Reply
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

How to Secure a Wireless Router

[ Edited ]

Comcast's High Speed Internet service is a wonderful thing, and many of us have come to depend on it for many things, from sending email to friends and family, to playing games, to managing our finances, to working at our jobs at home. In households where there is more than one computer, it's becoming more and more common to see routers used to network these computers together to share the same Internet connection. Wireless routers are a very popular choice, especially with laptop users and in those places where it's impractical to run an ethernet cable. But along with them comes some extra security concerns specific to wireless that should be addressed so the user's computers and network are not exposed to needless risk from the more unsavory elements in the Internet community. Since you do not need direct physical access to use a wireless router, how do you ensure that only you and those you approve can use your router? Thankfully, that's an easy question to answer. The router itself can help you with this, it has many configurable options that allow you to control its wireless function so that you can be as secure as you like.

I'll walk through a typical wireless router setup using the Linksys WRT54G as my example. I'll describe the various options that effect wireless security and you can decide what settings are right for your particular situation. Wireless routers come in all shapes and sizes and they don't all share the same options, so I may describe an option your router doesn't have, or you may have an option mine lacks. When in doubt, RTFM. Let me say that again, READ THE DARN MANUAL! Phew, glad I got that off my chest. Your router's manual is an invaluable source of information about your specific model, use it.

At the bottom are links to other posts which describe connecting to a secured router from XP, Vista, and a Mac.

Here come the details, so take a deep breath and dive right in...

Router Configuration
To change these router options, we're going to be using the WRT54G's Web based Setup pages. Most routers have a tiny built-in webserver you can just point your favorite browser at, login, and make whatever changes you need. On my router, I simply use http://192.168.1.1 (which is just the router's LAN side IP address). This is pretty standard on most Linksys routers. Other manufacturers might use http://192.168.0.1 or http://192.168.2.1, or http://10.0.0.1, for example. Consult your pesky documentation for what you should use on your router. Once connected, you should be presented with a login dialog that looks similar to this. Enter the router's administration password and press OK. The default password on Linksys routers is usually "admin" with no userid. You should then see your router's home page. Take a few minutes, poke around and familiarize yourself with the way your router's website works and where the various pages and options are. One important thing to note with Linksys routers, once you make a change to an option, be VERY CERTAIN to click on Save Settings at the bottom of the page or you will never actually turn that option on. So anywhere I say change an option, remember to hit Save before you continue to another page or the change will be lost. You have been warned :smileyhappy:.

Now let's get right down to the security changes:

1. Change the router's administration password. Strictly speaking this option has nothing to do with the wireless function itself but since it's such basic security, it bears repeating. Your router comes with a default password, but everyone knows what this password is, so it's no protection at all. Change it to something only you know. On the WRT54G, go to the Administration --> Management page, enter the Router Password and confirm it. Then press the Save Settings button at the bottom of the page. You will be presented with a logon dialog again, just use the new password.

2. Disable the ability to get to the router's web setup pages from a wireless system. This is probably of minor usefulness, but I like to be as thorough as possible. Disabling this option means you have to use a system directly connected to the router (or through the Internet, more on that in a minute) in order to make changes to the router. A couple of caveats here. If you only have wireless systems, leave this enabled or you won't be able to control your router! Also, if you're doing this procedure from a wireless system, you'll need to move to a wired system to complete further changes. So think about your needs before clicking here. On the WRT54G, this option is "Wireless Web Access" on the Administration --> Management page. Don't forget Save Settings to lock the change in.

3. Disable the ability to control to the router from the Internet. By default this option ("Remote Management") should be disabled and you should leave it that way unless you have a specific need to allow this. Valid reasons include: you're away from home and need to adjust the VPN passthrough settings, or you want someone on the Internet to help you do some troubleshooting, etc. Bear in mind that you have no control over WHO on the Internet is allowed to connect, other than controlling the password. Think long and hard before enabling this option. If you do, consider using HTTPS so that information going back and forth to the connected user is encrypted and protected from prying eyes. You will find this option on Administration --> Management page.

4. Disable UPnP. This is just plain evil and allows a program to configure the router without your knowledge. Unless you have some very specific need for this, disable it. Again, on the Administration --> Management page.

5. Disable SSID broadcasting. By default, most wireless routers sit around constantly shouting to anyone in range who can listen "HELLO OUT THERE! I'M RIGHT HERE AND MY NAME IS XYZ! COME USE ME!". Not very secure. What you want is an access point that sits there quietly and unobtrusively until someone comes along who already knows the access point is there AND knows its name. In order words without foreknowledge, the access point is mostly invisible. Now the more knowledgeable among you might be saying "Hold on, that's not true!" and you'd be technically correct, but this will prevent the majority of ne'er-do-wells from finding you, and that's a good thing. It's true a really smart and determined hacker will still know you're there, but that requires smarts and effort which is severely lacking in your typical script-kiddie. Now when you do this, the onus is now on you to specifically configure your various wireless clients with the proper (case sensitive) SSID for your wireless router. Since the router is no longer broadcasting, you can't bring up the XP wireless client (for example) so you can see your router. You have to add it by hand. This is a simple process, just see the instructions for your wireless client on how to do this. Change this option with Wireless SSID Broadcast set to Disable on the Wireless --> Basic Wireless Settings page and press Save Settings.  EDIT 08/24/2011: I have decided to remove this section, not because it's a bad idea (I do it here), but because it has the side effect I mention above about making it harder to connect (which is it's purpose).  With the proliferation of wireless devices (cell phones with WiFi, iPads, laptops, blue-ray players, game systems, etc), more and more folks with limited wireless knowledge find connecting to their router much harder if the router is not broadcasting.  After trying to explain unsuccessfully to countless people why their wireless network really IS there, I've decided this option is more trouble than it's worth for most folks.  So from now on, I only recommend this option for people who have a solid technical understanding of their wireless network and how turning off SSID broadcasting effects their wireless client setup.

6. Change the default SSID (or Service Set Identifier) to something unique. A wireless access point has to have a name associated with it called the SSID. All the access points (there might be more than one, but in our setup there is only one, the wireless router itself) in a single wireless network will share the same name and the same security setup. Most routers come with a default value here. For example, all Linksys wireless access points have a default SSID of "linksys" (original, huh?) You want to give your router a unique SSID that only you know. The SSID must be no more than 32 alphanumeric characters and it IS case sensitive, so that "charlie" is different and distinct from "Charlie". Supply your chosen SSID in the Wireless Network Name field on the Wireless --> Basic Wireless Settings page.

7. Enable Wireless MAC filtering. Please do not confuse MAC (media access control) address with the Apple Macintosh computer, they are two totally different things. Each wireless adapter has a unique hardware address that can be used to identify that particular wireless adapter. The router has the ability to accept or deny connections based on this MAC address. You can set this up to deny or allow access to a list of specific MAC addresses. I use the more restrictive of the two, which is only allow access to MAC addresses I have listed. On the Wireless --> Wireless MAC Filter page, select Enable for Wireless MAC Filter, select Permit only, press Save Settings, then press Edit MAC Filter List, enter your wireless adapter's MAC address in the list, press Save Settings and you're done. To find your adapter's MAC address, on XP/2K /ME, use the command ipconfig /all and find the Physical Address field for the wireless adapter. On 95/98, use winipcfg and select the wireless adapter, you're also looking for Physical Address. On Linux, use /sbin/ifconfig and you're looking for "HWaddr". On the Mac, ifconfig also works in the Terminal, and here you're looking for the "ethernet" field which is kind of misnamed, or you can also use Applications:Utilities:Network Utility and on the Info tab select the wireless adapter (on my PowerBook, it's en1) and you want the Hardware Address.  For those that have lots of people or devices coming and going and want to allow access, this option can be troublesome and I would recommend turning it off in those situations.  Also remember this a year down the road when you have a fancy new iPad that you are trying to connect and it won't work, did you remember to add the new device's MAC address to the table if you this option enabled?

8. Turn on wireless encryption. This is the single most important thing you can do to secure your wireless router. There are two main encryption methods in use at this point, the older and not very secure WEP, and the newer, more secure WPA. Unless you have some overriding reason to use WEP (like your adapter driver won't support WPA), stay far away from it. It's easily cracked and there are open source programs that do this. Last resort use only and then you must change the keys OFTEN (once a week at least). Always use WPA whenever possible. To activate WPA, go to the Wireless --> Wireless Security page, select WPA Personal for Security Mode, AES for WPA Algorithms (don't select TKIP, it's been partially cracked), and some phrase for the WPA Shared Key. The key phrase must be between 8 and 63 characters long.  the more random the better.  Short phrases made up of common words found in the dictionary are not good choises since there are brute force dictionary attacks that can crask WPA if you choose such a weak passphrase.  If you have WPA2 Personal avaliable to you, that's a better choice than WPA Personal since it requires AES. Press Save Settings to save the changes.

Mac OS X Wireless Client Configuration

How to Connect to a Secured Wireless Router - Mac OS X

If you are configuring a laptop like a PowerBook and use more than one wireless access point (or WAP) regularly, you can create new locations using the Apple -> Location -> Network Preferences -> Edit Locations option. For example, you can have a Home and a Work location, each of which has their own default secured network, or maybe you often meet friends at Starbuck's, you can create a location for that network as well. You switch locations easily by using the Apple menu on the menu bar, Apple -> Location and select the location you want. Makes going back and forth from your home network to the network at the office (or anywhere else for that matter) very simple.

XP Wireless Client Configuration

 

How to Connect to a Secured Wireless Router - Windows XP

Windows Vista Client Configuration

How to connect to a Secured Wireless Router - Windows Vista



26-Apr-2005 Added Mac OS X Panther client instructions
02-Mar-2008 Added Vista setup link
07-Nov-2008 Changed TKIP to AES as the preferred encryption algorithm

08-Nov-2008 Removed old Mac instructions, replaced with link to post with Mac instructions

18-Nov-2008 Added XP instructions link, finally!

24-Aug-2011 Changed my stance on #5 SSID broadcasting

 

Message Edited by Baric on 11-18-2008 03:28 AM
Most Valued Poster
DrDUH
Posts: 4,340
Registered: ‎03-18-2004

Re: How to Secure a Wireless Router

Very nice job
New Visitor
Posts: 17
Registered: ‎02-22-2005

Re: How to Secure a Wireless Router

"5. Disable SSID broadcasting. "

Note that doing this creates no end of problems with Windows XP SP2 clients. Those clients will associate with the "best" AP which broadcasts its SSID. And if a new AP comes online which broadcasts its SSID Windows XP SP2 will switch to that AP instead of the one it is currently associated with if the current one does not broadcast its SSID.

With problems like this the minimal benefit to be gained by not broadcasting the SSID just isn't worth it.

"7. Enable Wireless MAC filtering. "

It takes longer to setup MAC address filtering than it does to get around it. Applications to do it cane be easily downloaded for any OS you may be running.

WPA-PSK with TKIP or AES. The most important point when using WPA-PSK - make the passphrase at least 20 characters. Use uppercase, lowercase, symbols, spaces, etc. The longer the passphrase is, the better.
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

Keeska said:
Note that doing this creates no end of problems with Windows XP SP2 clients. Those clients will associate with the "best" AP which broadcasts its SSID. And if a new AP comes online which broadcasts its SSID Windows XP SP2 will switch to that AP instead of the one it is currently associated with if the current one does not broadcast its SSID.

No. If you are having such a problem, then you are misconfigured. As long as the target AP is moved to the top of the preferred list, and "connect when this network is in range" is checked on the Connection tab, this won't happen.

EDIT: And even if there is a problem in some specific situations (there are bugs in every piece of software), this won't be a problem for 99.99% of users since their router is going to be the strongest signal, in most cases. And if it isn't then there are ways to ensure that it is.

It takes longer to setup MAC address filtering than it does to get around it. Applications to do it cane be easily downloaded for any OS you may be running.

I think you're missing the point. You're assuming a knowledgable attacker. Security is made up of layers and this is just one more layer to jump over. It will stop the casual or accidental intruder, but like I said, it's no road block to the determined attacker. Just because someone of your knowledge knows how to get around it doesn't mean that's true of every intruder out there. If it stops even one, then it's worth it, in my opinion.

when using WPA-PSK - make the passphrase at least 20 characters

I agree with you, always use as complicated a password as possible, avoid words in the dictionary, etc. This is just common sense, but maybe it bears repeating.
Recognized Contributor
AlisMan
Posts: 1,210
Registered: ‎10-31-2004

Re: How to Secure a Wireless Router

I'm actually printing this for the fridge.
Regular Problem Solver
Posts: 2,846
Registered: ‎11-02-2003

Re: How to Secure a Wireless Router

Baric......
Kudos for your effort!! Sterling job...as I'm sure we've all come to expect from you!:smileyhappy:
Any chance the Mod(s) can make this a "sticky"? It'd sure save having to re-type that and would make it easier to "point out" to noobs....
Anyhoo....your efforts are truly appreciated, Baric!
Most Valued Poster
Posts: 7,832
Registered: ‎07-18-2003

Re: How to Secure a Wireless Router

Baric,

This is awesome! Just a couple of Belkin specific notes....

1) Belkin uses 192.168.2.1
2) You have to use IE when accessing the Belkin. Otherwise the changes won't take.

Not that this probably matters, since I'm the only one still using a Belkin router. :smileywink:
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

What's a Belkin???

Seriously, I've added a comment about that above. I don't want to get too buried in all the variations here, or this post would balloon to truly massive proportions. If you're using any other router besides the WRT54G, then consult your documention for the proper IP address and instructions on how to get the specific security options on your router.

I've trying to cut a fine line between explaining why I'm recommending a particular setting and giving too much detail that just makes peoples eyes glaze over. I think it's bigger than it needs to be right now, but better to give too much now and trim later than to be too sparse (I hope). I'll give this some time to settle and get some comments then do some trimming after I've added the XP client setup instructions, which is the missing piece atm.
Most Valued Poster
Posts: 7,832
Registered: ‎07-18-2003

Re: How to Secure a Wireless Router

> What's a Belkin???

There are days I ask myself the same question! :smileylaugh:
Contributor
Gregg
Posts: 23
Registered: ‎01-01-2004

Re: How to Secure a Wireless Router

Excellent post!!! I just set up my router, (WRT54GS), a few months ago with the help of these forums. I previously did everything in your post except:

4. Disable UPnP. This is just plain evil and allows a program to configure the router without your knowledge. Unless you have some very specific need for this, disable it.

What purpose would this serve? Can't think of one so I disabled it.

Thanks again for the helpful information. This post should be included with every router.
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

UPnP stands for Universal Plug and Play. It's a "standard" for allowing one network device to discover and configure another. The Microsoft implementation on Windows is well known to have some serious security flaws (some fixed, some not). There's no need for it, so just turn it off and never worry about it again.

You can learn more about it by doing a Google search.
Recognized Contributor
AlisMan
Posts: 1,210
Registered: ‎10-31-2004

Re: How to Secure a Wireless Router

UPnP is similar to CDP on routers and switches. It is best to disable this.
New Visitor
Posts: 1
Registered: ‎09-21-2003

Re: How to Secure a Wireless Router

Thank you for a very informative posting. I'll be receiving a laptop next week and plan to set up a wireless home network (1 desktop and 1 laptop). The info you posted will be quite handy and is much appreciated.

Are you planning to post the info on the client setup for XP soon?

One last thing to glean from your experience - if you were going to buy a new wireless router today, which one would you choose?

Thanks again
Arthur
Security Expert
CajunTek
Posts: 20,976
Registered: ‎10-07-2003

Re: How to Secure a Wireless Router

I believe Baric (who know wireless routers much better than I do).. Would reccomend this WRT54G Linksys router..
TANSTAAFL!!



Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

My XP system is having serious problems at the moment, so the XP client instructions will have to wait until the replacement components arrive and I can perform some surgery. Maybe a week, maybe longer :smileysad:

If I had to buy another wireless router today, I'd buy a Linksys WRT54GS, purely for the increased RAM and Flash it has (to play with custom firmware loads that are bigger than the stock Linksys loads). If you aren't going to mess with custom firmware, the slightly cheaper WRT54G will work just fine (it's what I have now).
Regular Contributor
Posts: 32
Registered: ‎08-12-2003

Re: How to Secure a Wireless Router

The Comcast-provider router that I have (Linksys WCG200) apparently doesn't allow me to disable SSID broadcasting. At least this isn't an available setting on the Comcast gateway page...
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

Look around a little bit, the regular WCG200 certainly does allow this. It's on the Wireless -> Wireless Security page, which is slightly different from where the WRT54G has it located.

I know Comcast loads a custom firmware, so I have no idea what their setup pages look like, but I find it hard to believe they would get rid of this option, it's so basic to wireless security.
Regular Contributor
Posts: 39
Registered: ‎08-07-2003

Re: How to Secure a Wireless Router

ANON24853
See your manual page 32

Wireless SSID Broadcast. When wireless clients survey the local area for
wireless networks to associate with, they will detect the SSID broadcast by the
Router. To broadcast the Router's SSID, keep the default setting, Enabled. If
you do not want to broadcast the Router's SSID, then select Disabled.

ftp://ftp.linksys.com/pdf/wcg200_ug.pdf
Contributor
Posts: 8
Registered: ‎02-09-2004

Re: How to Secure a Wireless Router

THANK YOU THANK YOU. OFF TO BUY THE ROUTER YOU RECOMMEND.
Thanks
Joyce
Visitor
Posts: 3
Registered: ‎02-26-2005

Re: How to Secure a Wireless Router

Thanks for the fabulous article on securing my router! I already had a laptop and bought a desktop this weekend. The guy sold me on a netgear and since I'm totally ignorant about this, I got it and tried to set it up. I followed all the instructions right out of the box and couldn't get anywhere (never even opened the wireless card, got stuck on the router). Of course, Comcast doesn't support netgear so they couldn't help (although they really tried!) and netgear wouldn't talk to me until I registered. I wouldn't register a product I expected to return and asked a geek friend who also said to take it back and get a linksys. When he got his it was still a wireless-b and he needed to be walked through installation but all worked out well. I got my linksys WRT54G, took it out of the box, followed the instructions and was up and running in no time. I came back here and followed the steps for securing it. This is critical information for newbies like myself who wouldn't even know there was an issue. Why don't you sell this as documentation to be included in the linksys package?! thanks.

BTW, I couldn't get anywhere using ipconfig/all on XP so I went through system info to get my adapter's MAC address. Simple solution for computer novices.
Message was edited by: Anon1240159
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

Anon1240159,

Glad this was helpful to you.

re: ipconfig, it's important to get the command just right. First it should not be run directly from Start -> Run, many folks make that mistake and see the command run and the output promptly disappear and they're left scratching their head. This command produces output on the console that executes the command, so it's important that the console stick around afterwards. Best way to ensure this is to start the Command Prompt up first (using either Start -> Run -> cmd.exe or Start -> All Programs -> Accessories -> Command Prompt), and then run ipconfig /all from the Command Prompt window. Another common mistake is to forget to put a space between ipconfig and /all. "ipconfig" is the command and "/all" is a command parameter and there needs to be a seperator between then, and the space is what is commonly used.

Hope this helps.
Regular Contributor
Posts: 37
Registered: ‎11-01-2003

Re: How to Secure a Wireless Router

First off, I would like to say thank you for taking the time to post all of this information. It looks like very powerful and useful information, IF a person knows what they are doing and what to change. I started reading this because I recently had to check something in my wireless settings so that I could finally get my son's Xbox wireless adapter to work. Having accomplished that, I was thrilled, but then I wanted to make sure we were still "safe" and that I hadn't done anything to change the security level on the computers, etc., so I clicked on this post and began reading. Now I am a little confused because if I read things correctly, I should disable my SSID for good security, yet I can't do that if I have Windows XP? Do I have that right or did I just misinterpret it somehow? I do have Windows XP and I had a heck of a time getting the Xbox Live to work but since I finally did do that, I am now a tiny bit concerned about the fact that the Xbox wireless adapter might somehow put us at risk by something it may or may not be broadcasting. I don't know if it makes any difference, but my router is a Linksys BEFCMUH4. Comcast set it up and I haven't changed a thing on it since. All I did to finally get the Xbox wireless adapter to work was go into the wireless settings page and copy the WEP Security Key to the Xbox Live Dashboard. Maybe I'm simply being paranoid but mainly, I just want to do what I can to keep us as protected as possible. But I guess, though you would probably find it hard to FIND the question in all of this, the question I am mainly asking is should I not be messing with any of these knowledgeable instructions in this post if I am running Windows XP? Hope that makes sense. I find all of the information on here very helpful and useful as a rule, but I am such a novice that it also can be very daunting and make me feel like I shouldn't attempt any changes if I'm not 100% sure what I'm doing before I change any settings. Obviously, common sense should prevent anybody from making changes to a computer if they don't know exactly what they are doing, but I have been told to do so much troubleshooting from different folks that I feel as though sometimes too much information can be harmful. I would appreciate any feedback you might be able to provide ont his. Thank you so much.
Marlene
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

MarleneH said:
Now I am a little confused because if I read things correctly, I should disable my SSID for good security, yet I can't do that if I have Windows XP? Do I have that right or did I just misinterpret it somehow?

You are misinterpreting it. I'm not sure what makes you say you can't do that on XP. The only reason I don't have XP instructions is becasue my XP system is seriously sick at this time and it's just no feasible for me to provide them until the problems have been corrected. And I do mention that in my instructions above. If you want XP wireless configuration instructions and don't want to wait for mine, do a Google search you will find tutorials on MANY places on the Net.

You will find some places recommend disabling SSID broadcasting, yet others say it's pointless with using WPA. There is a valid argument to be made both ways. I give my reasons for disabling it, but you can just as well choose to let it broadcast if you find the other position more compelling. I explain the steps I recommend and why, if you find you disagree with me, that's fine, it won't hurt my feelings :smileyhappy:.

I have no experience using a wireless link from an Xbox, but it all comes down to the exact same principles of wireless settings. The only difference is the client you're using to configure that device to match whatever you have setup on your wireless router. I would love to provide specific instructions for every concievable combination of devices but that's not practical. I have neither the time nor the equipment to do that. So I choose to provide an example using equipment that I have and that is very commonly used. I'm sorry you had such a hard time.

I am now a tiny bit concerned about the fact that the Xbox wireless adapter might somehow put us at risk by something it may or may not be broadcasting.

I'm not following you here.

Comcast set it up and I haven't changed a thing on it since.

I have no idea how Comcast set it up, so I really can't comment on that. But since you bought the Home Networking sevice and continue to pay for it each month, Comcast is obliged to provide support for this, including wireless security of all attached devices.

If you had to enable WEP on the Xbox to talk to the router, then it's secured (after a fashion). But WEP is useless as a security mechanism, it has many flaws and there are many freely available tools on the Net to compromise WEP in minutes. So unless you change your WEP keys frequently, you're as good as NOT protected.

the question I am mainly asking is should I not be messing with any of these knowledgeable instructions in this post if I am running Windows XP?

That fact that you are running XP has nothing to do with anything. I think you SHOULD make sure your wireless network is secure, irregardless of what clients run on it, but how you go about that is up to you. My recommendation is to educate yourself and do it yourself so that you know how to do and hwo to change it if you need to. But I recognize that there is a huge number of people who either don't want to or simply find it too intimidating and incomprehensible. In this situation, you have two choices. One is to ingore the issue and just stick your head in the sand and hope nothing happens (always a bad approach, if you ask me). The second choice is to get someone else to set it up and secure it for you. You have already chosen this 2nd option by having Comcast set things up, but now you're stuck with the downside, which is what happens afterwards when you have questions or changes? If you're going to have someone else set it up, I'd recommend you get a friend or coworker to help as opposed to paying Comcast. They can sit down with you and explain what they're doing and listen to your needs, and you can call them directly when you have a problem. Some will say you can do the same with Comcast, but as many of us know, Comcast's support record is less than sterling with it comes to providing accurate technical information and services.
Regular Contributor
Posts: 37
Registered: ‎11-01-2003

Re: How to Secure a Wireless Router

Thank you Baric. I hope I didn't post the message so as to give you the impression that I expected you to solve all of my computer woes as if you were my own private tech. When I read the original post my first thought was that I wished I had found it sooner. Then I must have simply misunderstood what you said about XP. I think truthfully I just got lost in the directions and maybe just read them too fast. The nice thing about using the instructions as given by you is that if someone does run into a problem, at least they can post back to you on here to ask questions. It's not always that easy when you are reading a manual or clicking on a link because oftentimes, they only take you so far and then you are left with more questions. It wasn't that I disagreed with you on the SSID matter . . . I just wanted to understand whether or not you were saying that if I had XP there was some reason I shouldn't do so. I definitely am not one to stick my head in the sand or hope that things never go wrong. That was the reason I was curious about whether my doing anything with the WEP key through the Xbox Live affected my security at all. I just plain don't know so I thought you might. I have read so many of your posts on here and they always seem to go right to the heart of folks' problems so I thought I would ask. But not to worry . . . I certainly didn't mean whatever I wrote to come off like I was complaining or somehow blaming you because I have had a hard time with configuration, and if it did, I certainly apologize.

As to the rest, when I had Comcast install the home networking equipment, I did believe that when I had a problem, they would fix it. I was very silly to believe that. As it turns out, almost every question I have called them about involving this network and troubleshooting, they have claimed not to be able to answer. Regarding Xbox, they were quite blunt about not dealing with that so I knew I was on my own though in the end, I did finally get someone FROM Xbox to answer me.

So I click on links and visit forums and read what I can to try and learn more myself and I will keep doing that. I just thought that maybe you knew something to suggest that might help me help myself to stay secure. How hackers can get into computers has always amazed me and I realize there is no 100% foolproof way to be safe, but I am trying.

So thanks again for responding. I do appreciate it.
Marlene
Message was edited by: MarleneH
Regular Contributor
Posts: 37
Registered: ‎11-01-2003

Re: How to Secure a Wireless Router

P.S. One more thing regarding this:

If you had to enable WEP on the Xbox to talk to the router, then it's secured (after a fashion). But WEP is useless as a security mechanism, it has many flaws and there are many freely available tools on the Net to compromise WEP in minutes. So unless you change your WEP keys frequently, you're as good as NOT protected.

Here's my question: Since it is a good idea to change the key frequently, does it matter how I change it? And by that I mean, I noticed that as it is now it is a series of letters and numbers. If I change that, can it be ANY series of letters and numbers and do they have to be the exact amount of characters as it is set now, or could I just change a few of them randomly from time to time? I apologize if I am asking something you may have addressed in a previous post but I am reading this one and so I thought it was worth an ask. Thanks again.
Bronze Star Contributor
Missy
Posts: 228
Registered: ‎03-03-2004

Re: How to Secure a Wireless Router

Baric,

Before I do anything, I need to know if there is anything I need to do different on an XP system. I don't want to do anything that might mess my connection up.
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

I don't understand the question. The post is about securing your router. I don't have instructions for configuring the XP client since my XP system has hardware problems, but it's a fairly simple process. There is nothing you can do on the router that is not supported on XP, as long as the adapter driver supports the encryption mechanism you use, but that has nothing to do with XP, that's the driver's responsibility.

Please bear in mind if you secure the router but don't properly configure your wireless client, you will no long be able to connect wirelessly. I recommend taking it step by step. On the XP Wireless Network Connection window, simply run the Set up a wireless network for a home or small office wizard and just follow the prompts.
Bronze Star Contributor
Bronze Star Contributor
Posts: 478
Registered: ‎11-09-2003

Re: How to Secure a Wireless Router

Baric:

I also printed your info.
"Thank You!"

-me6
New Visitor
Posts: 3
Registered: ‎06-22-2004

Re: How to Secure a Wireless Router

Great, great post. Although it's about securing the router specifically, the software firewall question is relevant too - "do I need one now that I have a router?". The answer is generally "yes!" and there's a great thread explaining it here: http://forums.comcast.net/thread.jspa?forumID=13&threadID=38394&messageID=515067#515067

Or just Search on "ZoneAlarm" or similar.

-- Bill
New Visitor
Posts: 1
Registered: ‎07-15-2005

Re: How to Secure a Wireless Router

Thank you, Thank you. Had other problems last night but lucky when I awoke they were cleared up, wireless was on my schedule today and now that's done.

Thanks again
Regular Contributor
Posts: 27
Registered: ‎03-11-2005

Re: How to Secure a Wireless Router

If I change that, can it be ANY series of letters and numbers and do they have to be the exact amount of characters as it is set now, or could I just change a few of them randomly from time to time?

It can not. It can be any letter A-F, or number 0-9. It is not case sensitive. It is set up this way, because it's using the hexadecimal numbering system. If you're only using 64 bit WEP encryption, which I'd bet you are, you need to have 8 characters. 128 bit encryption, I believe, is 16 characters.

I hope this helps.
Regular Contributor
Posts: 32
Registered: ‎08-12-2003

Broadcasting SSID

Thanks for the replies earlier regarding the WCG200. After still not being able to figure out how to disable broadcasting on my Comcast-supplied router, I finally called Comcast's "Home Networking Advanced Services."

The representative told me that Comcast has disabled the ability to stop broadcasting. The firmware customization was done because it is easier for Comcast to support and install networks with broadcasting enabled. The representative went on to tell me that since WEP is in place, my wireless network is secured.

That didn't give me a warm and fuzzy feeling, and I may end up getting my own router eventually. WEP is certainly far from bulletproof, and Comcast actually has a web page that advises that broadcasting be turned off.
Most Valued Poster
Posts: 7,832
Registered: ‎07-18-2003

Re: Broadcasting SSID

> The representative told me that Comcast has disabled
> the ability to stop broadcasting.


I love it. You pay them for the tech support, so they disable your security in order to provide it!?!? I'd go buy a router and come here for your tech support instead.
Contributor
Posts: 6
Registered: ‎08-26-2003

Re: How to Secure a Wireless Router

>Posts: 830 From: Lee, NH
Registered: 10/31/04
Reply Report Abuse

I'm actually printing this for the fridge



Wow! A wireless fridge! Living in Alaska? ;-)
Message was edited by: FOB05/78
New Visitor
Posts: 13
Registered: ‎07-15-2004

Re: How to Secure a Wireless Router

Im a bit late to this but here goes.

Great post. Very Informative. Agree with most of the tips and a few I have some concerns with.


First, your Comcast technician cannot be 100% educated on every piece of equipment you may link to your wireless router. We do our best and attempt to provide you with the best service possible. Understand that when something goes wrong and you are forced to call "Customer Support", chances are, (and these are great chances) you wont be talking to someone who has installed any of the services we provide. These are people generally who generally been involved with customer support or phone support operations at some other job and chose to join our team.

They mostly are there to listen to your complaint and get the right guy/gal out to your home as soon as possible. They may or may not attempt to resolve your issues over the phone with the usual, "Unplug for ten seconds", or I'm sending a converter hit now, or "Release IP, Refresh IP etc etc etc. We are not trained in XBOX wireless setups, Playstation setups or any other. We bring the best possible forward signal to your home and attempt to ensure you have the best possbile return path.

This wireless guide is but one of many ways you can HELP YOURSELF and at the very least, have a good headstart on things should a ComTech have to be dispatched to your home. As Baric said, he couldnt possibly post a guide for every single piece of equipment out there. So is it fair to expect that $9.50 per hour technician to know every single equipment combination out there. Sorry, we dont. Some of us do. But we are the guys/gals you will speak with on the phone when things go screwy.

Lastly, we realize you pay hard earned money for the services you ordered and you expect us to provide those without excuses. We recognize and welcome the challenge, but understand that when our day is filled with driving 10-30 miles just to change batteries in a remote control, or change the channel of a TV to channel 4, its kind of hard to fulfill that promise of prompt customer service to those of you who seek out and use these guides in an attempt to help yourself. For every one of you who demands prompt service and reliable tech support, there are 50 of you who wont even change the batteries in their digital box remote control or ensure that their "Xp network connection" is enabled.

Great guide, sorry for the long wind. But we as a whole do care about your service. I take great pride in driving away from a Irrate customers home and they are securely surfing the net or recieving the video programming they pay for.


William
Tech 526
Recognized Contributor
Posts: 14,085
Registered: ‎10-01-2003

Re: How to Secure a Wireless Router

> First, your Comcast technician cannot be 100%
> 0% educated on every piece of equipment you may link
> to your wireless router. We do our best and attempt
> to provide you with the best service possible.



> William
> Tech 526

I trust you're aware that Comcast employees are not allowed to post in these forums unless the Comcast logo appears next to their names (as it does for the mods).

If you doubt that, please see the "Who's Who" section in this post.
Message was edited by: Early Out
Connection Expert
EG
Posts: 43,121
Registered: ‎12-24-2003

Re: How to Secure a Wireless Router

[ Edited ]

I can sympathize with this guy and I agree with what he has said, regardless of whether or not he is actually a Comcast employee. He seems sincere and there may not be any ulterior motives in his posting here, even though it may be against the rules. I have said the same exact thing to my customers in my line of work, and as an employee, I can only hope that they realize that we have great pride in our work and want to do a good job and give great service, but we are limited by our employers deficiancies in giving us the tools and support that we need in order for us to give the level of service that customers pay good money for and deserve. We are merely victims of our company's policies, oversights, bureaucracy,and greed.

New Visitor
Posts: 13
Registered: ‎07-15-2004

Re: How to Secure a Wireless Router

Sorry to disappoint you, but we have no policies preventing or limiting technicians to where and when they can post. The Comcast logo is a matter of convenience. To provide the reader with a greater sense of trust and assurance in whats being posted and to identify moderators.

As with all corporations some information and directives never reach all intended targets. As such, if so directed by a moderator to apply the logo to my posts, I will surely do so. Until then, my posts carry about as much weight as anyone elses, and are to be used as the reader sees fit as any other post on the internet.


William

Tech 526
Recognized Contributor
Posts: 14,085
Registered: ‎10-01-2003

Re: How to Secure a Wireless Router

> Sorry to disappoint you, but we have no policies
> preventing or limiting technicians to where and when
> they can post.

You had better check with your supervisor. This issue has arisen here several times before, and the outcome is always the same - the employee is told to cease and desist.

> The Comcast logo is a matter of
> convenience. To provide the reader with a greater
> sense of trust and assurance in whats being posted....

Which is precisely why someone is prohibited from claiming to be a Comcast employee without displaying the logo. How do we know that you are who you say you are?

Trust me, one of the mods will be in touch with you as soon as they become aware of what you're doing.
New Visitor
Posts: 13
Registered: ‎07-15-2004

Re: How to Secure a Wireless Router

Hmmm,

First of all "What I'm doing" is posting just like everyone else. I have posted nothing harsh cruel or flammable. My posts have been on topic and contiributive to say the least. There are many many other topics you could have replied to in these forums and you could have even taken this time to help someone. Had I posted anything off the wall or just plain absurd, I could see your point in applying the "Hot Poker".

However, that is something I have not done. I will point you to the Forum rules as posted and as they stand right now.

" Comcast moderators can be identified by the Comcast logo beneath their name."

I am not now nor do I ever intend to be a forum moderator. I step in and post what i have seen in the field and nothing more. I promote no specific brand of equipment over the other, nor do I degrade nor denounce any other ISP or Cable provider. My use of the title Tech 526 could very well indicate RoadRunner, Cox, Directv or any other service provider.

Furthermore, I think I have reached my limit on explaining this to you over the internet. You yourself could capture that logo and apply it to your posts and claim you worked for Comcast in Texas or some other part of the country. Does that diminish the factfullness of your post? The logo represents 'MODERATORS" of which I am clearly not apart of. End of story


William

TECH 526
Savannah System
Hinesville Georgia Office
Recognized Contributor
Posts: 14,085
Registered: ‎10-01-2003

Re: How to Secure a Wireless Router

> First of all "What I'm doing" is posting just like
> everyone else.

No, you're posting while claiming to speak for Comcast, as one of its employees. I could make that same claim. So could anyone else. That's why Comcast has said that employees must be identified officially when they post in here.

> I have posted nothing harsh cruel or
> flammable. My posts have been on topic and
> contiributive to say the least.

No disagreement. The substance of your posts isn't the problem. It's your unsubstantiated claim to be a Comcast tech that's the problem.

> Furthermore, I think I have reached my limit on
> explaining this to you over the internet.

I'm just trying to keep you out of trouble. That'll teach me.

> You
> yourself could capture that logo and apply it to your
> posts....

Not possible. Try it.
Recognized Contributor
Posts: 14,085
Registered: ‎10-01-2003

Re: How to Secure a Wireless Router

Don't believe me. Listen to Moderator Jason1 in this post:

"Just so everyone is aware, Comcast employees are not allowed to post to these forums unless they have been sanctioned by Comcast and have the Comcast logo appearing beneath their forum name."
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

Personally, I coudn't care less where someone purports to work as long as the advice they give is a) technically sound, and b) contributes to the conversation is some substantive and positive way.

I think Comcast should let their employees post more and give those who really are employees the Comcast logo. Some might not work out, but I bet alot could be very helpful, both because of their inside knowledge and technical expertise, and for putting a human face on an otherwise big bad corporation with a terrible support reputation.
Recognized Contributor
Posts: 14,085
Registered: ‎10-01-2003

Re: How to Secure a Wireless Router

> I think Comcast should let their employees post more
> and give those who really are employees the Comcast
> logo.

Don't get me wrong - I agree with this completely. This poster, for example, seems to be knowledgeable and helpful, and would be a real asset. But getting the Comcast logo is the critical piece of the puzzle. Otherwise, we could pass ourselves off as Comcast employees, and get up to all sorts of mischief.

Sounds like fun, now that I think about it.... :smileylaugh:
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

Have a ball... :smileywink:

BTW, I get accused of being a Comcast employee all the time, usually accompanied by alot of foul language. It's a real adventure opening my mail sometimes.
Recognized Contributor
Posts: 14,085
Registered: ‎10-01-2003

Re: How to Secure a Wireless Router

> BTW, I get accused of being a Comcast employee all
> the time, usually accompanied by alot of foul
> language. It's a real adventure opening my mail
> sometimes.

Doesn't your email client have an "adult content" filter? :smileywink:

That's why I keep mine hidden, of course....
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

> Doesn't your email client have an "adult content"
> filter? :smileywink:

Why on earth would I want to use such a thing? I like adult content. It goes with being an adult, I think ]:smileyhappy:

Being hidden is too restrictive, but it doesn't agree with everyone, I'll warrant. Works for me.
New Visitor
Posts: 13
Registered: ‎07-15-2004

Re: How to Secure a Wireless Router

For the sake of peace and getting back to the real purpose of these forums, I'll refrain from specific titles and simply add to a conversation as if I never worked for Comcast as most here.

I did in fact ask our HR rep to find out if there were specific rules regarding Technicians posting helpful tips or advice on the .net website. I'm awaiting that answer. If it means adding a Logo so be it. Until then, If anyone was confused or offended by anything I posted, then please accept my sincere apology. I can state with all honesty, that my it is only an attempt to help out and provide realword fixes that have proven to be reliable in the field.

Sincerely,

William
Connection Expert
EG
Posts: 43,121
Registered: ‎12-24-2003

Re: How to Secure a Wireless Router

Keep on truckin' Bill, and good luck to you! B-)
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: How to Secure a Wireless Router

Sounds good to me, welcome aboard.