Technology of the Month

Many of you have broadband (DSL or Cable Modem) access at home and also have a wireless router that allows you to connect several computers to the Internet (and to each other) wirelessly or over a wire. Unless you have followed the instructions in your user manual to secure your wireless router, your computers may not be adequately protected against intruders. This posting includes general guidelines on configuring these devices properly. Due to the variety of wireless routers that are available, it is not possible to give specific configurations instructions here, but the suggestions below should help you get started.Before we delve into specifics, we want to stress that properly configuring the wireless router is extremely important. If you do not securing your wireless network, anyone in your neighborhood can possibly use your router to get to the Internet and even worse, they can possibly invade your network or capture your private information. You may trust your neighbors, or you may feel that your neighbors are not technically sophisticated enough to be able to do this. You must consider, however, that your unsecured network is open also to your neighbors’ visitors, even virtual ones. If your neighbors’ computers have not been configured properly and have been broken into, then these virtual visitors (from all over the world) can possibly be your visitors too.

So, here are some guidelines.

1. Wireless security configurations are complicated - Depending on your level of technical expertise, you may want to seek professional help in configuring the wireless network at home. One of the popular service that you may consider is the Geek Squad (Please note that we do not officially endorse them in any way).
2. Change the Administrator Password – All modern wireless routers provide a Web interface for you to manage its settings. You should read the manual (if you have lost it, you can get it on the Web) for instructions on how to connect to the router. Typically, trying to connect to http://192.168.0.1 or http://192.168.1.1should take you to your router’s login page. In a few cases the address may be http://192.168.2.1or something else. Once you are at the login screen, you will typically need to enter the administrative username and password. The username is typically administrator or admin. If you have never changed your router’s password, you should enter the default password. The default password is frequently blank or the word admin or administrator, but you will need to consult your router’s documentation to find the default password if these do not work. Once you have logged in, you should immediately navigate to your router’s user administration page to reset it to something that is not easily guessable.
3. Change the Default SSID – Every wireless router advertises itself with a name. Its default is typically the name of the manufacturer like “Linksys”. You should change this to something that is a little bit more meaningful to you (though for added privacy, you may opt for a name that does not indicate where the router is located). If you do not change the default SSID, it is typically an indication that you have a poorly configured router and exposes it to hackers.
4. Turn on Encryption – Traffic from your laptop to the router travels unencrypted unless you connect to services that require encryption (such as URLs beginning in https://). Despite the fact that most of the important data, such as financial information, is already encrypted, we still connect to many services that are not. A hacker can potentially capture the packets going from your laptop to the router and use it to his/her advantage. So, you should turn on encryption. We strongly suggest that you turn on WPA (or WPA2) encryption, which is the strongest possible encryption available. This requires reconfiguration of all the laptops, so do it with extreme care. WEP, which an older standard, is easily broken in to, and in our opinion, gives a false sense of protection. If encryption is important to you, we advise you to use WPA instead of WEP. If your router does not offer WPA encryption, you may be able to download a firmware upgrade from the manufacturer’s Web site that will add this functionality. Some very old routers may need to be replaced to add WPA encryption.
5. Turn Off Broadcasting - This simply instructs the router to stop advertising itself over the air. When this is done, you will no longer see your router listed when you browse for available networks, so you will need to manually type the name of your wireless network when joining new machines to the wireless network. From security point of view, this is a very good step, but from usability, this requires you to reconfigure your wireless laptops. The good news is that the reconfiguration needs to be done only once on every computer.
6. Turn on Firewall - You should seriously consider turning on the firewall on your router. This provides additional security at the perimeter, so hackers are stopped at the firewall and not allowed to invade your network. Please be aware that if you have youngsters in your house who use game consoles such as Xbox or Nintendo Wii, you will have to reconfigure your firewall to allow for exceptions if they play against other users on the Internet.

As we mentioned above, these suggestions offer you some best practices guidelines. Exactly how these are implemented depends on both the router that you have as well as the operating systems that run on your computers. Here are a few links that can provide additional information on various configurations:

The following Web site contains directions for connecting to the Brandeis wireless network using WPA.  While the documentation is specific to Brandeis, it also contains useful information for general WPA configuration.

http://lts.brandeis.edu/techresources/connecting/wireless/securewireless.html 

Information on Macintosh and WPA:

http://docs.info.apple.com/article.html?artnum=107795

Setting up the ubiquitous Linksys WRT54x wireless router with WPA:http://kimpeacocke.blogspot.com/2006/06/setting-up-linksys-wrt54g-wireless-g.html 

Setting up WPA2 on a Belkin router (with XP screenshots): http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002706

Setting up WPA on a Windows Vista client: http://www.periodiklabs.com/support/manual/mac/vistaclients.html