Support
box-sousmenu-top
box-sousmenu-bottom
Other routers 

Tips for improving security on your wireless access 

As you probably know, access to a wireless network is convenient and has many advantages. However, the threat of piracy can have an impact on your Internet usage and private life. Ill-intentioned users try to find unsecured wireless networks to penetrate and use for downloading and other illicit activities. Here’s some practical advice that will help you minimize the threats to your wireless network of infiltration by the uninvited. Note, however, that no protection is 100 percent safe; a determined and patient individual can access a wireless network if they give it enough time.

 

Tip no. 1: Use the WPA2/AES security mode

 

There are a number of security modes available; some are more secure than others. Your router may not offer them all. Here, in order of preference, are the ones you should choose (from most to least secure).

1 : WPA2 or WPA2_Personal
2 : WPA or WPA_Personal
3 : WEP 128 bits


Warning:

We recommend that you choose a security option, either WEP, WPA or WPA2. MAC address filtering and deactivating the SSID broadcast can’t replace them and can be pirated in a few minutes.
To get help with your wireless configuration, visit Wireless (WiFi) configuration of the router.

Tip no. 2: Change your wireless network’s SSID

 

Manufacturers generally deliver routers with their company name as the default SSID. A D-Link router, for instance, will have “dlink” as its SSID. If, for security purposes, you do not wish to broadcast your SSID, avoid keeping the name: it would be too easy to guess.

 

Of course, knowing the name of your network doesn’t necessarily give someone access to it. However, choosing a different SSID will show malicious users that you’re taking additional precautions to protect it, and will complicate the job of penetrating it.

 

Go to the Wireless section in your router’s administration console and locate the field entitled “SSID.” Give it another name. Avoid choosing personal information such as your address, name or telephone number.

 

To get help with your wireless configuration, visit Wireless (WiFi) router configuration.


 

Tip no. 3: Change your router password and do not activate remote management

 

The manufacturer configured your router beforehand with a generic default password. If it has not been changed, and an individual manages to connect to your internal network, he or she can easily take control of your router. Generic passwords are included on the list of default passwords; consulting the list is all it takes to get into someone else’s network.

 

Do not activate the router’s remote management. Once activated, this option (which is deactivated by default) can allow anyone to control your router without even going through your wireless security network.

 

To change the password, conntect to your router's adminisatration interface.

Next, locate the “Password” section, which is usually found in the main “Administration” section. Choose a long password containing letters and numbers.

 

To get help with your wireless configuration, visit Wireless (WiFi) router configuration.

 

Tip no. 4: Use MAC address filtering

 

With MAC address filtering, you can authorize only certain equipment to be part of your network. All network peripherals, such as your computer, gaming consoles and even some printers, have a physical, or “MAC” (Media Access Controller), address. This address is unique to them and should be visible under or behind the wireless device (under your portable computer, for instance).

 

This function is not recommended if you have no knowledge of wireless networks because it complicates connection of new devices to your network. Refer to an expert if needed.

 

 MAC address filtering is far from infaillible and cannot be used as your one and only protection. It boosts the security level, which may dissuade a pirate from intruding on your network, but it should always be combined with another security mode, such as WPA2/AES, WPA or WEP, to make it truly effective.

 

To activate MAC address filtering, locate the “Physical or MAC address filtering” section in the administration interface. List your wireless equipment there, except for your router.

 

 

Tip no. 5: Deactivate broadcasting of the SSID network name

 

SSID broadcasting is useful for businesses (cafés, hotels, etc.) because it enables computers and peripherals to detect the network located nearby.

 

However, SSID broadcasting poses risks and cannot be used as your one and only protection. It boosts the security level and may dissuade a pirate from intruding on your network, but it should always be combined with another security mode, such as WPA2/AES, WPA or WEP.

 

This function is easily deactivated in your router’s administration interface, which is usually in the “Wireless” section. 

 

 

Tip no. 6: Deactivate the wireless functionality if you aren’t using it

 

Most wireless routers today have physical ports you can connect peripherals to with a network cable. If you don’t have wireless peripherals or if they don’t absolutely need wireless access, connection by cable network is always more reliable and often faster than a wireless connection.

 

If your wireless router, computer and gaming console are in the same room, for instance, it is much safer to connect your gaming console and computer to your router with a network cable, and then deactivate the wireless functionality on its administration interface.

 

Some routers give you the possibility of determining access rules based on a user schedule. You can then prohibit use of your network at night or at certain periods of the day.

 

 

Tip no. 7: Deactivate the internal DHCP and assign static IP addresses

 

Your router uses a DHCP server to automatically assign IP addresses to your wireless peripherals. Though user-friendly, this function also means your router is capable of assigning an IP address to an uninvited peripheral intruding on your network. This IP address gives access to all unprotected resources in your network (photos, music, videos, etc.), computers and any other peripherals. We therefore recommend that you deactivate the router’s internal DHCP server and manually assign IP addresses to every computer and peripheral. This will boost the security level and make piracy more difficult.

 

This function is not recommended if you have no knowledge of wireless networks because it complicates connection of new devices to your network. Refer to an expert if needed.

 

The internal DHCP server can be deactivated via your router’s administration interface. While you’re there, choose an IP address class different from the one provided by default, and an IP address for your router. Then manually assign IP addresses of the same class to your computers and peripherals.

 

Valid private IP address classes are as follows:
192.168.x.x
10.x.x.x
172.16.x.x up to 172.31.x.x
(x can be from 1 to 254)
 

If you choose 192.168.12.x, for instance, you can assign any IP address beginning with 192.168.12.x (e.g. 192.168.12.128) to your router, then manually choose a different IP address for each of the computers and peripherals in your network (always beginning with 192.168.12.x).


The subnet mask will be 255.255.255.0, while the IP address of the LAN gateway and primary DNS will correspond to the router’s IP address (in the example below, it is 192.168.12.128).

 

 image003-conseil 

Tip no. 8: Do not automatically connect to “open” wireless networks

 

Put simply, an “open” network is an unsecured network, often public, to which anyone in proximity can connect. The function enabling them to connect automatically to an “open” wireless network is deactivated by default in most operating systems and wireless peripherals. However, it can be activated temporarily: for instance, if you’re travelling in a place where there is little risk of piracy. Users connected to the same network as you can therefore share photos, music and videos, but your computer will be more vulnerable to piracy. We therefore recommend you use a firewall at all times.

 

The Videotron Security Suite offers a firewall and wireless access protection module that lets you deactivate network filesharing if it detects an “open” and unencrypted wireless network.
 
image005-conseil 

Has this article answered your questions?
Yes
No

Need help? Contact Technical Support
Services for the
hearing impaired (TTY)
1-877-380-2611
From your Videotron mobile phone, dial 611.
24/7
  

 

box-bg-top-247
box-bg-bottom-247
box-bg-top-247
box-bg-bottom-247