If you have a wireless router (both router and wireless access point functions built-in to the same device), there's one more setting you might want to consider.
On these devices there's usually an option to disable wireless administration. This means that you can only make configuration changes while connected via ethernet cable. That way, even if someone gains access to your wireless network, all attempts to gain access to the router will be ignored.
David
March 8, 2009 7:15 PM
Hi Leo,
I don't know how to configure my settings so the encryption is WPA. if says my encryption is wep right now. This means that it is easier to hack correct? I had no choice on encryption options when I set up the router. I was wondering how to change the settings of the router (if it is via installation disk or something else)?
Not something I can answer. It depends on the specific model of router you have. Normally it's done with a browser interface, but you'll need to check your router's documentation.
- Leo 09-Mar-2009
mishel
March 9, 2009 5:57 PM
if this is a wireless router, you may also want to enable Wireless MAC filtering.
As I understand it, MAC filtering is kinda pointless. For one thing, MAC addresses are not part of the encrypted data, so they're sent in the clear, and they're also very easy to spoof. Someone could sniff your traffic, find a MAC address that you've allows through, start spoofing that address and get on your network. Using WPA with a strong passphrase is much more secure.
- Leo 10-Mar-2009
MajorDad
March 9, 2009 6:07 PM
Wireless MAC filtering is the only way to go as both WEP and WPA encryption have been hacked. MAC address filtering ensures that only computers with the MAC address you specify in the router can connect to it.
WPA has not been cracked - that's a misunderstanding of something else. As mentioned above, MAC addresses are easily seen and spoofable.
- Leo 10-Mar-2009
MajorDad
March 9, 2009 6:08 PM
Forgot to mention that it's also good practice to stop broadcasting your SSID.
There's not much value in hiding the SSID. As I understand it, the SSID is still visible within packet traffic and sniffable. Once WPA with a strong passphrase is by far your best protection - with that it doesn't matter if your SSID is broadcast or not.
- Leo 10-Mar-2009
Hans Jonson
March 10, 2009 8:32 AM
Don't forget to update the firmware of the router occasionally.
Jim
March 10, 2009 8:37 AM
Regarding the original question on CISCO, they do make a home-level router: Zonealarm Z100G which has antivirus, antispyware and a robust firewall BUILT-IN to the hardware. The AV and Antispyware is updated automatically like that on your computer. I have been using the Z100G for a year and it has cut 99% of the spyware and viruses off that I used to get at my computer. Further, it blocks hack attempts at the router rather than letting them flow to my computer for software blocking. (I can see the IP addresses of these hack attempts in the log.) This router acts much like the Enterprise Cisco router most of us are used to using at work.
Mike Obrien
March 10, 2009 1:55 PM
Leo,
I have two Linksys routers, one a standard W54 wireless and one that a Verizon or Sprint aircard plugs into for remote site internet access. From the standpoint to who can access either wirelessly, am I wrong to rely only on router mac address filtering? Logic would suggest the router will only talk to the two laptops whose mac id's are entered into the router table. Greatly appreciate your newletter and expertise...mike
MAC address filtering is not reliable. MAC addresses are easily spoofed.
- Leo 12-Mar-2009
Rayw2082
March 12, 2009 10:40 AM
How does one change the password? Where are the controls and settings for the router? Mine is a 2Wire system.
I has a belkin fsd7230-4 model type
and it stopped working after some time
so i got a new router which is cisco wrt54g but how do i know when i search for devices.. which one my new router really is? right now i dont know if im using my routers route or some other routers route.
i just want to use mine and secure it
please inform me what im doing
If the old one has been removed, and the new one installed, and your internet now works, it seems like it must be working.
Comments
Read the article that everyone's commenting on.
March 8, 2009 7:09 PM
Hi Leo,
If you have a wireless router (both router and wireless access point functions built-in to the same device), there's one more setting you might want to consider.
On these devices there's usually an option to disable wireless administration. This means that you can only make configuration changes while connected via ethernet cable. That way, even if someone gains access to your wireless network, all attempts to gain access to the router will be ignored.
March 8, 2009 7:15 PM
Hi Leo,
I don't know how to configure my settings so the encryption is WPA. if says my encryption is wep right now. This means that it is easier to hack correct? I had no choice on encryption options when I set up the router. I was wondering how to change the settings of the router (if it is via installation disk or something else)?
09-Mar-2009
March 9, 2009 5:57 PM
if this is a wireless router, you may also want to enable Wireless MAC filtering.
10-Mar-2009
March 9, 2009 6:07 PM
Wireless MAC filtering is the only way to go as both WEP and WPA encryption have been hacked. MAC address filtering ensures that only computers with the MAC address you specify in the router can connect to it.
10-Mar-2009
March 9, 2009 6:08 PM
Forgot to mention that it's also good practice to stop broadcasting your SSID.
10-Mar-2009
March 10, 2009 8:32 AM
Don't forget to update the firmware of the router occasionally.
March 10, 2009 8:37 AM
Regarding the original question on CISCO, they do make a home-level router: Zonealarm Z100G which has antivirus, antispyware and a robust firewall BUILT-IN to the hardware. The AV and Antispyware is updated automatically like that on your computer. I have been using the Z100G for a year and it has cut 99% of the spyware and viruses off that I used to get at my computer. Further, it blocks hack attempts at the router rather than letting them flow to my computer for software blocking. (I can see the IP addresses of these hack attempts in the log.) This router acts much like the Enterprise Cisco router most of us are used to using at work.
March 10, 2009 1:55 PM
Leo,
I have two Linksys routers, one a standard W54 wireless and one that a Verizon or Sprint aircard plugs into for remote site internet access. From the standpoint to who can access either wirelessly, am I wrong to rely only on router mac address filtering? Logic would suggest the router will only talk to the two laptops whose mac id's are entered into the router table. Greatly appreciate your newletter and expertise...mike
12-Mar-2009
March 12, 2009 10:40 AM
How does one change the password? Where are the controls and settings for the router? Mine is a 2Wire system.
13-Mar-2009
March 12, 2009 12:43 PM
I has a belkin fsd7230-4 model type
and it stopped working after some time
so i got a new router which is cisco wrt54g but how do i know when i search for devices.. which one my new router really is? right now i dont know if im using my routers route or some other routers route.
i just want to use mine and secure it
please inform me what im doing
13-Mar-2009
To post a comment on "How do I secure my router?", please return to that article's main page.