General information about wireless routers, Wi-Fi systems, and their basic security settings.
For the home wireless user there are two types of wireless devices, the classic wireless router and the Wi-Fi system. The two types are very similar in that they both have a router built in, and are used to connect devices to the internet. The built in router is a switch that has multiple ports for plugging in Ethernet cables to wire devices. The Wi-Fi systems are very similar to the older wireless router that most people are familiar with, however there are a few distinct differences, the first is the price of the Wi-Fi system, they cost quite a bit more than a standard router, second is the range they offer which can be considered extended range, and thirdly they are multipart systems, utilizing two or more pieces of hardware. When shopping for premium wireless routers the price is about the same.
Wi-Fi systems use mesh network topology that extends the range of the wireless network by hopping from one device node to the next device node, until reaching the main router node, which is connected to the modem or gateway. Spreading the devices around, and across an area can provide a strong signal to all areas covered. Satelite placement is important to a Wi-Fi systems overall performance, place your first hop or device in the wrong spot, and the entire mesh network performance can be greatly compromised. Even in a perfect setup the furthest node would see some performance degradation due to the distance and number of hops the data must make to get to the primary node. Mesh network systems tend to cost a bit more than a standard single wireless router designs, primarily because there are at least two devices being purchased as a kit and many come with three, and more can be added. Manufactures price Wi-Fi devices higher due to the technologies potential for better overall performance.
The main benefit of mesh networks is that they can improve home wireless network range without having to add additional SSIDs, such as when using a repeater with standard wireless systems. However, placement is critical to good performance, and most homes if not all all homes are not setup for wireless network performance. As you extend from the main router the wireless signals degrade just like with a traditional wireless router, however with Wi-Fi system mesh networks the signal strength can be maintained by adding more satellites. Too many satellites, or improperly placed satellites and your wireless devices will spend a lot of time switching between them as you move around the covered space, degrading performance.
The classic monolithic all in one wireless router still has the same design it has had for many years. The main visual difference is the number of antennas, lack of antennas, or size. Some wireless routers include types of technology that is proprietary to the manufacture, such as the active antennas of the Netgear X8 pictured. Modern high end wireless routers are very effective at covering a large area and have served their purpose well. Technology will evolve the traditional wireless router into something more like a mesh network. Manufactures are producing products that allow one to extend their wireless network without committing to a complete kit, or brand.
Secure your wireless network, there is no good reason not too. Why share your expensive internet connection with someone you don't know, and more importantly you have no control over what they do. If a wireless router is left at the default settings a bad actor can use any one of the common user name and password combinations to access your routers settings. Someone could easily lock you out of your own wireless router, and block you from using your internet. This can be fixed by resetting the router, but it is easier to prevent it by changing the default router password. Not securing your wireless network is asking for trouble, if the police were to show up they would want to speak with the person whom pays for the internet service before they can figure out whom committed the crime. That could be potentially embarrassing, so take a moment and secure your wireless router today.
Wireless routers of any type or brand are very easy to secure.
The router password is not the same as your wireless password. The router password secures the hardware device from being accessed and re-configured. The wireless network password is used to connect the router to your device, laptop, or computer. The wireless network connection allows for access to the internet, and to block others from accessing your network or using your internet.
Most new routers firmware is pretty smart, and your system can be quite secure by following the directions for initial setup, just be sure to make the router password different than the wireless network password. Manufactures have been printing connection information on devices now for some time, this information includes the default
service set identifier (SSID) and wireless network password. The SSID is the broadcast network name that is used for identification purposes. Having your wireless network information printed on the router his is helpful, and after resetting the device it can save a lot of headaches. It may be convenient, but it is recommended that the wireless network SSID, and wireless password be be changed.
One of the easiest ways to secure your wireless router is to follow the built in step by step browser based configuration tools used by most routers today. An alternative for older or less expensive routers would be to use the configuration disk that comes with the wireless router. As more and more personal computers are sold without DVD/CD ROM drives disk configuration will likely become a thing of the past, if it has not already. When setting up you router for the first time it is easiest to connect your device to the router using an Ethernet cable and then opening a browser and following the steps. One issue with this is wireless routers come with only one cable, therefore if you do not have a second Ethernet cable you must turn the unit on wait for all the lights and then use the default SSID and wireless network settings printed on the device to connect to it. For many changing the wireless settings when connected wearilessly can be a challenge and therefore stick with the manufactures default SSID and wireless network password. That is fine, just be sure at the very least to change the default router password.
Another very important step is to update the device firmware. Firmware is the code that makes the device work, and manufactures make changes that can improve security or functionality of the device. Using out of date firmware can cause odd issues, and possibly leave your wireless connection, and network vulnerable to attack. This is usually handled automatically during setup, if the firmware does not force the update do not choose to skip updating the firmware during setup. As time goes by it is important to sign in to your router and check for firmware updates, since they are not automatic.
The best security choice at this time is Wi-Fi protected access 2 or WPA2 personal encryption using a strong password. This password encrypts the communication between your devices and the wireless router. It is also the password used to keep others out. To help with a strong password many routers have set rules one must follow when creating their password. When creating a password it best to choose one you can easily type and remember, just make it at least 8 characters long with a bit of random keys like capitols or symbols. The password does not need to be full of random characters but the more random it is the longer it will take to crack.
Before securing your wireless network with WPA2 personal encryption be sure all your hardware supports WPA2. For newer hardware this is not an issue and need not be a concern. However, if you have older hardware one may select WPA (Wi-Fi Protected Access) and TKIP (Temporal Key Integrity Protocol) encryption. This allow older and newer devices to connect to your network. This is a trade off with security strength and connectivity, but it is better than not using the older device wireless. The much older WEP (Wired Equivalent Privacy) en cry ti on should not be considered at all.
In general any encryption is better than an open network. However, cracking encryption really is a matter of money, if a person has access to password cracking tools and a powerful computer it can be very hard to prevent from being hacked by them. One online company based out of Russia sells a product that claims to be able to hack a WPA2 wireless password in minutes, mind you the program cost $1800.00 and you need multiple $700.00 dollar video cards to do it quickly. They also sell a more expensive product that can use up to 100 Amazons servers.
Wireless networks broadcast a name that is used to identify them, it is called the service set identifier or SSID. When looking to connect to a network the SSIDs or network names in the list are all available networks in your area. The SSID is how you find and identify your wireless network so you can connect to it. When setting up your wireless router you need to choose an SSID, this can be any name, so it is best when setting up your home network to select a name that is easy for you to remember, and be sure to only connect to that wireless network SSID.
It is best not to pick an SSID that could identify you in anyway. This offers no real security, it is just a means to make it harder for an attacker to know whom he is attacking. There is also an option to hide or not broadcast an SSID, this is not worth setting, since there are simple tools one can download to find and locate hidden networks and reveal the SSID and even show the general direction from their location of the wireless network. So, do not hide your SSID, since you are only hiding it from yourself.
When connecting to you wireless router you may see a large number of names of wireless systems that you could connect with, however only connect with your wireless network. The other names in the list are other wireless SSIDs of neighbors and they may be secured so you can't connect while others may be unsecured allowing you to connect. For some free internet is tempting, but don't do it unless you know the person and trust them.
When setting up a guest account select the option to keep the networks separate unless you have a good reason not too. The verbiage varies between wireless router manufactures, so look for something like network isolation, wireless isolation, AP isolation, or leave enable routing between zones unchecked. Keeping the guest account separate means that your guests will not be able to access your computers. An example of the need to isolate the guest network would be your kids are giving out the password to anyone and everyone. Thus exposing your computers to anyone and everyone.
There are other settings that can help secure your wireless router. Some are there to simplify setup and others are there to simplify access. In general all settings that make it easier to connect devices or access the device are best turned off, or disabled. The most common security risks are UPNP and remote access.
UPNP is a way to simplify networked device discovery and having it enabled does allow for easy device configuration. However, that ease comes at the cost of increased vulnerability to outside attack. It has become common place for manufactures to configure universal plug in play incorrectly exposing all users of their hardware and UPNP technology to a higher level of risk. Therefore universal plug in play should only be turned on if you know you need it, otherwise be sure it is turned off. In general you should turn off UPNP.
There is very few reasons for a home user to need to configure a router remotely, but if you do than by all means use the feature. However, from a security stand point it is best to turn off remote access. Manufactures try and make things easy for the end user, and can create security risks that cannot be avoided if a feature is used. So, rather than find out the hard way a manufacture has poorly configured remote access, simply disable it.
How do you prevent users of your internet from going to sites that you deem inappropriate. Over the years there have been many different approaches to this problem, and one way is to use internet filters such as openDNS which can be used by home and business. Just to note PCMD is in not affiliated with openDNS, they simply provide a beneficial service that anyone can use to help secure there computers while browsing the Internet.
When properly configured network users are forced to route all traffic trough openDNS servers. OpenDNS is easy to setup and can be quite effective at preventing access to sites you do not want people to visit. The service has a number of real world benefits such as preventing typo squatting, typo squatting is when malicious web sites have names just a bit different than the one people are looking for. Internet filters can provide easy and quick block filters for any number of categories. Category examples would be gambling, guns, pornography, and many more. The downside to using internet filters like openDNS is that openDNS knows ever website request you make, since all traffic flows through their servers. For some that may not be acceptable. Some routers are even coming pre configured for openDNS to make it easier to setup.