How to Secure Wireless Routers
With wireless fast becoming the easiest and most economical way
to set up a home network, we get lots of questions about how to
make sure it's secure. Here are some tips for securing your
wireless router/access point and computers with wireless
- Change the defaults. Wireless routers and access points
come with a preset administrator password and SSID (network
name). These are usually the same for all routers/WAPs of that
model, so it's common knowledge to tech savvy folks. A hacker
can use that info to change your WAP settings or connect to
- Turn off SSID broadcasting. This makes your network
visible to anyone in the area who has a wireless-equipped
computer. Turning it off doesn't hide it from WLAN "sniffers"
but it does keep casual browsers from knowing it's there.
- Turn on MAC address filtering. This allows only computers
whose MAC addresses have been entered by the WAP administrator
to connect to the network. It's not foolproof since some
hackers can spoof MAC addresses, but it provides a layer of
- Assign static IP addresses to your wireless clients and
turn off DHCP, so that unauthorized persons who try to connect
won't automatically get an IP address.
- Use encryption. And use WPA (Wi-Fi Protected Access)
encryption instead of WEP (Wired Equivalent Privacy). For
instructions on how to configure WPA in XP, see:
- Turn the WAP off when you aren't using it. This will
prevent "war drivers" from connecting to your network and
using your Internet connection or accessing the computers on
- Limit signal strength. The typical range of an 802.11b/g
wireless access point is about 300 feet. If you use a high
gain antenna, that can be extended considerably. Only use such
an antenna if you must, and if possible use a directional
antenna that will only transmit in one direction. Test the
signal strength to see how far it extends outside your house
and grounds and adjust the positioning of your WAP and antenna
to limit it.
- If you're really worried about security, use 802.11a
equipment instead of the more popular 802.11b and g. It
transmits on a different frequency and can't be accessed with
the built-in wireless adapters included in most new laptop
computers. It also has a shorter distance range.