Tips on Configuring A Wireless Broadband Router at Home

How Do I Select My Wireless Network Mode?

In general, a wireless network can be operated using three different topologies; infrastructure mode, ad-hoc mode and bridging mode. When a wireless network operates in ad-hoc mode, client stations are connected directly and no access point is required. Using this mode, a potential attacker can gain access to a client station easily if the client station is improperly configured. Unless there is a specific business need, the ad-hoc mode should be disabled on wireless devices.

How Do I Locate My Wireless Broadband Router Securely?

• Avoid placing the router against an outside wall or window, or against a common wall with an adjacent home to ensure that the signal does not extend beyond the required area.

• To ensure that unauthorised people cannot tamper with your router, try to place it in a physically secure location.

• Some routers allow you to reduce the output power of the device. To minimise leakage outside the coverage area the wireless network is meant to service, turn down the broadcast power, if possible. This is one way to prevent too strong a signal from extending beyond the desired wireless broadcast area and being accessible to the "outside" world.

How Can I Configure My Wireless Broadband Router Securely?

• User name and Password
  Change the default user name and password because they are often easily cracked by attackers. Some manufacturers might not allow you to change the username, but at least the password should be changed.

• Broadcast Network Name (SSID)
  Disable SSID broadcasting or increase the "Beacon Interval" to the maximum.

• Wireless Network Name or SSID
  Change the default SSID. The new SSID should not be named to reflect your name or other personal information, otherwise the information could aid an attacker in collecting reconnaissance data about you.

• Encryption (WEP/WPA/WPA2)
  Whenever possible, WEP should be avoided. Instead, use WPA2/AES or WPA/AES if it is supported on the device.

• Authentication Type (Open Authentication or Shared Key Authentication)
  The shared key mechanism should never be used. Instead, a stronger mutual authentication as defined in the 802.11i standard should be considered.

• MAC Address Filtering
  Enabling MAC address filtering is recommended as another layer of protection.

• Dynamic Host Configuration Protocol (DHCP)
  Disabling the DHCP feature, if possible, is recommended, as DHCP makes it easier for malicious attackers to access a wireless network.