Third: Configure Security

After you've accessed the router, the next order of business is getting the security, SSID and IP addressing settings right. Getting security right is a must, unless you want a neighbor stealing your bandwidth and possibly your data. IP addressing is important because these addresses are used for devices on your network to communicate with the routers. You make all of these changes within the router's management interface. These settings are typically under the "Basic" settings of the interface. They may also be under "Security" or "Wireless Settings." Router interfaces vary, so check with the manufacturer if you can't find the settings to configure on the below steps within the interface pages: Change the default administrator password. Some networking equipment forces you to do so, once you've accessed the Web-based interface, but many consumer routers don't. The settings for the admin password are usually under the "System" tab or area or page of the interface. You can just enter in a new password in the new password field. Change the router's default SSID. The SSID is the broadcasted name of your wireless network. That's the name that shows up as the network's name when you scan for available networks. Use a unique name that your neighbors aren't using for their routers, to avoid confusion. Assign security. Newer routers may be set by default to automatically configure security by using WPS (Wi-Fi Protected Setup). Since the goal here is to have full control of your network, switch from "WPS" to "Manual." Once in manual mode, go into the router's wireless security page. There is no excuse, except in very limited circumstances when dealing with legacy technology, to not use WPA/WPA2. WPA security requires clients connecting to it to use a key or passphrase, which you create within the router's interface on the same page you set up security. Some routers allow you to enter a string of 64 hexadecimal digits which provides strong security, but most have you create an 8 -to-63-letter passphrase. If you are creating a passphrase (or password) be sure to create a strong password that would be hard to guess. Check out "Password Protection: How to Create Strong Passwords" for good advice on generating passwords. Set up IP addressing. For most networks, the router can be kept at its default DHCP setting. This means the router will dole out IP addresses to clients that connect to the network, leaving you without any IP addressing management to do. For extra security, it's not a bad idea to change the router's default IP, making it even more resistant to snooping. Remember, hackers know what the default IP address of the most common routers (even though it's really tough for them to get to due to the fact that your IP addresses on your network are private). For instance, I would change my Cisco/Linksys router's network from 192.168.1.1 to something like 192.168.1.3. Disconnect the laptop and reboot it. When the laptop comes back from reboot you should see the SSID name of your wireless network and be able to connect to it with the passphrase you created. Congratulations—you're connected wirelessly. But you're not done with your setup yet! Advanced Steps: DHCP Reservation For those who anticipate connecting servers, NAS device or any device that you may access from outside your network, best practice is to configure DHCP Reservation. That may be a scary sounding term for newbies, but all it means is that you are telling the router that a specific device always uses a specific IP address, set aside, or "reserved" for it. For example, my router IP is 192.168.1.1, I can give my email-server an IP address of 192.168.1.2. I can give a third device, say my NAS server for instance, an IP address of 192.168.1.3, and so on. You don't want to change the first three sets of numbers though, for most basic home networks. IP addressing has specific rules about formatting, so you want to retain the first three sets of numbers, called "octets." You also will want to put in the device's MAC address that you are reserving. The MAC address is usually printed on a sticker affixed to a device. Again, reserving the IP addresses means those addresses will never be distributed to clients via DHCP and are "held" for the devices you specify. Reserving IP addresses is good practice for devices you want to access remotely, because otherwise when the IP address leases expire you won't be able to perform remote access. Don't forget to assign the reserved IPs as static addresses on the devices for which you made reservations. There are various ways to do this, on Windows servers and machines you can assign an IP address though the Network settings Control Panel. Other devices, such as NASes, have areas in their management console where you can assign an IP address. It really depends on what device you want to set a static address for, so check with the vendor if you aren't sure. If you are using the router as an access point, bridge or to extend the signal of an existing router on a network, you will want to turn off DHCP completely. Having two routers performing DHCP on the same network can result in myriad connection issues. However, for most home networks, having the router set to use DHCP will suffice.