Securing a Wireless Router
Author: Inuyoshi
Edited by: Kos
Creation date: November 5, 2008
This topic isn’t Linux-related, yet it is so important that it cannot be over looked. This article is to assist with the setup of the security of your wireless access point. War-driving is where someone detects an unsecured wireless network from their car and either notifies the administrator of the network or uses it for their own gain. A man in Canada had his network abused. The other person that stole access to the network was arrested on account of downloading child pornography. Your unsecured network can be someone’s underground playground. The steps are simple as if you were to navigate to MSN’s homepage. These steps are modifying your default values, disabling the SSID broadcast, setting up encryption and authentication, and activating your MAC address filter and traffic filter.
The first step is to modify your default values. To accomplish this goal, your computer needs to be connected to the network port on the wireless access point or wireless router. After that, access the router by using the address in the manufacturer’s guide. (For a Linksys router, this is 192.168.1.1) Click on the “Wireless” tab and engage “mixed mode”. Change your SSID from linksys to something that only you and your clients would remember. (Leetspeak “13375p34|<” works for this purpose.) No one would be able to access your network by default now…unless your SSID is broadcasted.
The necessary second step is to stop the broadcast of your SSID. On the same page, click on the radio button that says disable next to “SSID Broadcast”. By doing this you will save your network from those with really good memory. It will also force a need for a central admin. This will be you because you only know the network’s name.
The next step is to start encryption. There are two main forms of encryption. We call them WEP and WPA. WEP stands for Wired Equivalent Privacy, and is commonly used today. WEP is easy to decrypt and is not recommended anymore, thus giving way to Wi-fi Protected Access (WPA) which is harder to crack. I suggest using WPA. With WPA come authentication methods, such as PSK and EAP.
After Encryption comes Authentication. The main authentication methods are Pre-shared Key (PSK) and Extensible Authentication Protocol(EAP). PSK is your passphrase that gains you access to your network. This is easier to setup than EAP. EAP needs a certain background check on you. This is more secure, but you need to set up a RADIUS server.
MAC address filtering is used to block users that do not belong on your network. Media Access Control (MAC) addresses, also called physical addresses, are numbers that describe your computer and will never change. Find the Advanced Tab and click on MAC address filtering. Then locate your MAC address of all of your computers. This is accomplished in Windows by using the ipconfig /all command in the Windows command prompt, or in linux by the ifconfig command. Make sure the address you enter is the wireless interface, not the wired, if your pc has both. This will only allow those computers on your network. You can also block MAC addresses.
Traffic Filtering is just like a firewall. You can block sites or protocols you don’t want your clients visiting or accessing. This is found in the same tab as MAC filtering. This can be annoying as it may block your repository sites or
news pages. This feature comes in handy with younger kids. Parents should at least try this feature once.
Securing your network is necessary as having food. You are protected from fraud and perverts who are seeking free internet. Also, your son who likes looking at video game stuff when homework needs to be done can still do homework yet not be able to chill out with Arkanoid. The cake is a lie, don’t let your network die.