Wednesday, August 15, 2007

Necessary steps to secure a wireless router

If you setup a wireless router there are a few things you should configure on the router to make it secure. Unfortunately many routers come with a very insecure wireless setup which basically allows anyone in your proximity to use your internet connection, to access your LAN and your computers. It is important to make the following changes or verify them:

  1. Change the wireless network name (SSID) from the default to something unique. Linksys routers come with SSID "linksys". Netgear comes with SSID "NETGEAR". It is important to change it to something unique. This allows you to easier identify your wireless network and it prevents your wireless computers from accidentally connecting to your neighbor's router if he runs the same brand router with the default SSID.
  2. Enable wireless security/encryption. Use WPA2 or WPA whenever possible. Usually there are several variants of WPA2 and WPA available. Some are for enterprise setups which include a RADIUS server. What you usually want is an easier personal setup with a pre-shared key (PSK). Choose WPA2 over WPA if possible. Choose encryption AES and TKIP if you can. This allows you to accept connections from WPA2 and WPA compatible clients. TKIP is used for WPA and AES for WPA2. Do not choose WEP for security unless you have to do this because you must connect a wireless device which only supports WEP. WEP can be cracked within a few minutes!
  3. For WPA2 and WPA enter a strong pre-shared key/passphrase. The security of your wireless network depends on the quality of your pre-shared key. It can be up to 63 characters long. Usually, you only have to enter it once on the computers and you can copy it from the router through a wired connection if necessary.
  4. Change the default router configuration password (don't confuse this with the passphrase for the wireless connection). The router comes with a default password which is published in the manual and elsewhere. Anyone who knows the password for the router configuration can make changes to the router including stealing your wireless key. Therefore you must change the password!
  5. Make sure the firewall on the router is enabled. The router firewall protects the router from attacks. Never turn it off. It will most likely expose the router web interface to the internet and you don't want that to happen.

No comments: