Wireless Security Explained
Wireless internet access has been around since the mid 1990s and has quickly become a hot item since then. Most computers we purchase today come with the capability to receive wireless internet signals in the form of radio waves.
Wireless Network Interface Cards or NICs for short, come in anything from a camera to a network printer. We even have NICs in our smartphones such as Android, Blackberry, and the iPhone! Wireless internet is convenient and relatively easy to setup around the home.
One of the biggest criticism for wifi is its lack of security methods for keeping unwanted visitors out of your network and keeping your personal documents safe. There are now, however, several measures we can implement to keep our wireless network to ourselves.
Logging onto your router
Logging into our wireless router is extremely easy. The only thing we need to to is open up our favorite web browser and type the IP address of the router. For most routers, the IP address is either of the following:
It may also be
If you're not certain how to do this task, then search the web for your router and type something like, "how to log onto [router brand]" or "default login into for [router brand] router".
Once the IP is entered correctly, a prompt will show up requesting a username and password. This user name is admin and the password (if it's still default) is either blank, 1234, or admin. If the password has been changed, then enter in the proper password for the router. Note: this password is different from the password to access the internet from the router. Once on the router, look for a menu item that says Wireless Settings.
One very obvious security measure is to disable the Service set identifier or SSID. Once the SSID is disables then it would show up as Unnamed Network (or something like that). If someone wished to connect to the network then they would have to manually enter in the correct SSID for that network.
Uncheck this setting and the SSID will no longer show up and everyone else will have to enter in the proper SSID.
Encrypting the Connection
Encrypting the connection is the biggest security feature of wireless networks. This basically blocks everyone from connecting to our wireless router unless the have the proper password. There are usually several different types of encryptions available to us:
- WPA-PSK[TKIP] + WPA2-PSK[AES]
The first one is WEP. This security method is actually deprecated for encrypting 802.11 networks and really shouldn't be used. The best option for encrypting networks is WPA2-PSK[AES] since it supports both ultrastructure networks and ad hoc networks (WPA cannot support ad hoc networks). AES is also a stronger encryption method than TKIP.
MAC (Media Access Control) Filtering deals with the physical address of a wireless NIC. Our wireless cards and ethernet ports all have a physical address formatting like so: 00-00-00-00-00-00. This uniquely identifies our NICs. Generally, the first three groups refer to the manufacture of the NIC and the last three refer to the "serial number" of the NIC. Every interface, whether it's gigabit ethernet or a wifi card, must have a MAC address.
Under an option like Advanced Wireless Settings, there should be an option for Mac Filtering (I believe for Linksys routers there's an option that is called MAC Filtering).
Simply label the device like Kitchen-PC and to find the MAC address do the following:
- Open run and type the following: cmd
- Once command prompt is open, type the following command: ipconfig /all
- Look for your Wireless LAN Physical Address and input that number into the router.
Mac addresses are highlighted below:
MAC Filtering literally limits the MAC addresses that can connect to the router. This is a great security feature of most routers but should not be used alone. MAC addresses can easily be spoofed by editing the number in the registry or by using a third-party application.
MAC Filtering adds an excellent layer of security to our network. When combined with disabling SSID broadcast, setting a WPA2 password and enabling MAC Filtering, our wireless networks are safe and secure. It may take a little more work to add users, but it's worth its weight in gold in the long run.
Changing the Default Login Password
Perhaps one of the most significant security measures we could implement on our routers is to change the default password for logging onto the router. In the very beginning of this tutorial, we logged into our router via the IP address. If this password is either of the following, then the password must be changed:
- [No Password]
There should be some menu item that allows us to change the password to log onto the router. Most of the times we cannot change the username that logs onto the router, only the password.
Above is a common list of things that can be done to secure a wireless network for your home or very very small office. To recap we can do the following:
- Disable DDIS
- Encrypt Internet Connection
- MAC Filtering
- Changing the password to the router
Additional Things that can be Done
There are a few additional things we can implement on our router that will add an additional layer of security and content filtering for children/employees.
- Schedule Internet Hours
- Block sites
Scheduling hours literally limits the hours that the router will function. During the "off hours" the router will not allow internet access from any system that is connected to it (whether it's wireless or wired). This is a simple method for controlling when children or employees are able to access the internet.
As you can see by the image above, we can limit the time frame for the internet to work on any given day of the week. The only contingency for this is that the time on the router be correct and that Day Light Savings Time is correct too.
Blocking malicious websites is always a must on any network. If a malicious bit of software were to infect a system on a network, it could potentially infect other systems in the same network if it's insecure. Websites that contain pornographic material, websites that reduce employee productivity, and other assorted websites can lead to malware infections.
These last two techniques can be used to limit the hours that anyone may use the internet and to limit the keywords or specific domains names. This can help prevent users accessing malicious websites and accessing the internet at unwanted times.
Wireless routers are useful and convenient. Securing these devices is essential for keeping networks from being accessed by unwanted users.