You can certainly enable security measures after the fact.

If you need us to help you with that, you need to tell us what operating system(s) you're using, and the exact makes/models of your networking hardware.

Right now, I am using windows xp. I have a wireless G broadband router and 2 laptops running with wireless G card.

As I asked:

The configuration software utilities vary between manufacturers, and even between models; if you want specific help, you'll have to give us specific info.

I still have the boxes for my hardware, but here is all I could find that looked like it might help(the model numbers)

Linksys Wireless G Broadband router - wrt54G

Linksys Wireless G Notebook adapter - WPC54G


Note: Could you tell me exactly what your wanting me to tell you?

You just did.

I just wanted to know the exact make/model numbers of your router and wifi network card(s) so that I could give instructions that were specific to those particular devices. Also, knowing the exact version of Windows that you use would be helpful.

I can't give you a full answer on this until tomorrow because I have other work that I need to finish tonight, but in the mean time could you tell us exactly what your needs are security-wise? There are many things you can do to "lock down" a wireless network, but you may not need to put all of those protections in place if you're only running wireless on a home network. Also- some of the security settings can get rather complex, and aside from the added layers of complexity, implementing them in situations where they aren't absolutely necessary can have a negative effect on your overall network performance.

Give us an idea of what your concerns are security-wise, and I'll give you specific instructions on how to put those in place for the hardware that you have.

Don't worry about when you reply, I'm in no hurry and I have school everyday.

I run windows xp pro on the desktop connected to the router.
The two laptops run xp home addtion.

As for security, all of my neighbors have cable. I just wouldn't want any interference(spelling!) between us. Also, I just don't feel like it's "correct" to have a wirless network without security. I really don't know how strict I should go or what.

Hello,

You want to go strict, because if you have a traditional firewall setup, that firewall is protecting you from attacks on the internet, but not inspecting anything coming through the wireless, because it is *assumed to be trusted*.

DMR is very good at what he does, and he will walk you through steps of forcing encryption on your network, and maybe even turning your transmitter power down some so that you ownly have the range that you need, instead of being able to talk to a few houses down the road (I run mine at 50 percent power). Encrypting means that your neighbors cannot see/utilize/abuse your connection.

He might even show you MAC address exclusions, but I would think that is excessive for what you want to do.

Enjoy!

Christian

lol. Actually, being a paranoid bugger, I am going to throw MAC filtering in there!

Most of the configuration is done in the router's setup utility, so open your web browser and point it to http://192.168.1.1, which is the default IP for that model of router.

Speaking of "defaults", it is never a good idea to leave settings such as the IP address, device name, aministrative password, SSID, etc. of a wireless router or other wireless access device at their defaults. The default settings for different manufacturer's devices are well known, and getting just one of those pieces of information can give an attacker a lot to go on.

For instance: if I wander around downtown San Francisco with my laptop, I can usually pick up at least 7 wireless networks in any given place. Most of the time, 3 or so of those networks will be broadcasting the default SSID "Linksys". Just from seeing that, I can be 99% sure that at least one of those networks:

- Is not using WEP encryption.
- Is using the Linksys default IP of 192.168.1.1 for the router.
- Is using the Linksys default password "admin" for the router.
- Is not using MAC address filtering.
- Is using the router as the DHCP server for the network.
- May likely have remote administration enabled on the router.

Bingo! Set my wireless for DHCP, connect to that network, and at the very least I now have free Internet access. If I felt like being nasty, I could log into their router's setup page and reconfigure it to deny access to anyone but me.

So:

1. In the router's Basic Setup page:

- change the router name to something unique and/or obscure.
- change the router's internal (LAN-side) IP to something non-standard, keeping in mind that the IP address you choose still need to be within one of the ranges of private, non-routeable address ranges (the 192.168. or 10. ranges for example). If you understand the consequesnces, you can also change the subnet mask.
- Disable the router's DHCP server; manually assign the IP info on each computer on your network instead. If you want or need to use DHCP, you can limit the DHCP scope (the "Maximum number of DHCP users" setting) to a number equal to the number of computers on your LAN. That way someone else can't just join your network and automatically get handed an IP.

2. In the "Wireless" setup tab:

- Change the default SSID to something meaningful to you, but something that does not give anyone else any hints about your network. For example, using your name or your residence's street address as the SSID is not what you'd call a bright idea.
- Disable SSID broadcasting so that your SSID is not visible to the outside world.

3. The Wireless Mac Filter page under the Wireless tab:

Every network device has a unique (12 hexidecimal digit) identifier called the Media Access Control address. In the filter page, you can permit or deny computers permission to connect to your wireless network based on their individual MAC addresses. If you know that your two laptops should be the only computers connecting to your network, you would choose the "Permit only" filter option and then enter the MAC address of each laptop in the filter list. In Windows 2000 and XP, you can find the MAC address of a computer's network card by opening a DOS box and typing the following command at the prompt: ifconfig /all. For Win 9x/ME, the command is: winipcfg. The MAC address will be listed on the "Physical Address" line in the resulting output of the ifconfig command.

Yikes! Gotta go- I'm late for an appointment with a client. I'll post the rest as soon as I can.

I gotta get ready to go to school right now. I'll look at it this afternoon and get back to you. But thank you for posting all of that to help me!