Networking

Locking Down a Wireless Access Point in 10 Steps

  1. Change the password – With all Linksys routers and access points, it is extremely important to change the device's default password. Login to your router and enter the default password. The version of the firmware or the router that you are using will determine where the Change Password button is located. Make sure you find it. This is the single most important step. Change the default password and choose a password that contains both numbers and letters. This will reduce the possibility of your password being guessed or hacked.
  2. Change your SSID – The SSID is the shared network name that all devices run on a wireless network. The name is case sensitive and should be no longer than 32 characters. You can use any keyboard character you choose when renaming the SSID. The default SSID of the Linksys access point or wireless broadband router is set to Linksys. It is highly recommended that you change the SSID to a unique name other than the default.
  3. Disable SSID broadcasting – In order to keep your Linksys product from broadcasting the SSID to hackers or wireless clients, change the Wireless SSID Broadcast to Disabled.
  4. Enable encryption – The Linksys WAPs and wireless routers all come with a wireless security option that uses encryption. To prevent hackers and outside users from accessing your network choose between several forms of encryption: WEP (64 or 128 bit) or WPA-PSK (on some devices). Once you choose the security encryption type, you will input a passphrase (or have the system generate one for you). This same passphrase needs to be entered on each client that uses a wireless network card to connect to the access point. On Windows XP you can access the properties by going to Network Connections in the Control Panel (or right-click My Network Places). Next, right-click on Wireless Network Connection and choose Properties. Click on the Wireless Networks tab and choose properties of your wireless connection. Enter the appropriate encryption type and passphrase.
  5. Keep firmware updated – On a regular basis, visit the Linksys Web site to make sure you have the latest version of firmware for your Linksys product.
  6. Enable MAC filtering – There is a Wireless Network Access MAC Filter that you should enable to only allow specific MAC addresses. Some Linksys products have a Select MAC Address from Networked Computers button that will allow you to select the computers on your network that need access. You can run an ipconfig /all (from the Windows command line) on each computer to obtain the MAC address. It is listed as the "Physical Address" and will have a format that looks like this: 00-50-56-X0-00-08.
  7. Limit DHCP – Configure your DHCP settings with only the number of computers that need Internet access. For example if you have 5 computers, only configure DHCP to hand out 5 addresses.
  8. Block WAN Requests – Enable this feature to block intruders from attacking you over the Internet. This setting hides your IP address from the outside world.
  9. Use desktop firewalls as an additional layer of defense – Don't rely on the Linksys router as your only means of defense. Install a desktop firewall on each PC that's connected to the Internet through the Linksys router. A free and effective desktop firewall is Zone Alarm. Furthermore, it is important to keep the desktop firewall up to date with the latest version in order to remain secure in the future.
  10. Look at your network like a wireless hacker – Download NetStumbler. Use it with a laptop or PDA to examine your wireless network. Then, if you are curious, walk around your neighborhood or office complex. You may look like a geek but you would be surprised how many people broadcast their SSID and do not set MAC filtering or encryption. If you know of any the neighbors that have wide open access points you shouldn't be shy about sharing this document with them.

Editor's Picks

Free Newsletters, In your Inbox