Setting up a router for your home network, or even to protect the one computer you are connecting to a cable modem or dsl modem, can be very straight forward. Most people will plug it in, turn on their computer and see everything works — and not even think about the manufacturer shipping it in an insecure mode so that startup is easy.
After you hook up your router and see that it works, there are some basic security settings that you need to change, whether you’re setting up a wireless router or a wired router.
The first thing to remember when setting up a wireless router is that you will have to connect one computer to the router via an Ethernet cable, at least initially and periodically.
You configure the router via the network. So far, so good. But, when you try to configure the router using a wireless connection, the first thing that happens is that you get your wireless connection cut off.
That’s right, almost every individual change you make from a security point of view will cause your computer to lose its wireless connection to the router. Then, you’ll have to hook it up by Ethernet to the computer in order to re-establish the connection. This isn’t an "oops" — it’s not an error in what you did — it’s the nature of the beast.
Fortunately, with a wired connection, that seldom happens… I’ll write more about wireless in the next article. But first, let’s look at some of the changes we need to make whether we’re using wired or wireless.
There are some basic security changes that you should make with any router, whether it is a wired router or a wireless router.
First, you should set (or change) the password for access to the router’s administration pages, which are accessable via a web browser.
By changing the password, you prevent anyone with local access from messing up the settings. Equally important, you prevent any nastiness (that you might have accidentally downloaded) from accessing and changing your router’s settings. Since the router gets the real IP address from your Internet Service Provider, and since the Internet side of the router acts as a firewall — only allowing responses to requests through to the local network — no one can mess with your router from the Internet side (as long as all the firmware bugs have been fixed).
However, since most people never change the default password on their router, a downloaded nasty can easily try a few default passwords in order to disable the router or to reroute any DNS requests to a "poisoned" domain name server. By using a password of your choice for your router, one that is not the default <grin&qt;, you take one more step in preventing malware writers from being successful in attacks on your system.
Second, you should change the IP address range for the local (home) network side of the router.
Each router manufacturer selects the IP range they want to use for their default local network. Linksys uses 192.168.1.1/255.255.255.0 (IP address / Netmask, IP Addresses Explained) for its wireless local network. Similarly, Linksys uses 192.168.0.1/255.255.255.0 for its wired router’s default local network. DLink, if I remember correctly, uses 192.168.2.1/255.255.255.0. These numbers are not unique to these manufacturers; they are part of a series that is available for anyone to use on a private network.
The following IP address ranges are reserved for private networks — you can set your local network to use any part of these ranges:
- 10.0.0.0 – 10.255.255.255
- 172.16.0.0 – 172.31.255.255
- 192.168.0.0 – 192.168.255.255
In each range, the addresses ending in 0 and 255 have special meaning, so you can effectively use 1-254.
The real issue is that, if you have the default IP address on your home network, you’re more likely to accidently "trust" other computers on the network if you take your computer elsewhere — like the repair shop, to a friend’s house, or take a notebook computer to a coffee shop. Trusting unknown computers is not a good thing — you’re telling your firewall that anything the other computer wants to do with yours is OK!
So, there are two changes you need to make at a minimum, whether you’re using a wired router or a wireless one — change the password from the default password and change the IP address range from the default IP address range.