the remaining half outside the room. In this way, your network is seen outside your area and there is a loss of power because the radio waves are not being used efficiently. Always place the router in the central zone of the entire coverage area to make the best use of the wireless power and also lower the leakage of the radio waves outside your room. Lastly, keep all other equipment that work on a similar wireless frequency away from the router or switch them off. Equipment such as Bluetooth devices, microwave ovens, cordless telephones, and a few remote controlled toys operate on the 2.4GHz frequency, which can cause an interference with your wireless router.
Decide the best location for your router.
Physical wireless switch
If your router has a physical switch to turn off the radio, you can use this feature to disable the wireless networking when you are not using any wireless devices. This feature only turns off the wireless network while keeping the computers on the wired network untouched. This feature also saves you the trouble of logging into your router’s firmware and switching off the radio from the firmware.
Configure Guest network
A few new router models are seen featuring an additional virtual network called Guest network or Guest SSID, which allows your friends or guests to gain temporary access to your network and use the Internet. But this Guest network isolates all other computers in the LAN from the guest user and denies permissions to shared drives and such. The feature is good for securing your local network from friends, but not the Internet usage. Enable this feature only if you need it.
Enable and make use of the Guest SSID feature if available
Upgrade your wireless clients to the latest technology
If you are using older generation 802.11 b or 802.11 g devices, it is advisable to use the latest 802.11 n technology-based devices for superior performance and increased coverage area. When buying a new router and/or laptop, always opt for the 802.11 n technologies.
Third party firmware
If you are an advanced user, or if you want to have additional features enabled for minute tweaking of the wireless router’s settings, you can also opt to change the default firmware to a DDWRT-based or Tomato-based third party firmware. You can log on to the DDWRT website and check if there is an available firmware for your router.
Now that you have configured your router, you can sit back and relax without the worry of anyone trying to intrude into your network. But you can never be sure since hackers are constantly developing better cracking utilities to break into secured networks. Neverthless, you should take your necessary precautions. Maintain the habit of frequently changing passwords, SSID names and the IP address range of the router. Try not to keep sensitive data open on your network, which can lure an intruder into sabotaging your privacy. Finally, make sure you use a good firewall, antivirus and privacy suite to be safe.
Published Date: Jan 16, 2013 05:10 pm | Updated Date: Jan 16, 2013 05:10 pm