How To Secure Your D-Link Wireless Router

dlink dgl4500   How To Secure Your D Link Wireless RouterSecurity is probably the most important aspect of any computing experience and probably one of the most neglected.  With security measures, like many things, one can go as deep as they want to go but a little effort to employ the basics can go a long way.  While it is said that locks are only for honest people, you wouldn’t go to bed without locking your door.  Let’s lock your door and show you how to secure a D-link wireless Router.

General Networking With D-Link Wireless Routers

After connecting your D-Link wireless router and opening the start page in your browser, you’ll see a login screen. All of these routers come with a default password or no password at all. The first thing you’ll want to do is set one in order to guard against local and possible neighborhood intrusion. While this measure seems a given, many may be tempted to skip this step for convenience. The administrator password is your first line of defense.

Next you’ll configure your network settings according to your connection, hardware, and purpose of the router.  In addition, the option to configure remote management is offered so you can access your router from outside your local network. It is not advised to allow this unless necessary as individual internet addresses can be spoofed and leaves your network another opening for intrusion. In the advanced settings of the network there’s a tickbox for enabling WAN (from the internet) pings. Leave this unchecked so that your router will not answer pings confirming its existence.

Wireless Settings

The most important part is under the Wireless Settings. Here you will secure your router connections. The first thing one might want to do is change the default name because most routers ship with their brand name as the default SSID, or broadcast name. While this doesn’t help a whole lot if it’s broadcast across the neighborhood, at least it will hide your brand making it a bit harder to crack.

sl dlink security   How To Secure Your D Link Wireless Router

Next is the Enable Extended Range Mode. Do not enable this unless your equipment is indeed in a large building. There’s no sense in creating a larger circle of coverage to encompass even more neighborhood hackers than is necessary. Most average sized homes and small business settings will not require this option to be turned on. Along these same lines, it’s not recommended that one exchange the factory antenna for a high-range aftermarket replacement for the same reason. If your wireless network card in your computer supports 802.11g, then perhaps you might want to tick the 802.11g checkbox, perhaps excluding some who may not have the latest equipment.

Hiding your SSID aids in security by not announcing its existence. This way only those who know your SSID will be able to use it. While some experienced hackers may own tools to detect your router regardless, it will guard against some. In and of itself hiding the SSID isn’t a strong security measure, but coupled with others decreases your chances of falling victim.

The most important part of securing your router is the Security Mode. Here you will enable encryption and require a password to connect.  With most modern routers you have several choices ranging from the least secure to more so. Leaving this disabled allows your information to soar across the air unencrypted inviting others to capture and read it, including credit card numbers, passwords, and private conversations as well as allowing connections from outsiders at will.

WEP, or Wired Equivalent Privacy, provides a modicum of protection better than nothing, but its algorithms were cracked many years ago and anyone with the tools to pull in your transmissions will certainly have these basic conversion tools as well. WPA (version 1), or Wi-Fi Protected Access, was created in answer to the WEP failings, however, it too was cracked several years ago. Again, it’s better than nothing and will keep regular freeloading neighbors from using your connection, but WPA2 is even better. Most modern computer networking cards support this newer encryption standard, but some slightly older equipment may not. If your computer supports WPA2, then that’s your choice.

sl dlink security2   How To Secure Your D Link Wireless Router

After choosing WPA or WPA2, you also have the choice of TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard) based algorithms. Again, TKIP is the older less secure method and most computers and software support AES, so choose that. Then you have the further choice of PSK (pre-shared key) or EAP (Extensible Authentication Protocol). PSK is the type in which you have to set up your password on each device before encryption begins, so there is a chance someone could have gleaned that information during that process. EAP is more secure but encompasses many different methods and can require specialized software matching the methods of your particular router model. Many businesses use the latter for its increased security, but most home users choose the prior.  Be sure to pick a strong password with upper and lower case letters as well as numbers and even special characters.

One last element is the toggle to enable or disable accessing the configuration over wireless. If your D-Link model has this option it is recommended to use it. This way one would need physical access with a RJ-45 cable to try and guess or crack your password to change settings or invade your local network.

While nothing in the computer world is completely safe, things can be made reasonably so. By implementing these simple measures your local and wireless network is much more secure. Along with continued diligence in monitoring activity, your door is safely locked against many would-be intruders.

There were a couple of other related posts on MakeUseOf before:

- How To Set Up Your Own Secured Wi-Fi Hotspot
- How To Secure Your Wireless Network Connection

Please share your comments below. If you have other suggestions on how to secure a D-link router we would like to hear them as well.

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

7 Comments -

0 votes

vcarazo

I protect my router with a list of granted MAC addresses.

I know my MAC and my wife’s MAC address so these are just the ones granted to connect with router.

0 votes

Les

I use MAC Address filtering on my router too. Never had an unauthorized user on my network.

0 votes

Sam

Mac Address filtering is not secure too. Hacker could change his MAC Address and then get in.

0 votes

Ken

True, but MAC address filtering in addition to the measures described in the article just adds another layer of deterrence. Each layer of security that a hacker needs to go through to gain access just makes your network a little less appealing and might deter them to move on to a less secure one.

In the world of security, there is no such thing as hack-proof. The goal is to be just secure enough so that you are more secure than the rest in your area.

0 votes

UmmYea…

Hiding the SSID is useless as is MACs Filtering. Airodump-ng can detect your machines that are associated with your AP and shortly decipher your ssid. MACs Filtering is easily bypassed because with Airodump-ng you can see the MACs associated with your access point. Security through obscurity does not work! The author is wise to use WPA2-AES as WPA-TKIP and WPA2-TKIP are vulnerable and have been cracked in under a minute. It is only a matter of time before tools are released targeting this exploit. See here: http://arstechnica.com/tech-policy/news/2009/08/one-minute-wifi-crack-puts-further-pressure-on-wpa.ars

0 votes

Bolomkxxviii

Relying on any one method is not wise. MAC filtering, turning off the SSID and using the strongest encryption possible should all be done. Anothe method I use that has not been discussed is the use of an appliance timer. If your router is not powered while you are asleep or at work it is impossible to hack.

0 votes

UmmYea…

Anyone that potentially that could break into network would know how to get your ssid and mac address. The “security” those things provide is not worth configuring. Turning your router off at night will not prevent someone from “hacking” your router during the day. Only 1 WPA-handshake is required to begin a dictionary attack. Once the handshake has been acquired, it can be cracked offline(meaning no access to the access point is required). WPA2-AES is the most secure option for home use. Adding a radius server would be even more secure. Turning off your router, MAC Filtering, and hidding your ssid are useless. People that think these do anything are fooling themselves and obviously have never done any pen-testing themselves.