Secure Wifi in Three Steps
Secure Wifi in Three Steps
w.04.2007 / r.03.2009
Wifi is a great convenience, especially for laptop users who wish to stay
away from the web of wires around their home or office. However, WiFi has
several fronts which need to be guarded. We recommend small business routers
such as Linksys, Netgear and Dlink, in that order.
A New Password
The router itself needs a password to access its configuration tools. When
you call up your routers admin panel (which is likely 192.168.1.1) it should prompt for a username and
password. Usually, the username is either blank or 'admin' and it is
typically unchangeable. The password by default is usually 'admin' or
'password' depending on the manufacturer. Everyone knows this - that is why
it is imperative to change the password to something unique. Preferably
something with letters and numbers, at least six characters long. This step
alone is not enough by far.
When utilizing an Encryption Key, you create an encrypted link of communication between your computer, and the router.
There are several types of keys available for you to enable. For a small business, the best choice is WPA or WPA-2. WEP is not as secure as WPA. The
encryption key is like another password that is shared by the router or access point (AP), plus all of the wireless devices that want to connect
through it. This means you need to place that WPA key into each Wifi enabled device. You can set a key for each SSID (router/AP) you connect to at home,
Properly using WPA along with "A New Password" are enough to consider this aspect of your network secure.
Lastly, your router should let you give it a list of MAC addresses to "allow" (or disallow) access. A MAC address is a unique ID that all networkable devices
have built in. For Windows, click Start -> Run, then type 'cmd' and press enter. In the command window that pops up, type 'ipconfig /all'. You should
Physical Address ............... XX-XX-XX-XX-XX-XX
That string of characters is your MAC address. Input that into your router and tell it to "Allow Access" for only your list of MAC addresses.
One easy way around all router security is simply to 'reset' the router (if you have a chance to get a physical presence). Typically, businesses use
192.168.1.X for their network - resetting will wipe out all WPA keys, MAC restrictions, and set the password to default again.
Usually, people on the network would not even know the router has been reset as their internet and network would still "just work".
A secured network and an unsecured network are both transparent to the end user. Knowing this, it might be a good idea to set your network
up under something like 192.168.2.X (something other than the default), then hardcode your computers IP addresses to
that as well. If the router was reset, everyone would lose access and subsequently call out a technician - who would get you back online - securely.
It's kind of a "poor man's" early notification system. Otherwise, you could go months without knowing you are using an unsecured network.