To get started and before we get into router security, let’s start by explaining what a wireless ADSL router or wireless ADSL router is.
This equipment is the one that allows the data packets coming from or destined to the network to be correctly routed from and to the connected computers, either by cable or wirelessly.
This is a team that usually performs several functions.
- ADSL modem: modulates the signals sent from the local network so that they can be transmitted through the ADSL line to the network (internet) and demodulates the signals received from this, so that the local network equipment can interpret them.
- Gateway: This is the Internet output of the local network.
- Router: directs packets from the Internet to the target computer on the local network and vice versa. The identification of origin and destination is done according to the corresponding IP addresses.
- Wireless access point and switch: allows wireless communication with local network equipment, acting as an access point, also incorporating, usually, a switch with 2 or 4 network ports.
Default router configuration
Internet Service Providers (ISPs) install routers with a default configuration in which the parameters that guarantee connectivity and service are set, but with a very limited number of pre-configured security options.
Usually the security configuration is based on a wireless access key only, which uses a WEP encryption system.
Unfortunately, this encryption system is easy to decrypt and there are numerous tools available on the network. In addition, the administration username and password that the computers have by default is also basic and predictable.
What do we need to have to start the configuration?
Before we begin, we must make sure we have the necessary elements to get the job done:
- User’s Manual of the router that we are going to configure, either in printed or electronic version. It is necessary to make sure that it corresponds exactly with the brand and model of the equipment. In most cases, the ISP delivers with the router a summarized printed version of the manual, however, it is also available for download at the manufacturer’s and/or ISP’s site.
- Network cable: Normally the ISP delivers a cable together with the equipment, but any normal network cable can help us.
- A computer, preferably a laptop, because it has both a wireless and wired network.
Configuring our router
Once we get to the point, we’ll start by saying that wireless ADSL routers are configured through a web administration interface contained in the firmware of the equipment.
To access this interface, only a computer connected to the router and a web browser are required.
Although the connection from the computer to the router can be made either wirelessly or by cable, for convenience we recommend that it be done in a wired manner.
On the other hand, it is necessary that the network connection preferences of the web browser be configured “Without proxy” during the whole process.
Connecting the computer to the router via LAN
We’ll start by connecting the network cable on our computer and then connect the other end to one of the router’s network ports.
They should not disconnect the WAN cable, usually the connector is identified in yellow. Any of the remaining network ports can be used.
Once the network cable is connected, we will check that the network connection is working correctly.
To do this we must disable the wireless network on our computer and proceed to open any page in our browser. If the page opens normally, the LAN connection is correctly established, so we can start working.
Accessing the administration interface
The first step will be to look in the user manual for the address that we must type in the browser to access the administration interface of the router, as well as the user name and password to use.
Generally it is 192.168.1.1 or 192.168.1.254, as well as the username and password access is usually “admin” in both cases (without quotes), anyway, attention to what the user manual of your computer says.
If the data we provide are correct, then we are already inside the web interface of our router administration.
It differs between the different brands and models of equipment on the market, but they usually maintain certain similarities in the way the data are presented and the names of the menu options.
If from now on, the option to use that we mentioned does not appear exactly like this in your computer, you should look for one with similar name or of equal meaning.
Don’t worry too much, most of the time, each menu screen that is shown to you is accompanied by a visual aid to help you in the process.
Save a backup copy of your router configuration
In most routers, we have the option to make backup copies of the configuration and also restore to the computer the previously saved configurations.
When you click on the option save copy of the current configuration (which is one of the names under which it can appear), we will be shown a window with a file browser to select the folder where we are going to save.
The router or computer must not be disconnected or manipulated during the copying process. This process is quite fast, but sometimes, depending on the type of connection used, it may take a little longer.
Frequently in this same configuration screen we find the option to restore the equipment to a previously saved configuration.
In case that during the modification of the parameters of security this one stops connecting correctly to Internet or blocks us completely the access to it, we will have to make use of this option to return to the equipment to the original state in which it was.
Change administration password and improve security
Changing the management password of our team is the first and most important step to take to increase the security of our network.
There is usually an option in the menu related to credential management, such as “set password“. In order to make the change, first supply the current password and then enter the new password twice.
This is a good time to write down in a safe place the new administration password established, which will be the one we will need from now on to access the configuration interface. Please note that this password is NOT used as the wireless network access key.
Once these changes have been made, click on the corresponding button to make them permanent.
This option can appear as “Apply”, “Save” or “Save”. When you do this, a progress bar may be displayed. During this process and until the bar reaches the end, we must refrain from manipulating the router or the computer.
At the end, our browser will automatically show us again the window to enter the credentials.
The username has not been changed, so it will be the same one that appears in the user manual and that we used before, while the password is the new one that we have just established.
Change the SSID name of the network
The SSID is the acronym for service set identifier and refers to the name that identifies our wireless network.
Sometimes ISPs assign SSIDs to routers related to their own name, for example, in Spain, the routers installed by the company ONO have as SSID a name starting with “ONO” followed by other 4 alphanumeric characters.
To change the SSID or name of the wireless network must access some option of the main menu that indicates wireless network data, for example in my Netgear router would be: “wireless settings“.
Once you click on this option in the menu will be displayed data or network information that can change, specifically the SSID or name that identifies the wireless network.
All we have to do is type in the new name we’ve selected, being careful not to use strange characters that make it very difficult to write on mobile devices with touchscreen keyboards.
Change the encryption system and password
The same screen should also display the options of encryption systems to be used. Usually, WEP is the default system on most routers, but as we discussed earlier, it is the most fragile system of all.
One option is to change it to the more complex one, which turns out to be WPA-PSK [TKIP] + WPA2-PSK [AES]. To do this, just click on that option and then the screen should show us the possibility of entering a password.
This access key will be the one that we will use to authenticate any computer in the wireless network.
It should be noted that some very old devices are not able to handle the WPA-PSK [TKIP] + WPA2-PSK [AES] encryption system.
If you have computers with this limitation, you will have to decide between not connecting them to the network or using a less secure encryption system.
Once you have made these changes, click on the corresponding button again to make them permanent, this option can appear as “Apply”, “Save” or “Save”.
Setting up the wireless card access list
The configuration of the wireless card access list is also known as MAC address anchorage.
The configuration of this parameter creates a list of the MAC addresses of the computers authorized to connect to our network, so that any other computer that tries, even if it discovers our correct password, will be rejected by the router.
We can find this option in some tab or window whose title is “Advanced Wireless Configuration” or “Wireless Security”, may vary a little but generally manufacturers put similar names.
The system will ask us for the MAC addresses of the devices that we authorize to connect to the network, we must introduce them one by one.
To know your MAC address in Windows you must open the start menu and write run, you will open a small window in which you must type cmd and press Enter, there you will open a window with black background called terminal or console, in it you write the following: ipconfig
It is convenient to clarify that when this option is activated, each time we need to connect a new computer to the network, we must access the administration interface and add the MAC address of it.
Disable SSID broadcast
The SSID emission is the function that keeps the router constantly radiating the SSID name of the equipment.
In other words, anyone with a tablet, laptop or cell phone will detect that there is a wireless network nearby, ours. It is advisable to hide our network by deactivating the SSID emission.
They can hide (or show later if they wish) their network by means of an option that they will distinguish clearly, generally located in the section of “Wireless Security” (or similar), they can see by means of the previous image how it would be in a Netgear. Simply download the “Enable SSID broadcast” or “SSID broadcast” option.
Disabling the SSID broadcast has a disadvantage; when you need to connect, your computers must have pre-configured access to your network and in case you need to connect a new computer, then you will have to type the SSID name of the hidden network to connect to it. In any case, it’s a detail to keep in mind.
With this we have concluded the configuration of the security parameters of our wireless ADSL router, now we only have to prove again that it works properly and that our equipment connect and navigate the network without any problem.
Once the tests have been carried out and everything is working smoothly, we would still have to save the new configuration.