Here I would like to take you through the steps to configuring and securing a router (In this case we will use the WRT54G as an example) for your home or small office setup.
Securing a router can be very important especially when the wireless function is enabled. Likely the most important reason is to prevent would be hackers / criminals from attacking other larger networks or institutions by hijacking your network or PC to do so with. This could have unpleasant consequences for you even though you would be just a pawn in such a mess.
The second reason for security on your network is simply to prevent others from your neighboorhood or guests you have from seeing your personal, financial or family files.
It would be much more difficult for an attacker to connect to a wired network but for wireless networks, the above two points become a real consideration.
Though you may have another router, the principals and individual components (ie SSID, PSK, key etc) should be the same. The only difference is that for your router you'll need to find the corresponding page that handles those settings. A manual can help in this case.
Open a browser and login to the router. For many routers this is similar to 192.168.10.1 or 192.168.0.1 but the owner should check the router's
A couple of things to note on the page above that need to be setup for enhanced security:
Next item of interest and easily the most important page for security, is the Wireless Security page:
WPA2 is currently the strongest Wi-Fi Protected Access protocol available and therefore is the one you should choose. TKIP has been proven to have some flaws so AES is the stronger encryption algorithms of the two:
This is the third level of security you can setup on the router. We can filter the hosts we want to allow by the hosts MAC Address. Every network card whether wireless or not, has a unique MAC address that is not shared by any other physical card. The page on this router looks like this:
First enable the Wirelesss MAC Filter. In this case I already know the MAC addresses, or can easily find them, from the computers I plan to connect to my network. So I will use the Permit only: and edit the MAC Filter List where I will specify the MAC addresses I permit to connect to this network:
How do I get the MAC addresses to specify?
On Linux you can use the following command:
# ifconfig -a
The output will contain Network Interface names along with a paragraph describing each one. Within the paragraph will be a string called HWaddr which is another name for MAC address. Here's an example:
On Windows, the same information can be retrieved from the command prompt:
If you are looking for yet another, albeit very minor way, to improve security, you could try to disable DHCP on the router as well:
However this means that everytime a new computer is added to the network, it would need to be given an IP address manually, which for some could be too much of an inconvenience. This improves security only slightly because any would be attacker that connect to the system would still have to find the correct IP address before they can access any files on your system. The system would not assign an IP address to the new PC automatically.
Again this is a minor improvement to security but can be a relatively large inconvenience. More on this is further below.
|5||Be sure to save the settings after editing each page above and below! Most routers will not save changes if you navigate away from the page.|
WIRELESS / WIRED COMMON
One of the other important items to do is to secure the router from compromise itself. Most routers come with a default password you use to get into it. The default password and user name is also written in the routers manual. As a result it is known widely and is available to anyone. Essentially, anyone who knows the name of your router can easily search for the default password for it. So it's a good idea to change it. Here is the panel where you can do this:
Let's go over the most important options:
The next step is to enable some security for your network in general by enabling the firewall:
The basic option here is to select Firewall Protection: Enabled. By checking the remainder of the options, you can harden the firewall configuration further by blocking those additional options. I'll leave the discussion of these listed options for a later date.
Another panel available is the Applications and Gaming panel where you can specify which ports should be open and to which machines should traffic be sent that was originally directed to those ports. The page is:
However, this option is more to do with access rather then security. Leaving no ports open is obviously the most safe approach however depending on what you plan to run off your computers, you can just leave the page blank.
|4||Done! Hope you didn't forget to save your settings.|
There is only one panel to do with the wired network connections on your computer. This is the Basic Setup panel:
Going over the options, we see the following of most interest:
|2||Don't forget to save the settings. Good Luck!|