Anyway, one of the topics in my Tuesday A+ class was configuring a router. We actually connected to the classroom router and had a look around. There were several instances where I said sentences that began with the words, "If this were a wireless router...", so we had to use our imaginations a bit. So I decided that this blog provided a great opportunity to show you this configuration, step by step, if you were at all interested.
The first thing we need to do is actually find our router. Remember, the router is our gateway out of the network, so we need to find the address of our gateway. We can use a great little command-line tool called ipconfig to help us figure out what that address is. To get to the command prompt, we click Start > Run, and type cmd.
In the command prompt window, type ipconfig. This returns the following output, which is our networking configuration info:
The line we're looking for is the router, or gateway, and we see this listed under Default Gateway. Its address, as you can see, is 192.168.15.1 Now, we simply take that address and type it into any web browser. After typing in our credentials (check your router's documentation for more information), we are presented with this opening configuration screen:
Here, there are many things we can configure for our network, such as the router (Default Gateway)'s IP address, the range of IP addresses the router will assign, the name of the router, etc. But what we're concerned about is making sure that our own computers are the only ones that will be able to access this router (no deadbeat neighbors, please!). So we will click on Wireless and be presented with this screen:
On this particular router, we can choose to broadcast in 802.11b or 802.11g or both (more on that later in class), and choose the SSID, or name, of the network. Mine is set now to Spolai105. But here, we want to go one step further in to the menu and click on Wireless Security:
Here we're presented with a few options. First, the security mode can be basically one of two things: WEP or WPA. WEP is easily cracked, so I'd recommend choosing WPA, if at all possible. The thing is, my stupid wireless card won't support WPA, so I'm stuck using the old school WEP. That's ok though, because I really doubt that my elderly neighbors will be trying to hijack my Internet connection to send out porn spam. But, I've been wrong before.
Anyway, I've chosen WEP, and given some more blanks to fill in. The first is "passphrase". I'll type in a password here (by the way, this is not the real information on my router), halleberry and then click Generate. You'll see that I'll get four possible keys to choose from. I've chosen to make the router require the third key. If I were to click Save now, the router would reboot, and I'd have to type in the key in the configuration settings of any wireless device I want to connect to the router. That would be nice, but I'm not done yet.
I want to add yet another layer of protection to my router, just in case my key is cracked. I want to only allow certain MAC addresses on the router, which can be set to my personal computers. Anyone else who tried would be denied. Blam. I say that like it's totally impossible to spoof a MAC address. It's not. Regardless, I'll click on Wireless MAC Filter and get this screen:
Here, I can choose to deny specific MAC addresses, or deny everyone except certain MAC addresses. I'm a paranoid delusional, so I'm going with the second choice. Then, I'm going to actually put those MAC addresses in the list:
Now, I can start typing in the names of MAC addresses I want to allow. How do we find out our MAC addresses, you ask? Great question.
We need to open back up the command prompt like we did before, and reissue the ipconfig command. This time, we need to add the /all switch to it, like this:
The physical address is another way of saying MAC address, and so we need to type in the physical address of our wireless card. If your computer has a wired network card and a wireless card, like mine, make sure you get the physical address of the wireless card. In this case, mine is 00-0E-35-E0-FD-54. Either typing it over, or marking and pasting it over, I can get this into the MAC Filter list (see above) and allow this particular MAC address have access to the router (and ulitimately, the Internet and any other computers allowed on the network.
Hopefully this has made the process of securing a wireless router a little less daunting. This is a necessary task, since the majority of consumer routers we see today are shipped with no security enabled. Too many people simply plug in their routers and go -- leaving themselves exposed to evil elderly people with porn spam to send. Lock 'em down, grasshoppers.
1 comment:
Great stuff, Ben! Thanks!
Post a Comment