Monday, March 10, 2014

How To Secure Your Linksys WRT54G Wireless Router

Securing a WRT54G Wireless Router, and Fixing A Bricked Router


The other day I found myself needing to tinker with my Cisco Linksys WRT54G Wireless Router.  It had gone belly up with delivering a signal and I had to delve into fixing it.

While getting it back up and running, I had encountered a few situations while setting it up.  But I digress.  Let's walk through a quick set up for securing our WRT54G Wireless Router.

And yes, you should secure your wireless point of access to your home network. There are too many folks out there willing to take advantage of people on so many levels these days, that the few minutes it takes to secure access to your wireless router, that it should more than pay for itself when it stops the happenstance intrusion.

And if that happenstance attempted intrusion comes and goes, you'll never know. But if you don't secure your network, you might have more issues than you might have hoped for.

-

How To Secure Our Linksys WRT54G Wireless Router


Make sure a machine (Desktop, Laptop) is connected to your router via a network cable.  Trust me, this comes in super handy in times of administrative troubles.  But if you don't have a cable, you could do this work wirelessly.  But most guides suggest connecting via a hard line.


Access your router by pumping into the web address of your web surfing, the address of your router, and that's usually "http://192.168.1.1".

If you had never set up your adminstrator account on the router, then your router is probably set to the default account and password.

The account name for me was blank, and the password was 'admin.'

You might want to change that. 

Here are some other default Linksys router account names/passwords

Default user names:

    Linksys BEFW11S4, WRT54G: admin
    Linksys EtherFast Cable/DSL Ethernet routers: Administrator
    Linksys Comcast routers: comcast
    All other Linksys routers: [none]

Default passwords:

    Linksys BEFW11S4: [none]
    Linksys Comcast routers: 1234
    All other Linksys routers: admin

-

Changing your WRT54G Wireless Router Admin Password


Click on the Adminstration tab, and the page there should show you an option to add your password.

Choose something usefully challenging that does not include the obvious like your address, name or any such simple thing.  You really want to keep folks out of your admin page or this is all for naught.

After choosing your new password, click "Save Settings."

It might/should ask you to login after that.

Once you've changed your password, your username changes, and it becomes admin.

-

Hit up your "Setup" tab, glance down the page and find "Maximum Number of DHCP Users:."

It's been suggested you decide how many computers in your family might ever use your router at once, and change that default number from 50 to something closer to that family number.

-

Set Up Your Linksys WRT54G With WPA/WEP


This is where we lock out the random strangers from your internal network, thus keeping them from accessing your equipment in your home.

Clicking on the 'Wireless' tab on your browser interface, choose the 2nd option from the left, on that submenu, titled "Wireless Security."

In the 'Security Mode' window, pick "WPA Personal" from the drop-down list.

For the 'WPA Algorithm,' pick "AES."

(If either of these are issues later when you try to connect, your alternate, slightly less secure options would be "WEP" and "TKIP.")

In the 'WPA Shared' is where you apply your network access/use password.  It's here that you have be pretty creative.  This is the weak link in your entire network if you simplify this password.

Go nuts and make it a long, complicated password and save that somewhere else. (It should be between 8 and 64 characters long)  Even if it's on a piece of paper taped to the bottom of your router.  Go crazy and use a bunch of upper and lower case letters, numbers, and punctuation symbols.

Be annoying.

Hit your 'Save Settings' button

-

If you ever have to reset your router's power, always go in and double check this setting to make sure it hasn't been cleared.  If it's cleared, your router becomes publicly accessible again.

-

The Fun Of Naming Your Network:


I name my network.  That way when you find yourself surrounded by numerous "linksys" named routers, you will find yours pretty easily.

A family member of mine has a paranoid and delusional neighbor (and I'll leave it at that.)  But my family member had thought that he should name his network 'DEA Surveillance Van #2' or something like that, just to drive his neighbor right over his mental edge.

Or something simple but unique enough.

You can name your network under the 'wireless' tab, in the "Basic Wireless Settings" section, in the "Wireless Network Name (SSID)" window.

Hit "Save Settings."


-

Changing (Disable) SSID Broadcast:


It's been suggested in some venues to change your 'Wireless SSID Broadcast' mode to "Disabled."

What this does is prevent your network name from showing up to passing by computers in those lists of "available networks."

The argument against this is that someone scoping to cause digital harm to any network they find, will be able to resolve your network name, whether you broadcast it or not.

That, and it can add to the complexity of you and your family accessing it yourself!

-

Changing Admin Access From HTTP to HTTPS:


This seems to be a smart idea, changing your web access from HTTP to HTTPS, making the simple port of admin access a little bit more secure.

But...

While I was tinkering with setting up my router, I had set this function, which then had my browser question the SSL connection between me and it.  I answered all the questions right to allow my browser to accept this certificate.

But then when I updated my firmware, my router was up and running, I could not access it via the web page portal any more!  I had this following error message, seemingly, after my router became bricked.

An error occurred during a connection to 192.168.1.1. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.


And from my four hours of web searching, this "Error code: sec_error_reused_issuer_and_serial" issue seems to not be an uncommon problem.

So I'm being shy about resetting my browser mode to HTTPS.

But in case you do it, and lose access...

-

Recovering From An Inaccessible or Bricked Router


If you've gotten to the point where somehow your WRT54G router seems to be working for access, but you can't connect to it via your web browser, yep, you've become part of a an elite group of screwed wireless router users.

When it happened to me, it was crazy how many different suggestions and ideas are out there.  And most, it seemed, did not work for many users.  But we all have to try various options provided, just in case it works for you and not them.

For me, I found this 30/30/30 reset routine.


This 30/30/30 router reset option requires that you hold the reset button down for 90 seconds while performing three different acts:

Press the reset button on the back of the router for 30 seconds;

Unplug the router (do not release the reset button) for 30;

Plug the router back in, while still holding the reset button for 30 more seconds.

It's tricky, but you need to hold the reset button

-

Oh, and through it all, even though the Linksys support pages had a lot of info, they ended up being somewhat useless for me, though their boards had some good hints.  And one other instance, I noticed someone had the same issue and when they contacted 'live help,' they wanted to charge him.

- - -

My Resources For this :

linksys-wrt54g-firmware.blogspot

podfeet.com

community.linksys.com

compnetworking.about.com

=

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Follow or subscribe to Consumer Bits on

No comments:

Post a Comment

Hi - sorry for the confirmation but I need to weed out the noise from the well intended comments. Thanks for leaving a note... - Bruce