Six Tips for Securing Your Wireless Network

  • 5 comments

I had to setup a new Linksys wireless router recently and I thought I would share some tips for improving the security of your wireless network. Below are six ways for securing your wireless router.

Tip #1: Change the default password
local IP address of routerI’ve owned several routers through the years and it seems like all of them use 192.168.1.1 as the IP address, admin as the user name, and password as the password. In my opinion, most people don’t even bother to change the default password, which is a big mistake — especially if you share your WiFi connection with neighbors, house guests, and nerdy friends of your kids (when they come over to do homework). If you don’t change your password, anyone can log into your router and makes changes — like locking you out, disabling the firewall, and turning on remote router access. Now would also be a good time to change the local IP address of your router (something other than 192.168.1.1).

Tip #2: Disable wireless SSID broadcast
Wireless SSID broadcast and nameThe SSID is the network name for your wireless router (WiFi hotspot). By default, the router broadcasts the SSID. This helps computers and wireless devices find the router. This also makes it easier for hackers to find your network. You can reduce the risk by disabling the broadcast feature. Hint: it’s easier to configure the wireless connection for your laptop the first time if you enable SSID broadcast and then disable the broadcast once you have the wireless connection setup [don’t forget to enable (on your laptop) Connect even if this network is not broadcasting]. BTW, now would be a good time to change the default SSID name of your router to a cool name of your choice.

Tip #3: Use WPA instead of WEP
Wi-Fi Protected Access (WPA) encryption vs Wire Equivalence Protection (WEP) and Temporal Key Integrity Protocol (TKIP) and Advanced Encryption System (AES)When possible, select Wi-Fi Protected Access (WPA) encryption over Wire Equivalence Protection (WEP). WPA is stronger than WEP. However, not all devices are compatible with WPA. Luckily for me, all my computers can use WPA. If you have to use WEP, then select 128-bit over 64-bit. 128-bit is a little slower, but the higher encryption bit makes the network more secure.

Tip #4: Select TKIP over AES
If you are using WPA Pre-Shared Key, there are two encryption options: Temporal Key Integrity Protocol (TKIP) and Advanced Encryption System (AES). TKIP uses a stronger encryption method and incorporates Message Integrity Code (MIC) to provide better protection against hackers. My router is setup for both TKIP and AES, but I configure my laptop for TKIP .

Tip #5: Use wireless MAC filters for extra security

wireless MAC filters

A MAC (Media Access Control) address is a unique identifier assigned to network interfaces for communications on the physical network segment. Thanks to Wireless MAC Filters, you can control which wireless-equipped PCs can communicate with your router. The hard part with MAC filter is finding the MAC address of your computer. This usually involves running ipconfig at the command prompt. Luckily, my router has a tool that lets me see the MAC addresses of the computers connected to my network. From there, I can select the MAC addresses I want to add to my safe list.

Tip #6: Disable wireless network mode
wireless network modeIf you don’t need to wirelessly connect to the Internet or your network, then turn off the wireless mode of your router. Most of the time, I use an Ethernet cable to connect to my router. I only need to enable wireless mode when I untethered the laptop for work in another room. Note: turning the wireless mode off and on can change your external IP address (the one assigned to you by your broadband provider). For most people this isn’t a problem. But it’s a problem for me because my web server uses my IP address for a filter. It’s annoying to have to change the entry on my web server every time my IP address changes.

5 thoughts on “Six Tips for Securing Your Wireless Network

Comments are closed.