Tip & How-To about Computers & Internet
Many people ask how to configure their wireless network (also called
WLAN or WiFi) from unauthorized access by neighbors or other people
that happen to be around. Essentially, how to lock down the router or
access point (further on I'll call it a router) so that you don't offer
free internet access to everyone around, and don't risk compromising
your computer(s) and stealing or wiping important information from
them, either by a hacker-wannabe for fun , or on purpose.
For that you will have to access your router's web interface. I strongly recommend connecting to the router using an ethernet cable, and doing all the configuration work wired, not via wireless. This way you don't risk someone "sniffing" the yet-unprotected wireless connection and getting your passwords etc.
So, you have connected your computer to the router with a cable, and the connection is established. Now you need to open your web browser and type in the router's address - look in the manual for the proper address of your router's web interface.
Find your wireless network settings page.
First, you will have to decide, if you want the SSID (network identifier, network name) to be broadcast by your router, so everybody will see your network as present on their discovered networks list. Of course, it's harder to break in if you don't know about the network's existence, so it would be advisable to hide it, but it may prove inconvenient. If you are not too paranoid you may leave it visible (broadcast).
Second, choose a good name for your network. Never leave the factory default name, as it will make it easy for the attacker to figure out what kind of equipment you have. If they know what router you have, and know about some potential security flaws in that model, they will try to exploit them. I personally choose a name that has different manufacturer's name in it, just to confuse the attacker: if my router is a DLink, I name the network Home-Linksys :)
Third, enable WPA or WPA2 encryption. Don't choose the old WAP, as it is very weak and easy to break. If you have an old laptop or other mobile device that's incapable of using WPA, consider purchasing a USB network adapter for it, which doesn't cost much and is small. If you absolutely must leave WAP, make sure you are extra-paranoid with all the other steps.
Fourth, choose the longest and most random password. I use a very long password that's a completely random mixture of uppercase and lowercase letters and numbers. Then I just put it into a text file and save it on a USB stick. Whenever I want to set up a new computer, I just plug in the USB pendrive, open the text file and copy-paste the password into the password field.
Fifth, you may want to look for an option to disable administrative access to the Web Interface and the console interface of your router over wireless network and from the Internet. This will force you to connect to your router with a cable to make any changes, but it's far more secure. Some routers have this by default and no such settings are available.
Sixth, remember to change the default administrator password for Web Interface and Console (Telnet). Think of something really hard to guess, again, with a mixture of upper and lowercase letters and numbers.
If your router allows you to create a second user with full administrative rights, do so and equip this second user with a similarly complicated password. If possible. You can then delete the standard Admin (or Administrator or similar) username, which again makes it harder to gain access to your device, because not only the password, but also the username has to be guessed.
Please note: you may remember the password now, but what about in a year?... What I do is I put some tape or label on the router, with the administrative username and password written with a permanent marker or printed. This way you will always be able to come back and change stuff later :) Of course, if you want to keep the password secret from your roommate for example, you will have to put this info not on your router, but in a safe place you will be able to find later, much later.
Now you can save the configuration, which usually involves also a restart of the router. You can then test your wireless connection from all the machines.
If everything works as expected, it's time for a finishing touch. I strongly recommend using a MAC (physical address) filter.
Here's how it works.
Every network adapter, including the wireless ones, has a unique Physical Address, also called a MAC address, looking for example like this: 00:17:44:55:76:a2 - 6 groups of 2 hexadecimal digits (from 0 to F).
A MAC address is a "fingerprint" of your adapter. Now if you collect the MAC addresses of all your wireless devices (eg. two laptops, a desktop PC upstairs, and a mobile phone with WLAN), and tell the router only to allow connections from those addresses, you will deny access to the rest of the world.
If your router has a MAC filter option, enable it. Sometimes there's a choice between a "Deny list" and an "Allow list" - choose the "Allow List", so that you lock out the rest. Now input the MAC addresses of your machines from the list you've collected previously. If you have a friend that comes over often with a laptop, be sure to include that address as well :)
How to get the MAC addresses of your machines?
In Windows, when connected over Wireless, click your connection's icon in the system tray, and find the "details" option - it will be listed there. You can also open command line window and type "ipconfig /all", which will list all the network adapters installed (there may be several, be sure to note the physical address of the Wireless LAN adapter). Note: Microsoft uses a dash (-) to separate the two-digit groups instead of the standard colon (:)
Also the MAC address is often specified on a sticker attached to the adapter, or other WiFi-enabled device, like printer.
If you have a wireless printer, you can find it's MAC address on the information page that you can print from it's menu - refer to printer's manual for details.
For palmtops and mobile phones, refer to their documentation.
Another option is to use the router's Information or Statistics page. Many routers offer such page in their administrative web interface, that shows the currently connected network nodes together with their physical addresses. With the filter disabled, look at that page and note the addresses of the already connected machines. Now connect via wireless with the machine you want to discover a MAC address for, and refresh the page to see which address got added to the list - there you have it!
And that basically does the trick :)
Enjoy safe wireless networking :)
Posted by Stan on
Apr 03, 2013 | Belkin N450 Wireless N Router
Feb 08, 2013 | Belkin Basic Wireless Router
Jan 22, 2013 | Belkin Wireless G Plus MIMO (F5D9230-4)...
May 27, 2009 | D-Link 802.11g Wireless Router WBR-1310...
1,938 people viewed this tip
Usually answered in minutes!