You can certainly enable security measures after the fact.

If you need us to help you with that, you need to tell us what operating system(s) you're using, and the exact makes/models of your networking hardware.

As I asked:

... and the exact makes/models of your networking hardware The configuration software utilities vary between manufacturers, and even between models; if you want specific help, you'll have to give us specific info.

Note: Could you tell me exactly what your wanting me to tell you?

You just did. ;)

I just wanted to know the exact make/model numbers of your router and wifi network card(s) so that I could give instructions that were specific to those particular devices. Also, knowing the exact version of Windows that you use would be helpful.

I can't give you a full answer on this until tomorrow because I have other work that I need to finish tonight, but in the mean time could you tell us exactly what your needs are security-wise? There are many things you can do to "lock down" a wireless network, but you may not need to put all of those protections in place if you're only running wireless on a home network. Also- some of the security settings can get rather complex, and aside from the added layers of complexity, implementing them in situations where they aren't absolutely necessary can have a negative effect on your overall network performance.

Give us an idea of what your concerns are security-wise, and I'll give you specific instructions on how to put those in place for the hardware that you have.

Hello,

You want to go strict, because if you have a traditional firewall setup, that firewall is protecting you from attacks on the internet, but not inspecting anything coming through the wireless, because it is *assumed to be trusted*.

DMR is very good at what he does, and he will walk you through steps of forcing encryption on your network, and maybe even turning your transmitter power down some so that you ownly have the range that you need, instead of being able to talk to a few houses down the road (I run mine at 50 percent power). Encrypting means that your neighbors cannot see/utilize/abuse your connection.

He might even show you MAC address exclusions, but I would think that is excessive for what you want to do.

Enjoy!

Christian

He might even show you MAC address exclusions, but I would think that is excessive for what you want to do.

lol. Actually, being a paranoid bugger, Iam going to throw MAC filtering in there!

Most of the configuration is done in the router's setup utility, so open your web browser and point it to http://192.168.1.1 , which is the default IP for that model of router.

Speaking of "defaults", it is never a good idea to leave settings such as the IP address, device name, aministrative password, SSID, etc. of a wireless router or other wireless access device at their defaults. The default settings for different manufacturer's devices are well known, and getting just one of those pieces of information can give an attacker a lot to go on.

For instance: if I wander around downtown San Francisco with my laptop, I can usually pick up at least 7 wireless networks in any given place. Most of the time, 3 or so of those networks will be broadcasting the default SSID "Linksys". Just from seeing that, I can be 99% sure that at least one of those networks:

- Is not using WEP encryption.
- Is using the Linksys default IP of 192.168.1.1 for the router.
- Is using the Linksys default password "admin" for the router.
- Is not using MAC address filtering.
- Is using the router as the DHCP server for the network.
- May likely have remote administration enabled on the router.

Bingo! Set my wireless for DHCP, connect to that network, and at the very least I now have free Internet access. If I felt like being nasty, I could log into their router's setup page and reconfigure it to deny access to anyone but me.

So:

1. In the router's Basic Setup page:

- change the router name to something unique and/or obscure.
- change the router's internal (LAN-side) IP to something non-standard, keeping in mind that the IP address you choose still need to be within one of the ranges of private, non-routeable address ranges (the 192.168. or 10. ranges for example). If you understand the consequesnces, you can also change the subnet mask.
- Disable the router's DHCP server; manually assign the IP info on each computer on your network instead. If you want or need to use DHCP, you can limit the DHCP scope (the "Maximum number of DHCP users" setting) to a number equal to the number of computers on your LAN. That way someone else can't just join your network and automatically get handed an IP.

2. In the "Wireless" setup tab:

- Change the default SSID to something meaningful to you, but something that does not give anyone else any hints about your network. For example, using your name or your residence's street address as the SSID is not what you'd call a bright idea.
- Disable SSID broadcasting so that your SSID is not visible to the outside world.

3. The Wireless Mac Filter page under the Wireless tab:

Every network device has a unique (12 hexidecimal digit) identifier called the Media Access Control address. In the filter page, you can permit or deny computers permission to connect to your wireless network based on their individual MAC addresses. If you know that your two laptops should be the only computers connecting to your network, you would choose the "Permit only" filter option and then enter the MAC address of each laptop in the filter list. In Windows 2000 and XP, you can find the MAC address of a computer's network card by opening a DOS box and typing the following command at the prompt: ifconfig /all. For Win 9x/ME, the command is: winipcfg. The MAC address will be listed on the "Physical Address" line in the resulting output of the ifconfig command.

Yikes! Gotta go- I'm late for an appointment with a client. I'll post the rest as soon as I can.

Changing the default IP of the router can make it impossible for your computer to access the router's configuration page after the changes unless you then reconfigure the IP settings on the computer from which you are connecting to the router accordingly. If done incorrectly, your router and your computer will essentially be on separate (logical) networks and will be unable to communicate.

Changing the default IP/etc. info on the router may be a bit of overkill at the moment, and since it will cause problems if not done correctly, let's put that aside for now and get your basic communication with the router restored:

- BTW: Is your Internet connection via cable, or DSL? If DSL, who is your ISP?

- If your reset of the router worked, you should be able to plug the router back in to the equation and access it at its default 192.168.1.1 IP address.

a) Power down the modem.

b) Reconnect the router to the modem and apply power to it. Let it stabilize (get through its power-up tests).

c) Turn on the modem and let it stabilize as well.

d) The computer that you want to use to access the router's configuration page should be connected to the router by an Ethernet cable, not via a wireless connection. Before connecting the cable between that computer and the router, set the TCP/IP settings in the Properties of the (wired) Local Area Connection network adapter to obtain IP address and DNS server info automatically. then connect the Ethernet cable fron the computer to the router, and turn the computer on.

e) Once the computer is up and running, can you now at least get to router's setup page through your browser as I described in my last post? If not, please do the following and post the results:

- Under your Start button, go to Programs->Accessories and click on Command Prompt.

- In the resulting DOS box/window, type "ipconfig /all" (omit the quotes, and note the "space" character before the "/")

OK- since you can now get back to the router's config pages, what info does the router's Status page give you for Login Type, Login Status, IP Address, Subnet mask, etc.?

That's OK- the past couple of days have been crazed for me as well, which is why I haven't followed up with the rest of the info. Hopefully the weekend will allow me the spare time to do so...

Glad you got it figured out. :) I usually do a reboot after changing DHCP-related settings just to make sure that the changes fully take effect. Rebooting shouldn't be necessary, but I've found that sometimes the changes just don't ripple down the way they should if you don't.

I'm glad you're not in a hurry here- I've been too busy to post the rest of the info (WEP encryption, etc.), but I should be able to do so before Monday.

Thanks for your patience!

Are you guys going to get back to this thread? I just discovered it, have the same setup and was really getting into reading the posts and it just stops in the middle. Did server crash´s net get its security?