HOW  TO  SECURE  A  WIRELESS  NETWORK  VIA  THE  ROUTER


When you order Broadband from an Internet Service Provider, such as TalkTalk, they normally send you a parcel containing a Broadband Installation CD and a Wireless Modem/Router. A series of letters will also have been sent to you with your Broadband Connection Date and Broadband User Name & Password details. After opening the parcel and installing the Wireless Modem/Router via the Broadband Installation CD you are then ready to search the internet, download music, check your e-mail and so on. All is well at this point....or is it?


When you install a Wireless Modem/Router you must make sure that either the router has, by default (normal settings), disabled your Wireless Network (disabled the beaming of your Network Information through the air waves) or has at least enabled your Wireless Network with a Network Key (Security Password). If you have your Wireless Network enabled without a Network Key other computers will be able to share your Wireless Network - This means they can share certain information that is sent over the air waves, including files, as well as share the actual Broadband Internet Connection that the wireless network uses to transfer information over the air waves.

Basically. Any data (i.e. web page data, file data and so on) that is sent/received via your wireless network and wireless router uses your broadband internet connection to do so. Therefore not only are other computers using your broadband internet connection to view web pages on their own computer screen, coming through your wireless network, but those other computers are also robbing your broadband bandwidth (i.e. monthly download usage) and your broadband speed. So if your computer and one other computer on the network are both using your 8 MegaBytes broadband internet connection at the same time both computers will have a broadband speed of 4 MegaBytes each and not 8 MegaBytes each simply because the two computers will be sharing the 8 MegaBytes.

THE  ROUTER  CONTROL  PANEL  (ADMINISTRATOR  AREA)

To enable a disabled wireless network or to change the network key (security password) for an enabled wireless network you must log-on to its router's web page, otherwise known as its Control Panel or Administrator Area. This is done by typing the router's IP Address into your web browser's Address Bar edit box (Fig 1.0) and then typing its User Name & Password details into the security requester that appears (Fig 1.1). The router's IP Address, User Name and Password should be in the documentation (.pdf manual) file that comes on the Broadband Installation CD.

In this example I am using the NetGear DGN1000 Wireless Modem/Router. It uses the default (standard manufacturer's) IP Address of 192.168.0.1 with the default control panel User Name of admin and the default control panel Password of password. Many companies use 192.168.0.1,  192.168.1.1  or  192.168.2.1 as their default IP Address with admin or administrator as their default User Name and admin,  administrator or blank (empty/no password) as their default Password. So if you are stuck, try one of those combinations. Furthermore. Click Here for a list of default User Names & Passwords associated with common router control panels.



Fig 1.0  Type your router's default IP Address into your web browser's Address Bar edit box and then press the ENTER keyboard key




Fig 1.1  Type your router's User Name and Password into the appropriate edit boxes and then click on the LOGIN button to continue

After logging into your router's Control Panel (main web page) look for a heading called SETUP or BASIC, normally located in the top-left corner of the control panel. Underneath that heading should be a sub-heading called WIRELESS SETTINGS or WIRELESS LAN. You should click on it to view the Wireless Lan (Local Area Network), or Wireless Settings, web page. In this example the NetGear router makes life simple. It has its own WIRELESS SETTINGS heading, which I have now clicked on.



Fig 1.2  Click on the heading called WIRELESS SETTINGS to continue




Fig 1.3  The Wireless Settings web page of the NetGear DGN1000 router control panel

When the Wireless Lan, or Wireless Settings, web page is displayed (above) there are normally security options on that web page. If not, you will have to find them; under a heading called SECURITY OPTIONS for example and/or under separate web pages - Router control panels vary from each manufacturer, so it is difficult for me to be router specific here! The major security options you need to locate are DISABLE / ENABLE Access Point, WEP and WPA-PSK options amongst others, DISABLE / ENABLE Network Key (a blank/empty network key can mean the same thing) and the Network Key itself.

ENABLE  /  DISABLE  THE  WIRELESS  NETWORK

In the above example the Wireless Access Point (Wireless Network) is enabled - The ENABLE WIRELESS ACCESS POINT option is ticked. If you want to disable a wireless network, in general, first look for a WIRELESS ACCESS POINT or ACCESS POINT option. Once found, it should have a radio (circle) button next to it or a checkbox (tick box) next to it.



Fig 1.4  Put a tick next to the ENABLE WIRELESS ACCESS POINT option, if need be, to enable the Wireless Network

Also in the above example there is an option called ALLOW BROADCAST OF NAME (SSID), underneath the ENABLE WIRELESS ACCESS POINT option. It allows you to either hide or show (broadcast) the network's name in any listings that display a 'List Of Available Wireless Networks' such as the list of available wireless networks that appears when you are trying to connect to a wireless network (broadband signal).



Fig 1.5  If the ALLOW BROADCAST OF NAME (SSID) option is ticked it means your wireless network will be publicly visible/listed/available

Clicking on the ENABLE or DISABLE button should not enable or disable the wireless access point (wireless network) straight away because you normally have to click on a SUBMIT, APPLY or OK button at the bottom of the wireless settings web page before the action can be carried out. This usually applies to other options too.

CHANGE  WIRELESS  NETWORK  NAME

The above Wireless Access Point (Wireless Network) is using the Wireless Network Name of Yoingco. A wireless network name, also known as a SSID (Service Set IDentifier), can be changed by clicking inside the SSID edit box and changing the name to OFFICE, HOUSE or whatever before clicking on the SUBMIT, APPLY or OK button. Changing a wireless network's name will not make the wireless network more secure but it will distinguish it from other wireless networks. The wireless network name is the name/identifier that other devices/computers with wireless capabilities see and therefore connect to when they want to use the wireless network's file sharing capabilities and broadband connection for example, if they know what its network key (security password) is of course.



Fig 1.6  You can change your Wireless Network Name, if need be, to make it more unique and/or meaningful

The only real reason for changing your wireless network name (ssid) is to distinguish your wireless network from other, similar, wireless networks (i.e. NetGear, NetGear1 or TalkTalk9j866, TalkTalk9i877). You can have wireless networks using the same wireless network name simply because they are using different routers.....just the same as different computers can have the same user name and/or computer name.


Regardless if you change a wireless network's name or not, make sure it is being broadcast so that other devices/computers can see it - Read the section above about ALLOW BROADCAST OF NAME (SSID). If the wireless network name is NOT being broadcast your computer, and other devices/computers, can still connect to its wireless network (as long as they know the network name and its security key) but they may have difficulty connecting; so if possible, always broadcast your wireless network name.

CHANGE  WIRELESS  NETWORK  CHANNEL

If you are getting interference from one or more other wireless networks in your area, or from a satellite dish for example, you might want to change the channel your router broadcasts on. The option for this is normally called CHANNEL or CHANNEL ID and comes in the form of an edit box or drop-down menu. In the example below I have clicked on the CHANNEL drop-down menu and am just about to click on the number 3. After doing so I would then click on the APPLY button to apply this channel setting.



Fig 1.7  Click on the CHANNEL drop-down menu and then select a different channel for your router to broadcast on

Routers these days come with between 11 and 13 Channels but in some cases their frequencies are so close together that there is no noticeable difference when using, or switching between, channels 7 and 8 for example. Therefore I would recommend stepping through the channels first - Try channels 9, 5 and 1 in turn for example so that the frequency gap between them should make a difference. On Windows there is a program called InSSIDer which tells you what channels are being used by neighbouring wireless networks, but unfortunately I cannot find an equivalent application for the apple mac.

CHANGE  WIRELESS  NETWORK  ENCRYPTION  AND  PASSWORD

There are two basic types of encryption (data security) for routers and their broadcasting of data, and they are WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). To cut the technicals! just note that you should, ideally, being using the WPA-PSK option with the TKIP security protocol/algorithm. PSK stands for Pre-Shared Key. These options are meant for Home and Small Office wireless networks. The AES security protocol/algorithm is more secure (has better encryption) than TKIP but is meant for big business organizations. And the same applies to WPA2-PSK, which is more secure than WPA. With the NetGear DGN1000 router, and other routers, you can even have a mix of the WPA encryptions.


After selecting WPA-PSK, which should default to using the TKIP security protocol/algorithm, you can then type a new Network Key (Security Password) inside the PRE-SHARED KEY (or NETWORK KEY) edit box, if it is empty or needs changing of course. If it is not empty, perhaps because the router is using a default (standard) network key or because someone has put one there for you already, either keep it (if you still know what it is) or over-write it with a new network key. Regardless if you use a new network key or keep the existing one, write it down on a piece of paper for safe keeping and then click on the APPLY, SAVE or SUBMIT (or whatever its called!) button to save/activate your new network key (below). This will now secure your wireless network, but NOT your router's control panel, from outside intruders.



Fig 1.8  Typical wireless network settings for the NetGear DGN1000 wireless modem/router

In the above example I chose to mix the network key with Numbers and Words in order to make it more difficult for a human and a computer to guess/hack. I did not put my Birthdate, Mother's Maiden Name and so on as they might be easy for a human and computer to guess/hack. Instead I chose something I consider unique but easy to remember. In general a good example would be to use something like: 24plus3equals27 for example.

With this particular router, and other routers, you can see the password you have typed into the NETWORK KEY edit box. On one hand this is good because it allows you to see what you have typed, but on the other hand it means anyone looking over your shoulder or breaking into your router can see exactly what the password is for your wireless network and therefore use its wireless broadband signal/connection.....from outside your premises for example. Hence why some other routers prefer to hide your network key with black dots. The downside to this though is that the router will need resetting, to manufacturer status, if you cannot remember the wireless network key (password). At least if you can see it via the router's control panel you can either use it or change it without having to reset the router.

CHANGE  WIRELESS  ROUTER  PASSWORD

With the outside intruders taken care of, in terms of you securing your wireless network with a password, your next step must be to change the router's password. This is because although someone wanting to use your wireless network will now require its password, there is nothing stopping someone with access to the router's control panel from changing your wireless network key (password) and/or using it to gain access to your networked, private, confidential, business, files.

As demonstrated above; All routers have a default IP Address, User Name and Password to access their control panel. So what is stopping someone from gaining access to your router's control panel now? Anyone who has a connection to your unsecure, or secure, wireless network or some ethernet cabled entry into your network can easily gain access to your router's control panel using its default IP Address, User Name and Password. Therefore they might be able to change your Network Key and other settings remotely, depending on how weak your router's control panel is, in order to later gain control of your entire network for whatever reason(s).

So with the above said the next step is to find a heading within your router's control panel called MAINTENANCE, TOOLS or something along those lines and then look for a sub-heading called SET PASSWORD or SYSTEM MANAGEMENT for example. Once found, you should then be able to change the router's control panel password. With the NetGear DGN1000 router the heading is called MAINTENANCE and the sub-heading is called SET PASSWORD.



Fig 1.9  Click on the sub-heading called SET PASSWORD to continue




Fig 1.10  Type in the old router password and then a new password, twice, before clicking on the APPLY button.

The PASSWORD page normally asks for the Old Password, as well as the New Password (which needs reconfirming), so that when you click on the APPLY, SAVE or SUBMIT button (or whatever) the old password can be validated. If the old password is not valid the new password will not be allowed, which is good because it means you need to know the old password before making changes. Saying that; The old password is the password you logged-in with to get to your control panel in the first place, which makes you wonder why the old password is needed!....and if an intruder successfully logged-in to the control panel with the correct, old, password how could they get caught out by not knowing it when faced with the password page??!!!!

BACKUP  WIRELESS  ROUTER  SETTINGS

To backup your router's current settings look for a sub-heading called BACKUP SETTINGS or SYSTEM MANAGEMENT under the heading MAINTENANCE or TOOLS for example. Ideally you should backup your router's settings, from scratch, before changing any settings whatsoever. That way you will have the manufacturer's settings backed-up (saved). Then if anything goes wrong in the future you can reload (open) the saved, manufacturer's, settings. With the NetGear DGN1000 router you don't need to worry about that because it has a REVERT TO FACTORY DEFAULT SETTINGS option.



Fig 1.11  Click on the BACKUP button to save your router's current settings




Fig 1.12  The netgear.cfg configuration (settings) file is automatically saved into the DOWNLOADS folder

If you need to restore some saved settings from a netgear.cfg file simply click on the CHOOSE FILE button, under the heading RESTORE SAVED SETTINGS FROM A FILE, and then locate and open the netgear.cfg file.

SAME  WIRELESS  ROUTER  -  DIFFERENT  BROADBAND  COMPANY

If you want to use your router with another ISP (Internet Service Provider), such as BT instead of TalkTalk for example, begin by changing the broadband user name (login name) and password of the old ISP (i.e. TalkTalk) for the broadband user name (login name) and password of the new ISP (i.e. BT). This may be all you need to do to get your new isp's wireless network (broadband settings) working with this router. On the other hand, you may need to change one or more of the above settings before all is well. Either way. Do not think a modem/router is made just for one isp, just because they supplied you with the modem/router. The modem/router should, in theory, work with any isp's router settings and wireless network.



Fig 1.13  Change the USER NAME and PASSWORD details if you want to use your router with a different Broadband Company

The above examples used the NetGear DGN1000 wireless modem/router. If you are using a different branded wireless modem/router (i.e. Huawei Echolife HG520b) or a different branded NetGear wireless modem/router its control panel settings should still be roughly the same as those described above bar the odd difference in setting names and headings. In other words; You should be able to secure your wireless network as described above, bar those odd differences.


If you are a member of TalkTalk you may find these pages useful: Broadband Wireless Help / Tutorials and TalkTalk Router Settings. TalkTalk also have this Members Forum.