Wireless router security

Why secure your wireless router?

The default configuration of your wireless router is unsecure. If you do not properly secure it, your data can be intercepted and read over an unencrypted wireless connection. This can expose your personal data and leaves you wide open for malicious attack. For example, If someone connects to your unsecure wireless router and illegally shares files on the internet, your connection will be the one that is registered and deemed responsible for the offence. Security becomes even more important if you are in a high-density location, such as an apartment complex or dormitory, where more people are likely to pick up your signal.

So why aren't wireless routers secure out of the box?

Manufacturers of wireless devices try to design them to work straight away out of the box with the minimum of configuration (if none at all). This is to reduce the amount of support calls they get, However in order to do this, they are configured by default to run insecurely, allowing anyone to connect to them. This means that as soon as you switch the wireless router, it is insecure.

Note: before commencing make sure the internet connection to your wireless router is UNPLUGGED.

The first step is to change the default Admin password of the router configuration setup pages. Connect your PC/laptop to the wireless router via Ethernet cable and type either http://192.168.1.1 or http://192.168.2.1 in the browser to get into the router's configuration (or follow Wireless router set up). Find the page where the password can be changed. On the Belkin B5DUK045 it is under System Settings. Other manufacturers may be different (Dlink puts it on the "tools" page, Linksys puts it under the "administration" page, Netgear puts it on the "Maintenance" page ). In order to get to the System Settings page you will be presented by a Login page

Belkin B5DUK045 wireless router Login page

Generally, straight out of the box, the password is blank so click on the Submit button to continue. The password can now be changed together with Login Timeout, Time Zone etc...

Belkin B5DUK045 wireless router System Settings page

Your Ad Here

The network name (otherwise known as the SSID) is the identifier that is broadcast by your wireless router and will be observed by anyone with wireless capability. Usually the default name is something like "Default" or "Belkin B5DUK045" and it is advised this is also changed. It could be tempting to rename your network name to something like your surname or house name. This is a bad idea as potential hackers could guess passwords easier. Consider changing it to something that will not identify you such as PRIVATE2010 or PRIVATE1223. After all, it is your private network.

Belkin B5DUK045 wireless router SSID page

For further security, the SSID can be prevented from being broadcast by unchecking the Broadcast SSID checkbox. This will help security further as your wireless router will appear nearly invisible to other wireless users.

The next step is to enable wireless encryption. This will stop anyone from intruding on to your wireless network as you surf the net or read emails. Most newer hardware supports the newer encryption schemes called WPA and WPA2, and if these options are available, then you should choose them. Both your wireless router and PC/laptop's wireless card/adaptor will need to support WPA or WPA2 in order for this to work. You need to enter a password (often called a Pre Shared Key - PSK) that the encryption will use, this needs to be different from the password used to login to the wireless router, and is recommend that this should be quite long. Once the WPA encryption is selected and the password has been entered, save the changes, and your wireless network is now secure.

Belkin B5DUK045 wireless router Security/Encryption page

Finally, to enhance security further, MAC address filtering can employed. Each network device ships with a built in unique identifying number - known as a MAC address. MAC Address Control is the ability to set up a list of devices that you want to allow or deny access to the wireless network. The MAC address filter is a powerful security feature that allows you to specify which computers are allowed on the wireless network. Note: This list applies only to wireless computers. This list can also be configured so any computer attempting to access the wireless network that is not specified in the filter list will be denied access. When you enable this feature, you must enter the MAC address of each client (computer) to which you want to allow network access.

Belkin B5DUK045 wireless router MAC address control page

So how do you identify the MAC address of a device that is to added to the Allowed list?
Assuming a wireless card/adaptor is installed on your PC/laptop:

- In Windows, click Start, Run
- Type cmd and hit enter
- type IPCONFIG /ALL and hit enter

IPCONFIG is a utility that provides for querying, defining, and managing IP addresses within a network. It will return the MAC address of the wireless adaptor that is installed onto your PC/laptop. In IPCONFIG it is displayed as the "Physical Address" and will look something like: 123.456.789.123

IPCONFIG /ALL from a command prompt to identify the MAC address (Physical Address)

Your wireless router is now secure, so you can connect it to the rest of your network, or to your broadband/cable connection. If you think you may not remember your passwords, rather than have to reset your wireless router every time you forget the password, write down the admin password and WPA password onto a post-it note and stick it to the underside of the router, or store it in a safe place.
To connect from a PC/laptop to your network, select your network (e.g. "PRIVATE2010") from the list of available networks, and enter the WPA password into your laptop's wireless settings, and you should now be connected.

Belkin Adaptor Setup

SetupWirelessRouter.com