How to Configure Wireless Broadband Router Securely?

How to Configure Wireless Broadband Router Securely?

User name and Password

Change the default user name and password because they are often easily guessed. Some manufacturers might not allow you to change the username, but at least the password should be changed.

Encryption (WEP/WPA/WPA2)

Whenever possible, WEP should be avoided. Instead, use WPA2/AES or WPA/AES if it is supported on the device.

Authentication Type (Open Authentication or Shared Key Authentication)

The shared key mechanism should never be used. Instead, a stronger mutual authentication as defined in the 802.11i standard should be considered.

Wireless Network Name / SSID

The default SSID should be changed. The new SSID should not be named to refer the network products being used, reflect your name or other personal information, otherwise the information could aid an attacker in collecting reconnaissance information about you and your wireless network.

Broadcast Network Name / SSID

Users may consider disabling SSID broadcasting or increasing the “Beacon Interval” to the maximum. Suppress SSID broadcasting could not prevent sophisticated attackers to steal SSID by sniffing the management frames between the communication of access points and clients, however it could able to stop casual wireless clients from discovering the wireless network or attempting to access.

MAC Address Filtering

Enabling MAC address filtering is recommended as another layer of protection.

Dynamic Host Configuration Protocol (DHCP)

Disabling the DHCP feature, if possible, is recommended, as DHCP makes it easier for malicious attackers to access a wireless network