HOW  TO  SECURE  A  WIRELESS  NETWORK

When you order Broadband from an Internet Service Provider (ISP), such as TalkTalk or BT, they normally send you a parcel containing a Broadband Installation CD and a Wireless Modem/Router (i.e. the Huawei Echolife HG520b wireless modem/router). A series of letters will also have been sent to you that combine to make up your broadband User Name and Password. After opening the parcel and installing the Broadband Installation CD together with the Wireless Modem/Router you are ready to search the internet, download music, check your email and so on. All is well....or is it?

When you install a Wireless Modem/Router you must make sure that either the router has, by default (normal settings), disabled your Wireless Network (disabled the beaming of your Network Information through the air waves) or has at least enabled your Wireless Network with a Network Key (Security Password). If you have your Wireless Network enabled without a Network Key other computers will be able to share your Wireless Network and use your Broadband Internet Connection.


Basically. Any data (i.e. web page data, file data and so on) they send/receive through your wireless network uses your broadband internet connection to do so. Therefore not only are they using your broadband internet connection to view web pages on their computer, coming through your wireless network, but they are also robbing your broadband bandwidth (i.e. monthly download usage) and your broadband speed. If you and they are using your 8 MegaBytes broadband internet connection at the same time you get a speed of 4 MegaByte each because you are both sharing the 4 MegaBytes.

LOGIN  TO  THE  ROUTER

To enable a disabled wireless network or to change the network key (security password) for an enabled wireless network you must logon to your router's Control Panel. This is done by first typing the router's IP Address into internet explorer's Address Bar edit box (Fig 1.0) and pressing the ENTER keyboard key (or clicking on the ARROW/GO button). Doing so makes the router's login web page appear whereby you then need to type your router's User Name and Password into the relevant edit boxes. These details should be in the router's documentation (i.e. PDF manual), usually found on its accompanying Installation CD, and/or on the back of the router for example.

The default (standard manufacturer's) ip address for the Huawei Echolife HG520b control panel is 192.168.1.1, with a user name of admin and a password of admin or password. Most companies use 192.168.0.1, 192.168.1.1 or 192.168.2.1 as their ip address, with admin or administrator as their user name and password, admin or blank (empty/no password) as their password. So if you are stuck, try one of those combinations. Furthermore, Click Here for a list of default passwords associated with common router control panels.

Wireless Security Explained

Fig 1.0 - Type your router's IP Address into internet explorer's Address Bar edit box and then press ENTER

Wireless Security Explained

Fig 1.1 - Type the router's User Name and Password into the relevant edit boxes

After logging-in to your router's Control Panel (web page) look on the left side for a heading called BASIC, WIRELESS or WIRELESS LAN, normally located towards the top or middle of the left side panel. Underneath that heading could be sub-headings called WIRELESS SETTINGS, WIRELESS SECURITY and/or WIRELESS LAN. You need to click on the one that has the security settings on its web page. In this example, using the TP-Link TL-WR1043ND Wireless Router, the heading is called WIRELESS and the sub-headings are called WIRELESS SETTINGS and WIRELESS SECURITY; so I need to click on the WIRELESS heading first and then on the WIRELESS SECURITY sub-heading to continue. On the Huawei Echolife HG520b modem/router you just need to click on the WIRELESS LAN heading.

Wireless Security Explained

Fig 1.2 - Click on the WIRELESS heading and then on the WIRELESS SECURITY sub-heading to continue

Wireless Security Explained

Fig 1.3 - The Wireless Security web page for the TP-Link TL-WR1043ND Wireless Router

When the Wireless Security, Wireless Settings or Wireless LAN web page appears there are normally security options on it, such as DISABLE SECURITY, DISABLE ACCESS POINT, WEP/WPA/WPA2, BROADCAST SSID, ENABLE SSID BROADCAST, ENCRYPTION, PRE-SHARED KEY and so on. Not necessarily all on the same web page and not necessarily all available. They might also be split over two or more web pages (sub-headings), as is the case with the TP-Link TL-WR1043ND Wireless Router. It has them split over the WIRELESS SETTINGS and WIRELESS SECURITY web pages. With the Huawei Echolife HG520b modem/router most of its security settings are on its WIRELESS LAN web page.

The major security options you need to locate are usually called ENABLE Access Point, WPA-PSK (amongst others options), ENABLE Network Key and the Network Key itself (explained below). With router control panel settings varying from manufacturer to manufacturer it is difficult for me to be router specific here! For example: The TP-Link TL-WR1043ND Wireless Router has a DISABLE SECURITY button, but not an ENABLE SECURITY button simply because when you add security details it treats the security as enabled already.

ENABLE  /  DISABLE  WIRELESS  NETWORK

In the above example the security is disabled (DISABLED SECURITY). If you want to enable the security, which basically means enable the existing wireless password for the wireless network, you normally have to click on an ENABLE or ENABLE ACCESS POINT button first and then fill in the wireless network details (i.e. give the wireless network a password). This is true of the Huawei Echolife HG520b wireless modem/router, but with the TP-Link TL-WR1043ND wireless router that first step is not needed. All you need to do to enable the security (enable the existing wireless password for the wireless network) for that router is click on its WPA/WPA-PSK - PERSONAL radio (circle/dot) button.

Wireless Security Explained

Fig 1.4 - Click on the WPA/WPA-PSK - PERSONAL radio (circle/dot) button to enable the wireless security

Clicking on the ENABLE or DISABLE button (or equivalent of) should not enable or disable the wireless security (i.e. wireless password) straight away because you normally have to click on a SUBMIT, SAVEor OK button at the bottom of the settings web page before the action can be carried out. This usually applies to other options too.

CHANGE  WIRELESS  NETWORK  NAME

When you first install a router, usually via its Installation CD, during the set up process the router/software might give the Access Point (Wireless Network) a default Wireless Network Name (also known as a SSID - Service Set IDentifier) based on the manufacturer and/or router model number (i.e. NetGear-N23) or name of your broadband company (i.e. TalkTalk9j866). The default Wireless Network Name (SSID) may seem okay at first, but when you look at a list of Wireless Network Names (SSIDs) in order to connect to your particular Wireless Network (Access Point) you may be confused as to which one is yours, usually because your neighbours have a similar router and/or are with the same broadband company.

The just said is one reason why you should change the Access Point's (Wireless Network's) default Wireless Network Name (SSID) to something more meaningful. Another reason is because in an office environment for example, with different routers and perhaps different departments, it is a good idea to distinguish each access point (wireless network) with a unique ssid (wireless network name). Remember: Other devices/computers with wireless capabilities will be able to see and connect to the wireless network (access point) via its wireless network name (ssid), hence another reason to change the ssid.

Wireless Security Explained

Fig 1.5 - Change your Wireless Network Name (SSID), if need be, and make sure it is being broadcast (displayed)

One way to make an access point (wireless network) a little more secure is to use the 'hide ssid' function on its router. In the above example the ssid is enabled - The setting called ENABLE SSID BROADCAST is ticked (switched on), which means the ssid (wireless network name) is being broadcast (displayed) for other devices/computers to see in their list of 'wireless networks available'. This in turn means those devices/computers can connect to this particular wireless network (access point) if they know the password associated with its ssid (wireless network name). By unticking the ENABLE SSID BROADCAST setting the ssid, called Cairns in this example, will become hidden whereby only those people who know of its, hidden, existence will be able to connect to it; if they know its password of course.

Note: As you can see; on the TP-Link TL-WR1043ND wireless router the security settings have their own web page and the access point settings (i.e. ssid and channel settings) have their own web page. Under the sub-headings of Wireless Security and Wireless Settings respectively.

The above Access Point (Wireless Network) was using the Wireless Network Name (SSID / Service Set IDentifier) of TalkTalk9j866, but I have since changed it to Cairns by typing Cairns into the SSID edit box. NOTE: If you have two access points (i.e. two routers or one router and one range extender) they can have wireless networks using the same wireless network name simply because they are using different routers; just the same as different computers can have the same user name and/or computer name.

Regardless if you change a wireless network's name (ssid) or not, make sure it is being broadcast so that other devices/computers can see it. On some routers the broadcast setting might be an ENABLE SSID BROADCAST setting (as above) or a simple YES button/check box (tick box) next to an option called BROADCAST SSID for example. If the wireless network name (ssid) is not being broadcast your computer, and other devices/computers, may have difficulty connecting to it even if the wireless network name (ssid) and network key (password) are known.

CHANGE  WIRELESS  NETWORK  CHANNEL

If you are getting interference from one or more other wireless networks in your area, or from a satellite dish for example, you might want to change the channel your router broadcasts on. The option for this is normally called CHANNEL or CHANNEL ID and comes in the form of an edit box or drop-down menu.

Wireless Security Explained

Fig 1.6 - Click on the CHANNEL drop-down menu and then select a different channel for your router to broadcast on

Routers these days come with 13 Channels but in some cases their frequencies are so close together that there is no noticeable difference when using, or switching between, channels 7 and 8 for example. Therefore I would recommend stepping/gapping through the channels first - Try channels 9, 5 and 1 in turn for example so that the frequency gap between them should make a difference. Also check what frequency your neighbours are using with their routers, if possible, because sometimes all routers use channel 11 for example. Using a tool such as InSSIDer could help. Saying this; many, if not all, routers these days are set to AUTO by default whereby they have the ability to switch channels if they feel a particular channel is being used by too many devices/computers.

CHANGE  WIRELESS  NETWORK  ENCRYPTION

There are two basic types of encryption (data security) for routers and their broadcasting of data, and they are WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). To cut the technicals! just note that you should, ideally, being using the WPA-PSK option with the TKIP security protocol/algorithm. PSK stands for Pre-Shared Key. These options are meant for Home and Small Office wireless networks. The AES security protocol/algorithm is more secure (has better encryption) than TKIP but is meant for big business organizations. And the same applies to WPA2-PSK, which is more secure than WPA.


After selecting WPA-PSK, which should default to using the TKIP security protocol/algorithm, you can then type a new Network Key (Security Password) inside the PRE-SHARED KEY, NETWORK KEY or WIRELESS PASSWORD edit box, if it is empty or needs changing of course. If it is not empty, perhaps because the router is using a default (standard) network key or because someone has put one there for you already, either keep it (if you still know what it is) or over-write it with a new network key. Regardless if you use a new network key or keep the existing one, write it down on a piece of paper for safe keeping and then click on the APPLY, SAVE or SUBMIT (or whatever its called!) button at the bottom of the web page to save/activate your new network key (below). This will now secure your wireless network from outside intruders.

Wireless Security Explained

Fig 1.7 - Typical wireless security settings for the TP-Link TL-WR1043ND wireless router

In the above example I chose to mix the network key (wireless password) with Numbers, Words and symbols (the underscore and dash) in order to make it more difficult for a human and computer to guess/hack. I did not put my Birthdate, Mother's Maiden Name and so on because they might be too easy for a human or computer to guess/hack. I chose something I considered unique, but reasonably easy to remember. In general that is a good example because it is better to use Capital letters, underscores, numbers and dashes among other characters.

NOTE: Some routers hide your passowrd (network key) with black dots, which is okay if you know what you are typing and to hide it from onlookers but not so good months later when you have forgotten your password whereby you login to the router's control panel and view the password only to find you can not see it because it is covered in black dots! As you can see; the TP Link router above does not hide the password.

CHANGE  WIRELESS  ROUTER  PASSWORD

With the outside intruders taken care of you must then take care of the inside intruders. Meaning: Anyone who has a connection to your unsecure, or secure, wireless network can gain access to your router's control panel using its default User Name and Password. Therefore they might be able to change your Network Key and other settings remotely, depending on how weak your router's control panel is. So the next step is to find a heading called MAINTENANCE, SYSTEM TOOLS or something along those lines and then look for a sub-heading called SET PASSWORD or SYSTEM MANAGEMENT for example. Once found, you should then be able to change the router's control panel password.

Wireless Security Explained

Fig 1.8 - Click on the PASSWORD link, give the router a NEW Username and Password and then click on the SAVE button

The PASSWORD page normally asks for the Old Password, as well as the New Password (which needs reconfirming), so that when you click on the APPLY, SAVE or SUBMIT button (or whatever) the old password can be validated. If the old password is not valid the new password will not be allowed. The old password is the password you logged-in with to get to your control panel in the first place, which could now be different from the default password if you or someone else set up the router before with a different password. In the above example I can change the User Name too, which is always a good idea.

BACKUP  WIRELESS  ROUTER  SETTINGS

To backup your router's current settings look for a sub-heading called BACKUP SETTINGS, SYSTEM MANAGEMENT or BACK & RESTORE under the heading MAINTENANCE or SYSTEM TOOLS (or whatever). Ideally you should backup your router's original manufacturer settings, from scratch, before changing any settings whatsoever; preferably with a file name like: original_router_settings.bin. That way if anything goes wrong in the future you can reload (open) the saved, original manufacturer's, settings. If you now change those setting save them with a different file name (i.e. customised_router_settings.bin).

Wireless Security Explained

Fig 1.9 - Click on the BACKUP button to save your router's current settings


Wireless Security Explained

Fig 1.10 - Click on the SAVE AS button to give the configuration (settings) file a better file name


Wireless Security Explained

Fig 1.11 - Click on the SAVE button to actually save the configuration (settings) file

As you can see, the save process is more or less the same as saving a standard file using the SAVE AS File Requester. In the above example I navigated the SAVE AS file requester to my DOCUMENTS folder, DONT_DELETE sub-folder, and then saved the backup file (configuration/settings binary file) with a new file name of 'cusomised_router_settings.bin' instead of its default file name of 'config.bin'.

SAME  WIRELESS  ROUTER  -  DIFFERENT  BROADBAND  COMPANY

If you want to use your router with another ISP (Internet Service Provider / Broadband Company), such as BT instead of TalkTalk, begin by changing the broadband user name (login name) and password of the old ISP (i.e. TalkTalk) for the broadband user name (login name) and password of the new ISP (i.e. BT). This may be all you need to do to get your new isp's wireless (broadband connection) settings working with your existing router. On the other hand, you may need to change one or more of the above settings before all is well. Either way, do not think a router is made just for one isp just because they supplied you with the router. The router should, in theory, work with any isp's wireless (broadband connection) settings and your own wireless network.

Wireless Security Explained

Fig 1.12 - Change the USER NAME and PASSWORD details if you want to use your router with a different ISP (Broadband Company)

The above examples used a TP-Link TL-WR1043ND wireless router. If you are using a different branded wireless router (i.e. NETGEAR DG834G) or a different branded Huawei Echolife wireless modem/router its control panel settings should still be roughly the same as those described above bar the odd difference in setting names and headings. In other words, you should be able to secure your wireless network as described above, bar those odd differences. The broadband user name and password, by the way, are normally found under a heading or sub-heading called NETWORK or WAN (Wide Area Network).

If you are a member of TalkTalk you may find these pages useful: HOW DO I SET UP MY ROUTER? and HOW DO I SETUP A ROUTER THAT'S NOT FROM TALKTALK?. TalkTalk also have this MEMBERS FORUM.