Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Security, Wireless

Linksys WAP54G Secure Configuration

Submitted by on June 11, 2008 – 1:09 pm 5 Comments

Below are some basic steps to secure a wireless access point (WAP). The screenshots are for Linksys WAP54G v. 3.04, however, the same steps will apply to wireless access points from other manufacturers. Understand this: following the “Easy Installation Guide” that came with your wireless access point or router will not ensure security of your network. The purpose of the these quick configuration guides is to get your wireless network up and running with as little effort as possible.

The manufacturer of your wireless network hardware is not responsible for the security of your network – you are. By not reading documentation and by not fully understanding what you are doing, you are creating potentially serious problems for yourself and your family. By not properly securing your wireless network you are violating the service agreement with your ISP and, depending on the state of your residence, you may even be breaking your state law.

A wireless router or access point is not like a microwave or a dishwasher – it is not a home appliance but a complex communication device. Chances are, you will be using your wireless network almost every day and so you should take a little bit of time to familiarize yourself with how it works and to get it properly configured.

Once you went through the basic steps of connecting your WAP and getting it to work, there are a few additional measures you need to take to make sure that your neighbors and passersby are not using your network. Here is the outline of things that you will need to do to secure your WAP:

  1. Correctly position your WAP device.
  2. Change default password.
  3. Change default SSID.
  4. Disable remote administration feature.
  5. Enable encryption and set security mode.
  6. Disable SSID broadcast.
  7. Disable DHCP.
  8. Enable MAC filtering.

Correctly position your WAP device

The goal is to maximize signal coverage inside your house and to minimize coverage outside the house. Position your WAP on the central floor of your house away from windows. Make sure you keep your WAP at least six feet away from electronic devices containing high-voltage coils (CRT TVs) or utilizing corona discharge (older photocopiers and laser printers). Strong electromagnetic interference created by such devices will result in unstable wireless network signal.

Keep your WAP far away from powerful sources of ionization and humidity (ionizing fans, ionic flow generators, humidifiers). Excessive air ionization and humidity will dramatically reduce the effective range of your WAP. Your wireless access point will heat up considerably during heavy network activity. To ensure proper cooling, do not place your WAP near sources of heat, such as central air vents or in direct sunlight.

Change default password

Click Administration – Management – [ enter new password ] – Save Settings. You need to change the admin password every three months. Certain models of wireless access points will allow you to change the default user name (usually blank or “admin”). If you see that option – change it.

Change default SSID

Click on Wireless – Basic Wireless Settings and in the Network Name (SSID) field enter a new name for your network. Do not use special characters like “@#$%”. Click Save Settings.

Disable remote administration feature

Certain WAP devices and most wireless routers have an option for remote (from the Internet) system management. If you see that option – disable it. You will still be able to access the device’s administration interface from your home network.

Enable encryption and set security mode

Click Wireless – Wireless Security. In the “Security Mode” field select WPA-Personal or WPA2-Personal. For the “Encryption” field select TKIP. In the “Passphrase” field enter your desired network password using both numbers and letters. Do not use special characters like “@#$%” because these may cause problems for some of the computers on your network. Set “Key Renewal” to 300 seconds and click on “Save Settings”.

Disable SSID broadcast

Before disabling SSID broadcast, make sure all of your computers are connected to your wireless network and that the network is set as the default wireless network on all of your computers. Click Wireless – Basic Wireless Settings and in the SSID Broadcast field select “Disabled”. Click on Save Changes. If your computers have a problem connecting to your network because they cannot see it, then you may need to re-enable SSID broadcast at least temporarily.

Disable DHCP

Select Setup – Network Setup and in the Configuration Type field select “Static IP”. Make sure your computers are set to use static network configuration (see Setting static network configuration in Windows below).

Enable MAC filtering

A MAC is the hardware number of the wireless network card in your computer. Enabling MAC filtering will cause the wireless access point to grant connections only to devices with specified MAC addresses. Click Wireless – Wireless MAC Filter, enter the MAC addresses for your computers and click Save Settings. See Finding your MAC address below.

Setting static network configuration in Windows

Open Control Panel and select Network Connections. Right-click on your Wireless Network Connection and select Properties. Click on General tab, scroll down in the list to Internet Protocol (TCP/IP), highlight it and click on Properties.

Set your IP address, Subnet mask, Default gateway, and DNS server information. The default gateway is usually the IP address of your router. The DNS server is probably also your router.

Finding your MAC address

In Windows, click Start – Run – type “cmd” and click OK. In the command window type “ifconfig /all”. In the output find “Ethernet adapter Wireless Network Connection” and look at the Physical Address field.

In Linux type “ifconfig -a”, find your wireless card and look at the “HWaddr” field.

Print Friendly, PDF & Email

5 Comments »

Leave a Reply

%d bloggers like this: