I just moved into my first apartment, and bought my first Wi-Fi router. It's a standard Linksys "blue box," and seems to work fine, but I'm wondering—are there any settings I should be looking to change?
Curious about Configuration
Photo by webhamster.
Good question! For most broadband home users, a Wi-Fi net connection "works" once you plug in the cable and power on the Linksys box, but there's more to having a secure, convenient, and easy-to-use network than just connecting.
Gina walked through setting up a home wireless network in 2006, using a Linksys WRT54G router as the hardware. Her instructions on the physical setup, and reaching the router's configuration page, still stand, but her security steps can use some updating—especially since she herself proved later on how easy you can crack a WEP-encrypted Wi-Fi password.
If you wanted to get really geeky, and unlock a lot of great features, you could power up your router (depending on your model) by installing DD-WRT or the more user-friendly Tomato on your router. But assuming you're just looking to get started with a Wi-Fi network and not start hacking firmware right away, we'll start with the basics.
Head to your router's administration page, then, by connecting to your router (usually
linksys), opening a browser to it (usually
192.168.1.1), and entering the default username and password (written in the manual, but usually some combination of "admin," "default," and blanks).
I'm recommending at least four changes and look-intos for the typical router:
Change the SSID and Administrator Password
If you set up your router with an installation CD, there's a chance you've already tackled these steps. If not, head to the "Admin" or "Administration" tab in your settings, and in the main "Management" tab, change that password from whatever its default is.
Why bother? If you're going to leave your network "open"—or not requiring a password to connect—it's crucial to have your router administration password in place, as anybody who's half-familiar can point to
192.168.1.1, use a site like RouterPasswords.com, and then do ... well, all kinds of hincky stuff. Even if you're going to password-protect your system, it's still a smart idea to prevent anyone from messing with your settings.
Want to lock down administrative access even further? Turn off "Wireless Web Access" from this password page. Maybe it's too much of an annoyance to require that router configuration changes require a physical cable connection, but it's also a good way to ensure only those inside your house can mess with your network.
Before you go too much further, too, head to the Wireless tab, and change the "SSID Broadcast Name" in your "Wireless Settings" sub-section. If you keep your router named "linksys," you not only might encounter problems with neighbors who have simply plugged in their new routers, but you'll also train your computers and devices to always connect and accept connections to networks named "linksys"—not always a smart move when you're outside your home.
Change Your Security Settings
Even if you've already set up a password for your network, head to this page. It's under the "Wireless Security" section of the Wireless tab—and not under "Security," a design decision I've never quite fathomed.
If you haven't set up a password, do so now. As with any net-related password, don't make it weak. Use non-dictionary words, add numbers and special characters, and make it as long as you can remember. And change the security mode to WPA2 Personal. WEP is easily cracked, as noted above, and the first WPA has proven fairly easy for hacker-types to get into. WPA2 Personal isn't perfect, but it's the home networking security standard at the moment, and most devices made in the past few years can connect through it.
Open and Forward Any Needed Ports
If you're a BitTorrent user, good software like uTorrent should be able to automatically find an open port and connect through it. If it doesn't work, or if you need to pull off more advanced home network tricks, like screen control from outside your home, encrypting outside browsing through a home SSH proxy or giving tech support with a VNC connection, you'll want to open up the "Port Range Forward" section under the "Applications & Gaming" section.
The layout is a bit confusing, but it's actually a simple setup. Name your port whatever you'd like for reference in the "Application" field, add the port "range" in the two "Start" and "end" fields (usually they're the same number, for a single-number "range"), then choose the IP address of the computer you'd like incoming requests routed to, and click "Enable." In other words, if you want incoming SSH requests sent to your main desktop, add an "SSH" entry, assign it a port (22 is standard, though you can change it for more security from scanning attacks), and direct it to your home desktop's IP address.
But, wait, how do you know which IP address your home computer is on, and how do you reach it from, say, Panera? Good question! We'll tackle that in this next section.
Set Up Dynamic DNS
In the Setup tab, there's a "DDNS" section that allows you to hook up your router to a Dynamic DNS service, like our personal favorite, DynDNS. Gina previously covered the setup of your router to DynDNS in her guide to assigning a doman name to your home web server. Follow her steps, and when you want to remotely access your home computers, you can point your software to something like
samsmith.dyndns.org, instead of trying to guess what IP address Time Warner/Comcast/Verizon has assigned you.
You'll also need to make sure your home computers stay on the same internal IP addresses assigned to them by the router—192.168.1.105 and the like. Adam's covered that in his remote BitTorrent guide. The basic explanation is that you set your steady, almost-always-on computers to an IP address that's lower than the "dynamic," changing numbers given out by your router.
Those are four settings we recommend peeking into as a new router owner. There are more security measures you can take, like filtering out all but a few accepted MAC addresses (i.e. specific computers/devices) or hiding your router name entirely from those who don't know it, but the average home network owner would probably find those more time-consuming than truly helpful. Your security needs and setup will certainly vary.
Good luck with your new router, and may your browser never tell you of pages not found,