Techno Gorillas

The purpose of this tutorial is to help home users as well as small businesses configure a home router. On the tutorial we will cover best practices to administer your network, to ensure that it is well protected and secure from the outside world

You probably purchased a router because, you as most of the people these days have more than one computer at home or at your small business (office) and your modem alone is no longer a solution to connect all these machines to the Internet. Or perhaps you just want to be able to move freely at your home or office without having all those cables hanging around when you want to connect to the internet and/or your network, and so decide to go wireless.

So what do we do first after we connect the router, follow the basic instructions on the manual or the wizard on the CD. We need to learn how to access our new configured router.

Accessing the router

Now that you have done the initial configuration of your router you are ready to start managing it. Usually home routers are managed through a Web browser where you have access to all the different options for it. To access the router you open your favorite web browser and on the address bar enter the IP address of your new router. If you have the manual that came with your router, this information should be there under "how to access your router". If you don't have this information you can do a search on the web. Check my post on finding default username and passwords.

Once you enter the IP address on the address bar of your browser and press enter. You will get popup windows prompting you for a user name and a password. This information will depend on the router you have, as each manufacturer has its own default user name and password. Again check your router documentation for this information or search on the web for the default router password (you can find this information very easily on the web). Once this is done, you will be brought to the main configuration page of your router where you can manage all the functions of your router. Before we do anything else lets change that default administrator password.

Changing the Router Password

The reason you want to do this, is that you want to prevent people getting access to your router, you may think that the only people that can access your router are the people that are connecting physically to your router (by connecting a network cable directly to the router). But in most cases routers have configuration options that permit you (and other people) to access and manage the router remotely. I can give you an example, suppose someone that lives or is next to your house connects to your wireless router using their laptop. Because you did not change the administrator password they do a quick search on the internet and obtain the default password of your router and manage to get into your router configuration. Next thing you know they has full access to your router, to change security setting ,access to the internet (from you) and worst to your entire computer network. Now does it make sense to change the password? I think it does.

Remember you need to make sure you make your password hard for people to guess, I know you don't like the idea of having to make a complicated password but this is for security. Don't use words that can be found in the dictionary or names or birthdays of people close to you (including your birthday). The most secure password is a combination of letter (upper case and lower case), numbers and symbols. Example: "NeW0rLe@n5"(like New Orleans).

Since this tutorial give you general guidelines it would be hard for me to tell you exactly where the settings are for your specific router. However I can tell you where you can find the information (with detailed explanation and screenshots) for a couple of the most common home router manufacturers.

Linksys Knowledge Base (do a search for "changing administrator password" , answer ID 3976 and 3977) www.linksys.com/kb

D-link support page (do a search for "changing Administrative password on my XXX router", were XXX is the model of your router) http://support.dlink.com/faq/

Next, lets configure the access to the internet from the router (this if you didn’t already do it with a configuration wizard)

Internet Setup

If your router came with a CD that has a configuration Wizard you probably had a section that guided you on how to configure you access to the internet and so now you are probably surfing the web. But for those that did not configure your access to the internet it is now the time.
If you internet is configured with xDSL (your modem is connected to a phone line) you need to enter under your Internet Setup PPPoE as the type of connection. Once you select PPPoE you will notice how the setting change and you have some fields that ask for a username and password. This information was provided to you by your Internet Service Provider (ISP) when you registered with them. Once this is done, you can ignore the other options (for basic configuration at least) and save your changes

If you internet is configured with Cable modem (your modem is connected to your cable line) you just need to select Automatic Configuration DHCP from the drop down and you save your changes. Nothing is required as DHCP will take care of the rest.

Now test your connection to the internet, and if everything is working you are ready to move on to configure your wireless signal on the router.

Wireless Security

One of the reasons you probably bought that router was so you could be able to connect to the internet (and your network) with a wireless connection. At this point if you can probably just connect your PC to the wireless network and enjoy it. However all the data that travels from your Laptop to your Router on the air can be intercepted by anyone with the correct tools. And this could end up on them obtaining confidential information from you.

Let me give you an example, supposed a hacker is next to your house with a laptop and the proper tools to sniff all the data packets that are going from your computer to your router. Think about him looking at those data packets like they were an open book, we everything is as easy as just reading the text. I don’t know you but I don’t like the idea of someone being able to violate my privacy. Now imagine the same scenario only that when the hacker opens the book, he is not able to make any sense out of the text. As now the text is just a bunch of letters added together and that doesn’t even look like a language. This is what we call encrypting the data.

Encrypting the data is exactly what we want to do, so no one can look at it while it travels in the air. Two of the most common encryption techniques are WEP and WPA. You probably heard a lot about WEP and for some reason it is still very widely used. Unless you a very good reason to use WEP (some hardware devices still don’t work very well with WPA) I strongly encourage you stay away from WEP and instead use WPA. The reason is that the algorithm for WEP is very week, and a hacker with some good tools (and a good computer) can probably hack it in a couple of hours.

So to configure your wireless setting you will need to look inside your router configuration for a “wireless” or “WLAN” section. Here you will be able to configure your wireless with WPA. Once you select your encryption you will need to enter a passphrase (stick with the rule of using complex passwords). Once you are done you can save your settings and test your connection. Notice that when you try to connect to the wireless router from your PC you will be asked for a passphrase. Now you will not only be able to connect to the internet wirelessly but also you data will be encrypted when travelling (in the air).

Now what if we could make it even more secure, so not would you need to know the secret password (passphrase) but also if you needed to be on a access list. That would make it impossible for someone who by change got secret password to enter if he was not on the list. That is why most of the router (if not all) have a MAC filter table. This table keeps a list of either computer that can access the network or that cannot access the network (you can only have one of the lists active). I prefer managing only granting access to the computers that I trust, so that way the rest won’t have access. Now the next question you may have is what is a MAC address? Well it’s a unique identifier for each hardware network cards on each computer. And this identifier permit computer to communiqué with each other (think about the unique address of your house).

You can obtain this information from your computer. However I cannot show you on this tutorial how exactly you will obtain it as each operating system (Windows, Linux, MacOS) and hardware’s (consoles, cell phones, pda’s) has its own way. You are going to have to search on the web for “how to find the MAC address on XXXX” where XXXX is the operating system or your hardware.

Once you have the MAC address of your device you can enter it on your MAC filter table and save it (don’t forget to always save your configuration when you are done. At this point you have a pretty secure network, one more thing some other articles may advice to disable the broadcasting of your SSID.

What exactly is this SSID thingy? Well think about a unique name (identifier) for your wireless router used when you (or others) scan for wireless access points. When you try to connect your laptop (or desktop) to your wireless router you scan for signals and your wireless software give you a list of all access points (AP) that are next to you. This list has information about the name (SSID), the straight of the signal, and the encryption on it.

If you look at your router setting you will have an option that says Broadcast SSID, if you disable it, people will not be able to find your router when they search for Access Points as it is no longer broadcasting it. In general they recommend that you do this to make it harder for people to access your network. However the problem is that each person at your home or office will need to manually configure the connection to the wireless router and it is not worth all the work.

What’s next

At this point you have a secure network, but you can do way more things with your router, like setting up VPN, Dynamic DNS (DDNS), Port forwarding and lots more things. But this is up to you to see if it is something you need or want set up. We will show you some of these more advanced configurations on later tutorial. But for now enjoy your new configured router.