Sunday, May 17, 2015

How To Setup And Secure A New Consumer WIFI Router

So, you have a new wifi router and want to setup a safe and secure wireless network on your Cable/DSL modem broadband connection. Let's get started. We will focus on a typical generic home consumer router, like Netgear - taking you through a, much preferred, manual setup. As of this writing, I don't recommend using the auto setup method (popular on many new routers) that uses WPS (WIFI Protected Setup). The WPS method has been exploited many times and it is inherently insecure. Make sure that WPS is turned off - no matter what brand of router you use. Unfortunately, some routers in the Cisco - Linksys brand have a flaw that prevents disabling WPS. Cisco has fixed this issue on it's newer home routers, but it still exists in some of their older products.

First, I would suggest setting up your router before connecting it to your broadband Cable/DSL modem. You will need a computer (Mac or Windows) and a normal ethernet, cat 5 network cable - the one that comes with your router is fine. Fire up your computer and power up the new router. Your computer's local networking adapter should be set to DHCP and not configured with a static IP address - most are by default. Connect the Ethernet cable between the router and your computer. You may use any port on the router EXCEPT THE ONE MARKED WAN OR MODEM. Give them a few minutes to sync. Open a browser Internet Explorer, Google Chrome, Safari or Firefox on your computer. Type the following in the address bar as if you are going to a site on the Internet. This IP address is the default address for Netgear and many other routers. Keep in mind that each manufacture may have a different default IP address, so you may have to look on the Internet, or on the bottom plate of your router to find the correct address. After a few minutes you should see a box requesting a USERNAME and PASSWORD. If it does not popup - try again and make sure the IP address is correct. Generally, for Netgear, the default username is admin and the default password is password. Check you documentation to obtain the correct credentials for your specific brand. Enter these, click ok, and you should be logged in to the router setup page. If you see any message about updating firmware - cancel it, we will do that later.

The router configuration contains a plethora of settings that allow you to optimize your network. Fortunately, the average user only needs to adjust a few of these. Now look for Tabs with headings like INTERNET, BASIC, WIRELESS SETTINGS, ETC. The BASIC or INTERNET (WAN) settings should be fine for connecting to a cable modem - you many need to enter a username and password if you are using a DSL connection. Click on WIRELESS SETTINGS. Here we will name your Wifi network (SSID) and pick a security protocol. Remove the Netgear or Default name and add whatever name you want. Keep in mind that this name will be broadcast and other wifi users in you local geographic area will see it, as well. Next you need to pick your wifi security type and enter a passphrase or password. If all of your computers and devices are fairly new and can use (WPA2 - PSK) - choose it. Some older hardware may not be able to use WPA2, if that is the case use WPA- PSK + WPA2 - PSK. The password that you choose is very important. Make it 10 - 14 characters. Random numbers, letters, symbols, upper and lowercase. If your router is dual band you will need to complete this info for both bands (2.4Ghz and 5GhZ). Just give the two bands different names like Home and Home-5G and use the same password for both. Leave all of the other parameters - as is. Be sure to click APPLY at the bottom of the page to save you changes. Next choose ADVANCED SETTINGS & Advanced Wireless Settings. We will now disable WPS - it is not secure. At the bottom check all thee boxes to disable WPS and keep present settings. Click on APPLY to save. Keep in mind, this step varies slightly on different models. Just find WPS and disable it. Remember, on some Linksys routers disabling WPS in the settings does not work. Check with Cisco-Linksys for more information. There are two additional settings that you should adjust. Find the Remote Access Toggle - probably under Advanced and disable it. In addition, look for UPnP (Universal Plug and Play) and disable this, as well - unless you know that you need it. UPnP has always posed security challenges, but recent findings have revealed that it creates major vulnerabilities in some home routers. We have more info about UPnP in another Tech Tip here. You can now save and LOGOUT of the router setup. We are done.

Disconnect the router and get ready to connect it to your cable modem. Turn off the power on the cable modem. Connect your network cable to the cable modem, and to the Port marked WAN, MODEM OR INTERNET on the router. This is usually yellow or blue to differentiate it from the other ports. Power up the cable modem first and wait 3-4 minutes. Power up the router and wait another 4-5 minutes. Go to your computer or tablet and connect to your wifi network - dual band routers will broadcast both networks. Connect using your chosen password. See if you can get on the Internet. If you can only connect to the router Wifi, but not the Internet - if means that the Cable Modem has not synced with the new router. Just power down the cable modem, wait a minute and start it back up. Sometimes it takes a few attempts for the two to properly "talk".

Once your new router is up and running and you are connecting to the Internet you should make sure that your router has the latest firmware. The manufacture will frequently update the firmware to add features and fix bugs. There are two ways to do this. Go to your browser and login to the router - just like you did the first time. When you first load the setup page, a box will generally popup saying that it will check for new firmware. Let it check and download the updated software if necessary. Second, you can always do a manual check by going to Maintenance or Status Page and find Router Upgrade. It is important to let the router download and install the update without any interruption. A power failure during this process could cause your device to fail. The router will generally reboot after the upgrade and you will need to login again. You can then check the Router Status page and make sure you have the latest firmware. While you are still in the setup screen you should change the password that is used to gain access to the router. In other words you can replace "password" with a password of your choosing. This is not absolutely necessary unless you are concerned about someone getting into your router while they are physically on your local network. It is, however, good practice. Keep in mind that if you do change it, you must remember it, or you will be unable to gain access to your routers setup, in the future. If this happens, you will need to reset the device to factory default and re-enter all of your custom settings.

Your router will contain many additional settings that can be tweaked for advanced network applications. Most users just need the basics we outlined above, to be safe and secure. That's it. You can now logout of your router setup.

One final note. Home routers have become commodities and manufactures tend to provide little support. This limited support will come in the form of Firmware updates - for a year or two. You should check for these Updates periodically. They will often include patches for security vulnerabilities that have been discovered. Whenever an exploit is revealed in a particular model of router, the "bad guys" will immediately start taking advantage of situation. Most often, this results in compromising your local network and computers.

So, set your router up correctly, secure it with frequent Firmware Updates and after a few years, consider trashing the old router and grabbing a new one.