Securing your wireless router is an adventure. You will need to be a bit of a secret agent, plus be willing to play the odds. Your tools will be some dice.
First of all secure your wireless router with a better password than the one supplied by the manufacturer which is usually admin / admin or admin / password. Read these two previous blogs. Even though these blogs are about broadband modems and general password creation the info equally applies to wireless routers. If you don't secure the device first, the rest of the security set up is a waste of time. You should just resign as a 007 agent now.
This is were your 007 skills come in. Go to the Diceware site,
This is where you hone your secret agent skills on using the dice to create a really good quality secret agent passphrase.
Now play the odds, download the dicewarewordlist.pdf. This is your tool to create a really good WPA2 passphrase. The passphrase must be longer than 20 characters, using a splattering of unusual characters. Most of you who actually attempted to put some form of security on your wireless router would be using 20 characters, or less, dictionary word based passphrase, and hackers are laughing. It has been known for many years that a WPA 20 characters, or less dictionary word based passphrase is easily broken.
Now you take the dice, and dice word list into a room and close the curtains. Why the drawn curtains? Every secret agent worth his salt knows they they can now read what you're typing from the reflections in the window. Also, don't leave your keys to your computer room lying around because they can now make key duplicates from a photograph. Boy, don't you know anything?
After you have created and memorized the secure passphrase key, you can burn it, pulverize it in a mortar and pestle, and flush it down the toilet. Make sure you flush twice. Ok, a bit over kill for most of you. One flush is probably enough. Write it into your secret code book because it's going to be so complicated, most of you won't remember it anyway. Don't store it in your computer.
Are you still with me secret agents? Now we have to enter the key into the WPA2 / AES wireless setting in your wireless device. Man this is all ridiculous, you're telling me. I haven't finished yet!
1. Turn off SSID broadcasting in your broadband modem or wireless router. The SSID is the WiFi station name. Don't use the factory default SSID, change the SSID wireless ID to a very unusual set of characters.
2. Turn off DHCP auto IP address assignment and assign all your network IP addresses manually.
3. Turn off WAN if you don't need it.
4. Turn off high power wireless transmission, if you don't need it. If your leave these two things on you will have created a very powerful radio station transmitting your presence into the suburb. Not good for secrecy!
5. Turn off your computer, wireless router, and broadband modem, when not in use. This significantly lessens the opportunity for the bad guys to break in. It will also help the planet and your hip pocket, by using less electricity, thus lessening the production of green house gases. Read my previous blog on this subject.
6. Turn off the UPNP (Universal Plug and Play) feature. IMPORTANT, also turn off UPNP in your Broadband modem if it is a separate device. NOTE: Xbox, video streaming, and VIOP devices may stop working when you do this. UPNP is really a big break in vector for most wireless routers and broadband modems! Incidentally, UPNP will be a big feature of the newest high speed wireless routers that will arrive soon!
7. Make access to your wireless router more difficult by turning on access controls. This means that only a machine with a particular device MAC address, or IP address on your network has the ability to connect to your wireless router, to change the wireless router settings.
8. Make sure the firewall is turned on and set to high, if possible. If things stop working, drop it a notch.
9. Change the gateway address of your broadband modem from the standard factory addresses of, 192.168.1.254, 192.168.1.1, 192.168.0.1, 10.1.1.1, or 10.0.0.138, Use anything other than these numbers. These numbers make it so much easier for hackers to guess your network set up. Once you have done this, enter the new gateway address into the wireless router.
10. Update the firmware of your broadband modem model. This is important as it fixes security holes that were found after manufacture.
If you have read this far, you have earned your secret agent certificate.
This is the simplified version!
Yes, there is also more you could do.
Now you may see why I suggest turning off your WiFi, and plugging your computer directly into your broadband modem with a network cable. It is simpler, faster, safer, and more reliable.
A university created a concept virus for wireless systems. They let the virus go in wild in their local town and found the only thing that stopped it spreading further was the local river. Just like one person catching a cold, and then giving it to anyone who comes in close contact.
© 2008 Peter Daley, updated 2019.
Disclaimer: This is an amateur volunteer run service. Human error can provide incorrect information, and equipment malfunction can produce false readings. Do not rely on, or take action upon information presented on this web site or at SCCC activities, without further research. Views expressed in the pages, images, or tutorials on the SCCC Inc., web site or presented at venues, maybe the personal opinions of the relevant writers or presenters, and are not necessarily representative of those of SCCC Inc.