How to fine tune and secure your wireless router
Nobody likes the idea of being connected to internet or local network using wires any more. Most of you will be aware that wireless networking is the best way to keep those interconnecting and irritating wires out of your way. As the prices of wireless routers dropping below the Rs 1,000 margin, every neighbor seems to be flooding the air with wireless frequencies. And so do you. But sooner or later, you find out that your router is not performing as you were promised—it either drops signals, packets or is simply slower than usual. You read the news of unsecured wireless networks being hacked by terror groups and are worried if you would be the next target. Let us at CHIP help you secure your wireless router to the maximum possible security level and also fine tune your router to get the best performance at home or office.
Security:
Passwords: The first step in securing any router is to use a good strong password using a combination of characters and alphabets. Don’t forget to make it a lengthy one and try not to use dictionary words or typical passwords that can be thought by friends or relatives (such as name of your spouse or birth dates). These passwords would be used at the administration level of the router as well as on the wireless network where devices will be connecting wirelessly. Never give out your username and password (even temporarily) to any known or unknown persons. If you do so, make sure you change the same immediately after they have left. Change the default Administrator passwords of your router the moment you start to configure your network.
Wireless security: As some of you might be aware about WEP and WPA/WPA2 PSK security modes for wireless networks, it is confirmed that WEP is more vulnerable and can be easily hacked than WPA modes. Deploying a WEP password is as good as not having a password. Opt for the WPA/WPA2 mode over WEP for a more robust security level.
Firewall: Don’t forget to enable the router’s default Firewall. This can help a lot especially from hackers and viruses that can attack your local network from the internet route. Even though the router’s firewall is not top of the line, some security is definitely better than absolutely no security. Also in conjunction to this Firewall, you should enable deploy a strong firewall and internet security suite on your computers as well.
IP address range: If you want a slightly higher secure level of networking, change the default IP address of your network from the most common 192.168.xxx.xxx series to something else—for example 10.xxx.xxx.xxx or 172.xxx.xxx.xxx. In this way, a person trying to enter your network would have to try various IP address combinations before possibly giving up.
DHCP: This is a service built into your router which automatically provides an IP address to every computer which requests the router’s for network connectivity. You should disable this service and practice the static IP distribution strategy. Using this technique, a person trying to enter the network would not know the IP address range of your network and would have to try different configurations to get access. Make a note of the addresses such as Gateway, Subnet Mask and DNS IP Addresses which should be fed into every computer that needs to be connected on the network. If you want to use the DHCP service, make sure that the range of DHCP addresses does not exceed the number of computers that will be connected on the network. For example, if you are going to use five computers on the network, set the DHCP range to allow or allocate only five computers and not more.
Static DHCP: This is another method of securing the local network where the DHCP server will allocate a particular IP address only to that particular machine using the unique MAC address of the machine.
MAC filter: One of the most secure ways of disabling unwanted intruders into your network. You can use the MAC filter of the router to grant or deny access to particular machines which try to gain access to your network even though they know the IP address and password of your network.
Change passwords randomly: Keep the habit of changing the passwords randomly at least once twice a month of not once a week. This can act as an additional security level—it can hurl out an undetected client logged on to your network the next time he tries gaining access and will also discourage him from trying to hack into your network again.
Scan your network time and again: Use a utility such as ‘Angry IP Scanner’ for Windows or ‘Network Discovery’ for Android-based mobile phones to have surprise checks on your network to trace intruders. The utility can pickup IP addresses and Host Names of clients who have logged into your router and are presently active on the network. You can also check this using the routers logging feature.
SSID: The main culprit of allowing hackers to know about your wireless network’s presence in the vicinity is the broadcast of an SSID name. An SSID is a unique name for your wireless network which is usually set by you when you configure your router. Choose to disable the SSID broadcast to disappear on the wireless airwaves. In this way, only you would know what your wireless network name is and nobody in the vicinity would be able to know about your invisible network.
WPS: Wireless protected Setup is the recent feature on all wireless routers. Opt for this security mode to connect and allow clients on your network. With the WPS feature, if a client needs to gain access to your network, he/she would have to physically press the WPS button on the wireless router to gain access to the network. There are not passwords to be entered as the WPS mode fulfills the security option. In this way, there is no need of revealing the wireless password to guest users on the network.
Transmission power: Another culprit which throws your wireless broadcast out of your coverage area if set to High or Very High. Set this range to a preset value only till you know that the antenna power is sufficient enough to reach your computers around your house or office. If the power is too high, then the wireless radio is transmitted further out of your home or office onto your neighbor’s house or the road where a hacker can know about your wireless network’s existence. Use utilities such as ‘NetStumbler’ or ‘inSSIDer’ for Windows on a laptop or ‘WiFi Analyzer’ on an Android-based phone to know how far your wireless radio is transmitting. Reduce the radio power accordingly.
Location of the router: The router’s location in your premises also matters where how and where the radio waves are being transmitted. As most routers use an Omni-directional antenna, the radio waves are spread all around instead of being thrown a in a single direction. Hence, routers placed near a wall have their transmission half inside the room and the remaining half outside the room. In this way, your network is seen outside your area as well as there is a loss of power because the radio waves are not being efficiently used. Always place the router in the central zone of the entire coverage area to make the best use of the wireless power and also lower the leakage of the radio waves outside your room.
Access restriction: If your router features WAN access policies, make use of this feature to allow/deny clients from using the network or internet during certain parts of the day or week. You can time your router to allow clients to use the network according to your allowed time or even block access to certain websites, ports and services. If you keep your router powered-on 24x7, you can use this feature to disable the network access during the nights when you will not be using the network. The other best way is to physically switch-off the router—this way you will save power, increase the life of your router and also have the best security to your network.
Remote Administration: Disable all option which can allow a person to access your router from the network. If your router features the option of disabling remote administration from wireless networks or only from particular IP addresses, use it.
Remote logging: Enabling this feature is beneficial as the router can notify you about any activity on your network via an email, SMS or the router’s memory itself. Depending on your router’s firmware design, the logging feature can notify activities such as network access, intrusion, router changes and much more.
Firmware updates and backups: Regularly checking for new firmware releases for your router’s model can help increase the router’s security level, features and performance. Keep track of the new firmware’s capabilities and drawbacks by checking related forums and such to keep away from buggy firmware. Backup your router’s settings in case you need to hard-reset your router for any reason. This will save you time when reconfiguring the router and especially help you in case you miss any security option you had configured earlier.
Wired or Wireless: If your router has a physical switch to turn off the radio, you can use this feature to disable the Wireless networking when you are not using any wireless devices. This feature only turns off the wireless network while keeping the computers on the wired network untouched. This feature also saves you the trouble of logging into your router’s firmware and switching off the radio from the firmware.
Protocol dependant: Check all your computers and handhelds that use the wireless networking feature to find out which wireless protocol they use, If you have all devices using the 802.11 b, g or n protocol, it makes sense to switch your router to the particular protocol only. For example, if all your connections are using Wi-Fi n only, then set your router to use Wi-Fi n only instead of mixed mode. In this way, a hacker using an 802.11 g WLAN card cannot gain access to your network.
Guest SSID: A few new router models are seen featuring an additional virtual network called Guest network or Guest SSID which allows your friends or guests to gain temporary access to your network and use the internet. But this Guest network isolates all other computers in the LAN from the guest user and denies permissions to shared drives and such. The feature is good for securing your local network from friends, but not the internet usage. Enable this feature only if you need it.
Performance:
Channels: As other wireless devices such as Bluetooth devices, cordless phones, microwave ovens and such use the same 2.4 GHz frequency band as a wireless router, there will be a lot of interference between them. Other wireless routers in your neighborhood also will add to the hullabaloo. These interferences can greatly affect the performance of your router causing data transfer losses and random connection drops too. Since there is no way you can alter/change the operating channels of other devices, you can change the router’s channel accordingly and reduce this interference. There is no way you can find out which channels the other electronic devices use, but you can find out which channels are being used by the other wireless routers around you. Use the ‘NetStumbler’ or ‘inSSIDer’ utility to find out the channel numbers the other routers are presently operating on. Once you know this, you can change your routers operating channel to the one which is least used. Usually all routers are set to auto channel mode which automatically selects the best channel to operate in. The channels that are the best to use are usually channels 1, 6 and 11 as they never overlap each other. But as most routers are set to auto mode, these channels are usually occupied. Few unique router models and others flashed with the DD-WRT open source software can enable the router to operate on channels 12, 13 or 14 which is rarely used. If you have this feature, make the best use of it after trying it out. If your router and wireless clients support the 5 GHz frequency band, it is recommended to use this mode as the 5 GHz band has completely different and numerous channel numbers which are usually free. But the drawback of using the 5 GHz band is lower range, slightly slower speeds and increased power consumption.
Position your router: The position of your router affects the performance of the network radio in a great way. Keep your router off the floor and at a distance from walls, metal furniture and other electrical and electronic devices. An obstruction such as walls, floors, metal objects and such can weaken the radio signals by either getting blocked or absorbed. Even if your router looks elegant, try keeping it in a central location of your coverage area. Never keep a router in a cabinet or in besides other electronic devices such as a cordless phone base.
Replace your routers stock antenna: You router uses a low gain Omni-directional antenna which is meant for a particular range indoors or outdoors. If you want the signals to be better and cover up a larger area, use a high-gain antenna which focuses the signals in a particular direction rather than around it. In this way you can aim the signals in the direction that you need. Though these antennas are not easily available, it is not impossible to get them too.
Use a repeater or access point: If you need a wireless network to cover a larger area, you can also opt for a few other remedies. You can flash an old router with a DD-WRT firmware and convert it into a repeater, a Bridge or an access point. You can also deploy access points or routers that feature WDS for increasing the coverage area of your wireless network.
Always use the equipment from a single manufacturer: As most know that a D-link WLAN card will definitely function with a Netgear router, it is always advisable to opt for an adapter and router from the same manufacturer. The reason if better compatibility and superior performance as the manufacturer designs the products to be more efficient when used together.
Upgrade your wireless clients to the latest technology: If you are using older generation 802.11 b or 802.11 g devices, it is advisable to use the latest 802.11 n technology-based devices for superior performance and increased coverage area. When buying a new router and/or laptop, always opt for the 802.11 n technologies.
Software updates: Always keep your routers firmware and your WLAN network adapters drive up-to-date with the latest version. The manufacturers are regularly improving their hardware drivers for better performance, compatibility and stability. This way you will have fewer connection problems and network issues.