Making a secure network

[Darth Rockwell]

My parents have a wirless router for the internet in the home. I am trying to make it a secure network but I don't know how to do it. Can someone walk me through it?

 

[jaguarr]

What is the router make and model?

jag

 

[Badger]

Don't skimp on the router, it needs to do these things: WPA/WPA2 encryption, MAC filtering, and be able to turn off the SSID broadcast.

If you have those things you'll be good to go.

1. Do not use the default IP scheme. Usually it's set to 192.168.0.xxx or 192.168.1.xxx.

Change it to something based off the schema below.

These are the IP schemes for use in Private(Home) Setup:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.2.0 – 192.168.255.255

Be creative don't make it simple.

2. Be sure to change the password on the Router to a Strong Password. At least 8 characters long with a combo of Upper-case letters, lower-case letters, numbers, and symbols.

Again, creative and not simple, but easily remembered.

3. Turn on MAC filtering. Make sure you do this before securing the network with the steps 4-7, or it becomes much more difficult. If you have a newer router this should be easy. Most new router when setting up MAC filtering will capture the MAC addresses of those components already on the network, so you simple have include them by tick box or whatever the GUI for your router uses. Otherwise, you will have to manually find the MAC on each address and type them into the router.

4. Disable the DHCP on the Router, this automatically assigns IP adresses to any computer on the network that dynamically drawing IP's. You will have to manually put in addresses in all wireless/wired components.

5. Turn off SSID broadcasting and change it to something other than the Router's make. This doesn't have to super tricky, just make sure it's not broadcasted.

6. Setup your WPA/WPA2 encryption. It'll ask for a Passcode, be creative and not simple. You will have to enter this Passcode in your wireless enabled devices, make sure they are WPA ready. If they are not you may need to use WEP 128key for your router and adaptors. WEP is less secure and harder to setup because you have to remember a long series numbers and leters, so stay away if you can. If they don't have WEP, buy new adaptors.

7. Go around to your adaptors/components are reconfigure accordingly.

That's about as secure as a home network can get without turning off or changing ports, and that's a whole other ball of wax.

Hope this Helps.

 

[MichaelDigital]

The secret to securing your wireless network is simply enabling WPA with a strong passphrase. The passphrase can be up to 63 letters, numbers and symbols and since you only need to enter it once, why not make it as long as it can be and make it completely random? That way, no one will ever be able to guess it and no one can ever try every possible combination (it would take too long).

What I do is generate a random passphrase of 63 characters. That's way long, but it only needs to be entered once and you don't have to type it by hand. There are lots of apps and sites that will do this for you, one is at www.grc.com/pass. You can chop and mix the output from that if you want something that's unique.

I then paste that long passphrase into a text file and shove it on a USB drive. I take that around to the new computer I'm setting up, paste the password in and that's it.

There are no known weaknesses in WPA so provided you have a good passphrase, WPA is all you need. Anything more is overkill. WPA2 strengthens the encryption (it uses AES, a stronger algorithm) but adds no security to the authentication side of things.