How do you secure a wireless connection?

I think other people are picking up my signal and it's making the connection slower. I can access the net just fine. But the status of the connection is unsecured. I want to know how to secure it. Does anyone know how?

Thanks.

 

Which type of router are you using?

 

Basic Wi Fi Security

Several steps

1)First of all you will need to be get into your router control panel.
sometimes the manufacturer will give you a setup disc or utltimately you can do it manually

2) You enter the control panel of the router usually through a web based interface

you put an address in your browser
for the specifics either look in the manual or in the manual online

linksys is 192.168.1.1
d-link and a lot of others are 192.168.0.1
smc is 192.168.2.1

admin account name ( usually the word admin) and passwords can be found in the manual.
if the router has been set up before and has been changed you can reset the router back to factory default settings by holding the reset button with the power on

3) Change the following :

the SSID should be changed from the defaults
- do not use something identifying such as last name, address , phone number. You would be amazed at the vanity involved that allows war drivers to easily ensure which house has the wi fi signal. Lots of people even use their last name ( guess they are proud of their hi tech home wifi network).

remember you will have to set up the wireless computer for the new setup

4) also change the channel as a matter of routine from the default channel 6. Channels 1 and 11 are the next best choices although it is a matter of playing around from time to time

5) If you wish to add encryption there are choices

- the simplest is wep. Two choices 64 bit and 128 bit.
The setting is in wireless security.
Set the type of security - wep or the newer more secure wpa.
With wep you choose a passphrase. A generator in the router contol panel will generate the code sequence for you. You enter this phrase in the computer networking when you try to log on.
128 bit encryption is more secure but there are a lot more digits to enter (correctly twice). Wep 64 bit has been broken but if someone has broken your wep code this is probably the least of your problems.

6) Two last things
- after setup and ensuring that all is working on your remote computers you may want to turn the wireless signal beacon in the router off so drive bys do not catch your ssid beacon

- what i would recommend to do is to change your control panel admin password.

In summary

- change ssid
- change channel
- turn on encryption wep or wpa
- change the admin logon password of the control panel of your router

 

My Router Setup Checklist

1. Change Password

2. Download and Update Firmware

3. Clone Primary Computer MAC address

4. Disable Ping from WAN

5. Disable "WAN Management" / "Remote Logon " / "Remote Administration" / "Remote Management "

6. Stealth Port 113 if necessary via NAT Port Forwarding

7. Change Default Channel to Channel 11 (least interference with cordless phones)

8. Whitelist appropriate WiFi MAC addresses via Wireless MAC Filter.
Each computer's MAC address can be obtained by typing IPCONFIG /ALL (include space after G) at the command prompt. To get the command prompt, type CMD in the START | RUN Box.

9. Activate Encryption. Use WPA-2 or WPA with a PSK (Pre-Shared Key.) If you encrypt with WPA-2, then you may need to install the supplicant available free from Microsoft at http://www.microsoft.com/downloads/...4D-E7C1-48D6-95EE-1459234F4483&displaylang=en (requires WGA validation.)
Use a random 63 character ASCII string as the encrption key, available at https://www.grc.com/passwords If the router rejects ASCII characters, then use a 63 character alpha-numeric string, which will include upper-case letters, lower-case letters and numbers.

10. Disable SSID Broadcasting

11. Disable Universal Plug & Play

12. With Linksys WRT54Gx series router, turn off "log" feature. If left on for extended time, the file will exceed the router’s memory and cause the WiFi portion to drop out every time it tries to write to the log.

13. In Windows, disable "ad-hoc" mode

14. Also in Windows, never select the “connect to available Wifi networks automatically” setup option under your Network Connections window.

15. Again, in Windows, prevent the Windows wireless client from advertising the wireless networks in its preferred networks list. Download and install: http://www.microsoft.com/downloads/...snrXE7MiRgzyAFWpP+O46HJKmogppTS1MfktW8y8oXg== (requires WGA validation.)

16. Test router at http://www.grc.com via "Shields Up! "

 

Windows XP Wireless Configuration Security Flaw non update

Interestingly enough the Windows XP wireless utlity security flaw that was widely reported last year in the press (Panic City) was dealt with in such a manner that it is still a major exploit.
The scenario is that as an XP computer boots up in XP it looks for previous connections in peer to peer form. It even advertises these ssids.
The scenario somehow that a person could log onto a hotspot in say an airport. The perp could not this ( say Boingo) or whatever.
The perp could set his wireless to a peer to peer connection with that ssid.
When the victim's computer boots up it would look for an connect ( perhaps) to the other computer.
Of course such things as a firewall etc would come into play.
Microsoft released a fix - however it is not an automatic update. You have to hunt around somewhat for this microsoft update.


Update for Windows XP (KB917021) can be found at:

http://www.microsoft.com/downloads/...2F-D52B-4F84-ACE8-F7FC20195769&displaylang=en


I agree this is of an extreme scenario.
Yet it is somewhat coincidental that Vista has the security hole fixed.

Overview
Install this update to enhance the Windows XP support for Wi-Fi Protected Access 2 (WPA2) options in Wireless Group Policy (WGP), and to help prevent the Windows wireless client from advertising the wireless networks in its preferred networks list. After you install this item, you may have to restart your computer.

This download is available to customers running genuine Microsoft Windows.


My idea of "high tech was to ring the doorbell and run away "

 

My Router Setup Checklist (updated)

Forgot to include a couple of URL's to above post. Also elaborated upon a few items.

1. Change the router password. Use a strong password.

2. Download and update firmware for your router Do this via ethernet wire. Do NOT do it wirelessly. Download and update firmware / windows drivers for your Network Interface Cards (NIC's)

3. Clone onto the router the ethernet NIC MAC address (not the Wireless NIC MAC address) of the computer that your ISP originally connected their modem to via ethernet cable.

4. Disable Ping from WAN

5. Disable "WAN Management" / "Remote Logon " / "Remote Administration" / "Remote Management "

6. Stealth Port 113 if necessary via NAT Port Forwarding

7. Change Default Channel to Channel 11 (least interference with cordless phones)

8. Whitelist (Allow only / Permit only) the appropriate WiFi MAC addresses via Wireless MAC Filter. Each computer's MAC address can be obtained by typing IPCONFIG /ALL (include space after G) at the command prompt. To get the command prompt, type CMD in the START | RUN Box.

9. Activate Encryption. Use WPA-2 or WPA with a PSK (Pre-Shared Key.), also called "Personal ". If you encrypt with WPA-2, then you'll probably need to install the supplicant available free from Microsoft at http://www.microsoft.com/downloads/d...displaylang=en (requires WGA validation.)
Use a random 63 character ASCII string as the encrption key, available at https://www.grc.com/passwords If the router rejects ASCII characters, then use a 63 character alpha-numeric string, which will include upper-case letters, lower-case letters and numbers.

10. Disable SSID Broadcasting

11. Disable Universal Plug & Play

12. With Linksys WRT54Gx series router, turn off "log" feature. If left on for extended time, the file will exceed the router’s memory and cause the WiFi portion to drop out every time it tries to write to the log.

13. In Windows, disable "ad-hoc" mode. http://mobileoffice.about.com/od/mobilesecurity/ss/disableadhoc1.htm

14. Also in Windows, never select the “connect to available Wifi networks automatically” setup option under your Network Connections window.

15. Again, in Windows, prevent the Windows wireless client from advertising the wireless networks in its preferred networks list. Download and install: http://www.microsoft.com/downloads/d...tW8y8oXg== (requires WGA validation.). Also a hotfix for EAP issues at http://support.microsoft.com/kb/923154

16. Test the router's firewall functionality at http://www.grc.com via "Shields Up! ". Do not confuse a passing grade for firewall functionality with a passing grade for wireless security. For that, you must go ask your neighbor's son

 

Drive by Phishing

I do not know if this item has been noted or discussed.

http://www.symantec.com/enterprise/.../2007/02/driveby_pharming_how_clicking_1.html

best to change the password of a wireless router even if encryption is on

 

The first link is broken.

The first link is broken again.

Why do you do this?

 

The server shortened the URL's that I submitted. I don't know why. I noticed it when I first posted, but the shortened version worked, and continues to work. I did not check the shortened URL's on the second post because it wasn't an issue previously. In fact, I copied/pasted from the first post to the second, and yet it works on the first and not on the second.

I'm including the URL's wrapped in quotes this time. Hope that helps you, sir.


WPA-2 Supplicant for WinXP:
"http://www.microsoft.com/downloads/details.aspx?familyid=662BB74D-E7C1-48D6-95EE-1459234F4483&displaylang=en "

Prevent the Windows wireless client from advertising the wireless networks in its preferred networks list:
"http://www.microsoft.com/downloads/details.aspx?familyid=2726F32F-D52B-4F84-ACE8-F7FC20195769&displaylang=en "

 

This is KB893357.

That's KB917021.

You do not need the KB893357 with the KB917021 installed.

If you are to install - you may skip the KB893357 and immediatelly proceed to KB917021.

 

Thanx for the info Mr Visionof. My wireless is now more secure