6 Steps to Secure Your Home Wireless Network

many people ask for wireless set-up

there i found something very interesting helpful to everyone specially newbies

http://www.thegeekstuff.com/2008/08/6-steps-to-secure-your-home-wireless-network/

 

Item 4 (Enable MAC filtering)
Keep in mind that MAC ID's are sent in plain text anyway. I have read before that MAC filtering is the most work for the least security, and I agree.

 

Patch the OS
Update the drivers on the NIC
Use WPA2 / AES and good SSID, Change the Passcode monthly and check the signal layer. Do a walk around with a wireless laptop on your property and see what's out there. I found 3 APs that are not secured and still on 802.11b.

 

To sum it up

1. Change admin and user password first
2. Rename SSID for ease of use and setting automatic connect in clients
3. Add encryption with WPA (preferably 2).

Optionals
4. WPA mode look at wireless setup section of router
When your Router facilitates WPA2, make sure you choose WPA2 and not AUTO, because this allows WPA and WPA2, so you think you have WPA2 but router also allows clients with WPA to connect.

5. DHCP reservation look at network setup section
DHCP gives clients always the same IP address based on MAC address of the client's networkcard (and/or computer name depending of the luxury of your model). This provides the ease of use of DHCP (dynamic host configuration protocol) while having the advantage of fixed IP addresses (without the more complex manual setup).

Next look for something called access control in the advanced setup. Allow only the IP addresses to access the router and deny all others. This has teh same effect as Mac Address control, with an additional IP address restriction

Advantage:
Mac Addresses can be spoofed, so when your router also offers other ID (like computer name) this will raise the threshold (a little) for hackers and man in the middle network hacks. When you are hacked, it also provides some room for counter measures when you still can use IP addresses (hacker will try to control all). At least when you roll out a normal cable and add at least one non-wireless client to the list and keep this fixed cable as an emergency access to the router (I have it unplugged lfrom the PC and the rolled up cable laying besides my router). Also when you never look at your routers logs, forget about this option 5

Regards Kees

 

I don't know if this will help or not, but Cisco has a free tool which will help secure wireless networks.

It will only work with Linksys hardware, though, so it says in the site (the free version).

http://www.purenetworks.com/product/basic.php

The download is for the Pro version, but if you decide not to buy it, it will revert to the free version, which offers more than enough for home users.

Might be helpul.


Regards

 

My router is using "WPA-PSK".

Am I at risk?

The only options it gives me is:

WPA-PSK

WPA2-PSK

WEP

 

I changed from WPA to WPA2. Then saved to router. Then rebooted. But once the router rebooted, it reverted back to WPA.

Why?

 

That's network magic! You don't need to use that even if you are still on XP. Xp has some hidden features that just need to be enabled. Vista and 7 don't need Network Magic either. They have features like that already.

 

Each router has it labled differently. WPA2-PSK is what I have also but if you look deeper you'll see it's AES also. WPA2 comes it all types of flavors also. DLINK, Belkin, EnGenius, Sitcom, Netgear, Linksys, Trendnet, TP-LInk, ASUS an etc. Have the Web Admin layout differently.

I see some of you can change the user name, but most of us it's built-in. You can change the password. Some make it harder than others. There is also the Guest SSID mode. Some have Hotel Like Web Interface that prompts you for the passcode or Hot Spot or just join to wireless network A, B, C. You would give your friend or family guest the passcode. That Guest mode has the same type of encryption but under the Guest mode they can't access your LAN just the WAN (internet) Make sure such a feature is disabled if you're not using it.

That is another security hole.

I use: Xrrius Wi-Fi Inspector (free), Wireless Mon (trial of 30 days then pay for) and inSSIDer (free) Out of the 3 I like inSSIDER then Xrrius. This is a must for anyone running wireless. The program will tell you how secured your wi-fi is besides helping find the right location for your AP Router or AP or Repeater or WDS or WB or WBC.

 

As I was trying to point out. Some routers have two settings you need to change. WPA-PSK means WPA pre-shared mode. You have the WPA-Mode problably still on auto. Look whether you can change it to WPA2 only as shown on the pic.

You should also change it at the wirless device on teh client

 

Not sure but my download quota has not been affected so it looks OK for now. And I am thinking that I may need to tell Vista BEFORE I change the router to use WPA2. Because in Vista it says WPA is being used.

If I notice GB's of data being "taken" away from my account, then I will know someone hacked my router.

What's the WORSE that can happen if someone hacks my router? They just steal my bandwidth right?

 

My router is the Billion 7401VGP R3. So it's using AES? Because in Vista, it says:

Security Type: WPA-Personal

Encryption Type: TKIP

But I have option to change "Security Type" to: WPA2-Personal. Maybe I need to change that in Vista FIRST? Maybe that's why my router keeps reverting back to WPA?

And I can change "Encryption type" to: AES. Currently it says: TKIP in Vista.

Do I need to change Encryption Type in Vista to WPA2-Personal BEFORE I change the settings in my Router to WPA2?

And should Encryption type be TKIP or should I change it to AES in Vista?

 

My billion router doesn't have those features you showed in that pic.

 

Select WPA2 personal, if you have the option choose "AES" only as Chyper (and not TKIP). Then go to VISTA and remove the connection and make it again from stratch. Done.

Do not rely on what VISTA says, if you have selected WPA2 and AES in the router then you are fine. OS may not always correctly display your wireless security settings.

Fax

 

Fax, I cannot select WPA2 on my router because as soon as it reboots, it reverts back to WPA and I have no idea why it does this and have no idea of the solution.

And when I change from TKIP to AES in Vista, all of a sudden my Laptop won't connect to my router and I need to change it back to TKIP and then it connects again.

Vista complains something about "This setting does not match the settings of the network".

WHY?

Anyone?

It seems the only thing that works is WPA + TKIP. Nothing else works as when I change anything to AES or WPA2, my laptop disconnects from my router.

Solution?

 

GOOD NEWS everyone!

I figured it out all by myself.

What I had to do was exactly these steps because if I didn't do things in this order it wouldn't work.

1. Login to my Router and change to WPA2-PSK. Then my Laptop would disconnect. NOT REBOOT ROUTER as this reverts router back to old password!

2. Then change settings in Vista to WPA2-Personal + AES.

3. Then laptop connected to router.

And the reason why my router kept reverting back to WPA is that I needed to change Vista WPA to WPA2 BEFORE I rebooted my router, otherwise the router keeps revering back to WPA.

I wish someone had have told me to do it these exact steps so I would have saved a lot of time playing around with this It's funny that a noob as myself figured this out and you experts couldn't tell me

Suffice to say, I feel a lot better now running WPA2 + AES

But I do have another problem... I am unable to change my wireless password in the router as that also reverts back to the old password. And if I change it in Vista FIRST, then it looses connection between router and laptop and I am unable to connect to router to change the password in the router

 

The bit where you were told was in fax's post, here:

philby

 

What he forgot to mention was "DO NOT REBOOT ROUTER UNTIL YOU CHANGE THE PASSWORD IN VISTA"

That was what I was doing wrong. I ws rebooting router BEFORE I changed password in Vista, hence the router would revert back to old password.

 

I wanted to ask an important question..seeing I have now changed to using WPA2 and AES, is it crucial I change my old wireless password? Can someone still use that old password to login to my laptop and steal all my harddrive data?

The reason I ask is that I am unable to change my wireless password for reasons mentioned above.

 

AFAIK, you shouldn't have had to reboot the router providing you had saved the new setting in the router's GUI.

I've read back but can't see why you can't change your password...?

If it were me, I'd do a factory reset and start again, nice and clean.

philby

 

Let's assume someone had FULL ACCESS to my wireless connection when I had WPA + TKPI, what kind of data and information would they have right now?

What if someone hacked my wireless password. What exactly can they do once they have your password?

And can someone login to my laptop and steal all my text files and important documents stored on my laptop's hard drive?

Or can they only intercept the information flowing through the air from my laptop to my router? If so, can they have read my passwords I enter when I visit my Netbank etc?

 

Yes, correct

No, not needed. Router can/must reboot
On Vista was enough to remove the existing connection and create a new one.

Anyway, you found your way. But I would still:

1. Connect via ethernet (cable) to the router
2. Update the router with latest firmware (if you have not yet done it),
3. Fully reset it (30-30-30 seconds method)
4. Change default router access password
5. Setup connection and/or WIFI (WPA2 AES)
6. Use another wireless password
7. On VISTA: Remove any old wifi configuration, discover again the router, add it.
8. Done

Cheers,
Fax

 

Huh? Completely not related. There's no need to change password on your OS before changing on the router, actually it won't do a thing. Change settings in router/AP..and apply. Give the router/AP a few seconds to reload those changes and start broadcasting...and then give your PC a minute or so for the wireless config to pickup those new broadcasts...and then run through the easy peasy connection wizard where you will apply the new wireless security password, and you'll be connected.