By Peter Daley
Securing you wireless router is an adventure. You will need to be a bit secret agent, plus be willing to play the odds. Your tools will be some dice. You know the type they use to gamble at the casino, or you play board games with.
First of all secure your wireless router with a better password than the one supplied by the manufacturer which is usually admin / admin or admin / password. Read theses two previous blogs.
Even thought these blogs are about broadband modems and general password creation the info equally applies to wireless routers. If you don't secure the device first the rest of the security set up is a waste of time. You should just resign as a 007 agent now.
This is were your 007 skills come in. Go to the Diceware site,
This is where you hone your secret agent skills on using the dice to create a really good quality secret agent passphase.
Now play the odds, download the dicewarewordlist.pdf. This is your tool to create a really good WPA2 passphase. The passphase must be longer than 20 characters using a splattering of unusual characters. Most of you who actually attempted to put some form of security on your wireless router would be using 20 characters, or less dictionary word base passphase, and hackers are laughing. It has been know for many years that a WPA 20 characters, or less dictionary word base passphase is easily broken.
Now you take the dice, and dice word list into a room and close the curtains. Why the drawn curtains? Every secret agent worth his salt knows they they can now read what your typing from the reflections in the window. Also, don't leave your keys to your computer room lying around because they can now make key duplicates from a photograph. Boy, don't you know anything.
After you have created and memorized the secure paraphase key you can burn it, pulverize it in a mortar and petsal, and flush it down the toilet. Make sure you flush twice. Ok, a bit over kill for most of you. One flush is probably enough. Write into your secret code book because it going to be so complicated most of you won't remember it anyway. Don't store it in your computer.
Are you still with me secret agents. Now we have to enter the key into the WPA2 / AES wireless setting in your wireless device. Man this is all ridiculous, your telling me. I haven't finished yet!
Turn off Broadcasting your wireless SSID. Don't use the factory default SSID change the SSID wireless ID to a very unusual set of characters.
Turn of DHCP auto IP address assignment and assign all your network IP addresses manually.
Turn off WAN if you don't need it.
Turn off high power wireless transmission, if you don't need it. If your leave these two things on you will have created a very powerful radio station transmitting your presents into the suburb. Not good for secrecy!
Turn off your computer, wireless router, and broadband modem when not in use. This significantly lessons the opportunity for the bad guys can break in. It will also helps the planet and you hip pocket, by using less electricity, thus lessing the production of green house gases. Read my previous blog on this subject.
Turn off the UPNP (Universal Plug and Play) feature. IMPORTANT also turn off UPNP in your Broadband modem as well if it is a separate device. NOTE: Xbox, video streaming, and VIOP devices may stop working when you do this. UPNP is really big break in vector for most wireless routers and broadband modems! Incidentally UPNP will be a big feature of the newest high speed wireless routers that will arrive soon!
Make access to your wireless router more difficult by turning on access controls. This means that only a machine with a particular device MAC address, or IP address on your network has the ability to connect to your wireless router, to change the wireless router settings.
Make sure the firewall is turned on and set to high if possible. If things stop working drop it a notch.
Change the gateway address of your broadband modem form the standards factory addresses of, 192.168.1.254, 192.168.1.1, 192.168.0.1, 10.1.1.1, or 10.0.0.138, Use anything other than these numbers. These numbers make it so much easier for hackers to guess your network set up. Once you have done this enter the new gateway address into the wireless router.
If you have read this far you have earned your secret agent certificate.
Now you may see why I suggested in my previous blog to turn off you wireless router, and plug your computer directly into your broadband modem with a network cable. It is just simpler, faster, safer, and more reliable.
You don't need to go through the Diceware procedure, and only need need to do all of the above except for items 1 & 4 to secure your broadband modem, or yes plus the password creation bit. Ok! Isn't modern technology wonderful easy to use, and secure. Just network wire the place, it probably work out cheaper in the long run because you won't need to constantly upgrade to the latest wireless router.
A university recently created a concept virus for wireless systems. They let the virus go in wild in their local town and found the only thing that stopped it spreading further was the local river. Just like one person catching a cold, and then giving it to anyone who comes in close contact.
© 2008 Peter Daley
Disclaimer: This is an amateur volunteer run service. Human error can provide incorrect information, and equipment malfunction can produce false readings. Do not rely on, or take action upon information presented on this web site or at SCCC activities, without further research. Views expressed in the pages, images, or tutorials on the SCCC Inc., web site or presented at venues, maybe the personal opinions of the relevant writers or presenters, and are not necessarily representative of those of SCCC Inc.