You are on page 1of 4

Tech Advisors : Yahoo!

Tech

http://tech.yahoo.com/xb/print-view/null;_ylt=AiY1hQLnkS5ZpznE_i...

http://tech.yahoo.com

Wi-Fi Security Made Easy
Mon May 8, 2006 4:14PM EDT

See Comments (29) A comment on my Wi-Fi dropouts post requested help in configuring security on a wireless router. I'm happy to oblige. Here are my suggestions for securing your wireless network, from most important to least. I'd love to show you exactly how to make all these changes, but unfortunately every router is different, even routers made by the same company can have wildly different management schemes. Consult your user manual for detailed instructions. Change the administrator password. All routers ship with default passwords for the management account, and these are common knowledge on the Internet. Your first step should always be to change the admin password to something unique. Turn on encryption. No wireless encryption method is perfect, but some is better than none. Without encryption, anyone in the neighborhood can hop on your network, and you probably don't want that. If all the devices you own support WPA, use it (WPA-PSK is the type you want, if that's an option). Otherwise, use 128-bit WEP, which you might have to use if you have older networking products around your office. Change the name of your network. Many people never change the generic network names like "belkin" and "linksys," and not only will you have trouble identifying which network is yours, you're also telling the world your network may be in a default state and vulnerable to hacking. Now we're getting into more advanced stuff. These are changes that only the security-paranoid need to consider. More casual users can stick with just those above. Turn off SSID broadcasting. When you scan for networks in Windows, you get a nice list of networks because they are all broadcasting their SSID, a network ID code. If you don't want your network to show up in this list, turn off SSID broadcasting. The downside: You'll have to type in the network name manually when you first connect to it. Turn on MAC filtering. A MAC is a unique code that every piece of network hardware has. You can set your router to only accept connections from devices with MACs that you allow. Just input the MAC address for your various PCs and other devices, and anything not on the guest list will be escorted to the door. Note that if you're not comfortable with hexadecimal and the inner workings of networking, this tip may be more trouble for you than it's worth.

Comments on Wi-Fi Security Made Easy
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.

1

Posted by mariachiozi on Tue May 16, 2006 8:44AM EDT Report Abuse

how can ı open mac.Đf ı turn wep encryption ,is my connection has been slower ?

2

Posted by bauersocks on Tue May 16, 2006 8:44AM EDT Report Abuse

Mac filtering requires knowledge of hexadecimal? What brand router does this? How about providing the series of simple steps required to get your mac address, add it to the list of mac addresses allowed in your routers software and and save? The writers knowledge sounds dated and seccnd hand.

3

Posted by zero2dash@sbcglobal.net on Tue May 16, 2006 8:44AM EDT Report Abuse

1 van 4

26-10-2006 7:30

Tech Advisors : Yahoo! Tech

http://tech.yahoo.com/xb/print-view/null;_ylt=AiY1hQLnkS5ZpznE_i...

MAC addresses are one of the easiest things to figure out. Start a command prompt, type ipconfig /all and look at the Physical Address 12 character ID set of your network adapter (which is 2 digits separated by dashes). There's a couple things you left out, Mr. Null. A very simple step is to change the third octet of the IP address of the router from 0 or 1 to something else. Say for instance, change it from 192.168.0.1 to 192.168.50.1...most routers are either a 192.168.0.1 or 192.168.1.1 IP address (unless changed by the user). This is a very easy yet effective step. The more difficult other step you left out (although, in reality, it's not THAT difficult, but most casual PC users might cringe) is that you should disable DHCP on the router and choose to manually enter IP addresses for all of your computers, that way if someone is able to access the router, then the router will not automatically by default give the "hacker" computer an IP address to be used on the router to access the router's network. If anyone's interested in uncrackable WEP/WPA codes, I recommend checking out Steve Gibson's password generator page at: https://www.grc.com/passwords

4

Posted by lennyleon2000 on Wed May 17, 2006 1:20AM EDT Report Abuse

What you are all failing to understand is that the author made no claims that he was giving step-by-step or in depth instuctions on securing a wireless connection. He gave exactly what he stated, which was advice. Every router comes with detailed (step by step) directions on securing it. Reading a manual is something more people should do. Also zero2dash, even though you are trying to help your instructions do no more than confuse the average end user because if they don't know where to find their mac, they for sure won't understand how to set static ip's instead of using dhcp. :(

5

Posted by jimmysymo on Wed May 17, 2006 5:26AM EDT Report Abuse

good for you lennyleon2000

6

Posted by reynaldo.bernabe@sbcglobal.net on Wed May 17, 2006 11:51AM EDT Report Abuse

Just want to know how I could switch from a different brand of wireless router? I tried switching from Airlink to Linksys and I could not get connection when I switch to Linksys. Any help is greatly appreciated!!! :-)

7

Posted by makkashian on Wed May 17, 2006 7:52PM EDT Report Abuse

My problem isn't that. My problem is I can't get it working. I have a lyncsys wireless router and a wireless card. According to my laptop, it's recieving the signal but I can't get on the internet. I have an IBM laptop with windows 2000. When I review the information, it says the enccryption is off. Would that make it not work?

8

Posted by bonkstr on Wed Oct 25, 2006 1:42PM EDT Report Abuse

Dont forget to check the settings on your anti-virus software "networking" section which may be the problem with certain network issues. Took me a week to figure this out and not a single DSL or router company rep. i spoke with had mentioned the possiblity of a conflict. Once i configured my anti-virus software the problem was solved. Bonkstr@yahoo.com

9

Posted by burnedinyoureyes on Wed Oct 25, 2006 1:45PM EDT Report Abuse

yes this would make the network not work. both encryption codes need to be identical. also make sure your card is set as the default and no other wireless cards are present in your laptop. I thought most routers come with an easy hexadecimal generator code which or translate your password into hex.

10

Posted by vasquezmi on Wed Oct 25, 2006 1:55PM EDT Report Abuse

This should help with MAC IDs. There is software out there that will tell you the MAC ID of your computers hardline or wireless network card. The best tool yet is MACUUID, just search for it in Yahoo! Open it up through the Command Prompt and you will get your systems MACID that can then be entered into your routers MAC Accept list.

11

Posted by hackster666 on Wed Oct 25, 2006 2:01PM EDT Report Abuse

mac address can be spoofed and or changed...although tedious it isnt that secure either.

12

Posted by btam33 on Wed Oct 25, 2006 2:14PM EDT Report Abuse

Your article on Wi-Fi Security was much to technical for this old illiterate PC man, I would like to isolate my equipment, but technical terms leave me in the dard

13

Posted by thecyberfleamarket on Wed Oct 25, 2006 2:28PM EDT Report Abuse

2 van 4

26-10-2006 7:30

Tech Advisors : Yahoo! Tech

http://tech.yahoo.com/xb/print-view/null;_ylt=AiY1hQLnkS5ZpznE_i...

Great advice. The average home pc user may not know how to do some of the things suggested,but they also know they can look it up or theres normally a help tab or button that describes what your trying to do. I have turned my pc on and could see other networks in the neighborhood. I have mine secured now. When I first set it up, a lot of strange IP addresses were popping up and I would have an option of trusting them or not. After I secured it, that no longers happens. Linksys has a great help section online, and at their website and on the phone.

14

Posted by medictft91158 on Wed Oct 25, 2006 2:30PM EDT Report Abuse

WPA is best and not that difficult to set up. WEP is better than nothing. Using MAC filtering is also good and provides an additional layer of protection. Although MAC addresses can be spoofed it is not real easy and someone needs to know one of YOUR MAC addresses. You can also turn off DHCP and assign each computer or device on your network a static IP. You could also leave DHCP on and limit the number of addresses available to the number of devices connected to your network so when someone ties to access your network there is no addresses available providing your devices are always on. Further, make sure you have a firewall on each PC and that the firewall allows the router and the addresses or address range you have specified access to the internet or you won't be able to get out. If you have question about this email me.

15

Posted by markosians on Wed Oct 25, 2006 2:49PM EDT Report Abuse

I too used to think that MAC filtering was enough. When I started to research wireless security I realized it isn't. I recommend setting up WPA2 security on your wireless system. I know, many will say that it is overkill, but if your equipment is capable and your going to setup security anyway, why not setup the best available? Nick

16

Posted by jchristingray on Wed Oct 25, 2006 3:08PM EDT Report Abuse

Does this apply to broadband wireless cards, luke Verizon or Sprint wireless laptop card conntections?

17

Posted by mjmmartinis on Wed Oct 25, 2006 3:18PM EDT Report Abuse

How do I turn on encryption, and set up a password?

18

Posted by skerett on Wed Oct 25, 2006 3:21PM EDT Report Abuse

100% security on Wireless connection is MAC address filtering. Read your Wireless router manual. Only your designated PC can pass and use your "internet" network.

19

Posted by rlaboucane on Wed Oct 25, 2006 3:28PM EDT Report Abuse

Adding a further comment about WPA-PSK. There are 2 flavours, AES, and TKIP, AES being the stronger form. The only reason I mention them is because some wireless router manufacturers do not list WPA-PSK as an option, but rather list TKIP and/or AES. WPA-AES is also sometimes called WPA2 or CCMP.

20

Posted by djnewman@pacbell.net on Wed Oct 25, 2006 3:29PM EDT Report Abuse

How could MAC filtering not be enough? If the router doesn't accept the connection, then the only way to see the data stream is to intercept the RF. Any data being transmitted is between active network components, IE 2 PC's that have unique MAC addresses and the router. Assuming that the RF could be intercepted, understood and parsed (not too unlikely, but too much effort), you would be know the MAC addresses of the router and the 2 pc's. In order to enter the network, you would have wait until one of the PC's was not active, spoof its MAC address and move your data. HOWEVER: as soon as the spoofed pc attempts to transfer data, the networking would error out due to 2 sources of the same MAC address on the network. Did I miss something? Based on the above, I believe that the best course of action is to do all of the above and don't rely on just one item: 1) Use MAC filtering 2) Change all the passwords, names and ip addresses of the router 3) Turn off DHCP 4) Turn off SSID broadcasts 5) Use whatever encryption you can stand based on your data speed requirements. 6) Pay attention to the firewall in your wireless router and set up some rules to close ports and block sites you don't use. 7) Most important - turn things off when you aren't using them. None of the above rules are rocket science, and if you expose your network to the Internet or the Wireless world, you should be practicing them. More Results: 1 2 3 | Next

Copyright © 2006 Yahoo! Inc. All rights reserved. | Copyright/IP Policy | Terms of Service | Help Notice: We collect personal information on this site. To learn more about how we use this information, see our Privacy Policy Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

3 van 4

26-10-2006 7:30

Tech Advisors : Yahoo! Tech

http://tech.yahoo.com/xb/print-view/null;_ylt=AiY1hQLnkS5ZpznE_i...

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.

4 van 4

26-10-2006 7:30