Wednesday, December 29, 2010

Securing Linksys wireless routers

Securing a wireless router isn't hard, but it does take a little thought. How many devices are hooking up to your wireless? What encryption modes to they support? What is the best mode supported by all of them?


You can worry about things like whether or not to broadcast your SSID, filter MAC addresses, or using static IP's instead of DHCP, but in most cases the defaults will be fine. The main benefit is to make your wireless more of a pain to crack than your neighbors. The trouble of maintaining a list of MAC and/or IP addresses just isn't worth the slight added security most of the time.


Today we're looking at the wireless security settings of the Linksys WRT54GS2. If you have another model Linksys router the settings should be similar enough for this to help setting it up.


The first thing to do is to use a Cat-5 or Cat-6 ethernet cable to connect to your router. That way you don't have to change the settings on your computer every time you save a wireless setting on the router. To connect to a Linksys router, type 192.168.1.1 in the URL field on your browser. A login dialogue will popup. The default user is 'admin' (you can't change it). There isn't a password by default.



The router basic setup page will load. Leave the pull-down menu on automatic configuration. Change the local IP address to any address in the public ranges. Don't leave it at the default. If the DHCP server isn't enabled, enable it. Set the starting IP address for the router to give to other devices. I usually just set it to start right after the routers IP (ie 192.168.1.2 if the router is 192.168.1.1).


Photobucket

Once you have the basics setup, click on wireless security. The Wireless Basic setup page will load.

Photobucket

Linksys has 6 security options. WPA2 Enterprise and Radius require security servers and are intended for corporate use. If you can, use WPA2 with AES, otherwise, use the best security all of your devices support.


Photobucket

Photobucket

There are no other settings that you really need to worry about for security, but there are settings you may want to look into for information. You can block computers on your network from the internet, route a VPN through, open ports for specific services. It's a fairly versatile consumer router.