Sunday, July 6, 2008

Wireless Router Setup – Updated July 23, 2010

Update July 23, 2010:

Definitely do what the last three (numbered) paragraphs of this article recommend AND keep your router firmware up-to-date!
See this new post from today!

It is my general policy NOT to retain any personal information about my customers, their setup, technical parameters, passwords and the like unless they explicitly ask me to do that. Mostly I document what I do by storing a text file "Router Setup.txt" (or similar) in the My Documents folder, but regrettably only "mostly". I always give a printout of this file to the customer; sadly most forget about it as soon as I am out of the house.

If I have set up your wireless router before July 1st 2008 I probably did NOT change your router password. The router documentation will tell you the default router password.

If I set up your wireless router after June 30th 2008 I most likely did change your default router password. I definitely ought to have documented that together with all the other parameters in a file “Router Setup.txt” (or similar) in your My Documents folder.

I almost always set up an identifying name (SSID) for a wireless network. Generally I will NOT have the router broadcast this ID.

I always set up wireless security; that is encryption for the radio traffic between the router and any device you might want to connect wirelessly.

Before July 1st 2008 I mostly set up WEP 64-bit (that is the encryption method) with key #1 as ****. The key is in all lowercase and in Windows not visible when typed. The real key naturally is not **** but I will not divulge it here.

In the meantime I have learned that WEP can be broken given enough know how and criminal energy. If you have neighbors in less than 500’ distance then this setup should be changed to WPA-PSK; WPA is much harder to break. For details see your router manual.

After June 30th 2008 mostly I set up WPA-PSK as the encryption method and the customer needs to have the printout with the pass phrase and/or the key.

I still can tolerate WEP as sufficient if you live in a (semi-) rural area and your neighbors are more than 500’ away. The casual thief who wants to (ab-)use your wireless connection looks for unsecured networks. If he sees on his WiFi finder that your network is secured he most likely will drive on to the next wireless network. But WPA2 is much better!

The network ID (SSID), the encryption method and the pass phrase/key are all anybody else needs to connect to the Internet through your wireless router.


Researchers at Indiana University have published a paper outlining the possibility of hacker attacks on routers. As far as I know up to June 2008 such attacks have not yet been reported. They are a possibility though if network ID (SSID) and password of a router are left at default values. These values are widely known!

If you have set up your wireless router yourself I strongly advocate the following measures:

  1. Use an individual network ID (SSID). Do not use your last name!
     
  2. Set an individual router password. Make it difficult, NOT a word from the dictionary, mix upper and lowercase letters and use numbers. Write it down, but PRECISELY please (UPper/lower case matters!) and know where you save that note!
     
  3. Use WPA2 encryption with a strong, long pass phrase.
    More details about WPA-PSK and strong and weak pass phrases can be found in this Wikipedia article.
As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.

No comments: