# Securing a network



## popscott (Oct 6, 2004)

We just got a new service into the house.....the company setup the wireless network unsecured..... 
the picture below shows the Home as unsecured (right) and the left shows my selection for making it secure.... is this the correct place to do a secure network and which one is the best?

Thanks in advance....


----------



## kkbinco (Jun 11, 2010)

WPS2-Personal is the way to go for home use. If you have a choice in encryption us "AES"

Also, if you have a choice regarding WPS (Wi-Fi Protected Setup) I suggest disabling it.


----------



## popscott (Oct 6, 2004)

HHHMMMM... seems to working ok.... it asked for a password, which I setup....when does it need me to enter a password in the future? Will it ask again when I move to my other computer for that password?


----------



## kkbinco (Jun 11, 2010)

I assume you're talking about when you are on your wireless computer/tablet/phone and when you initiate a connection you are being asked for the connection password.

You will need to do this at least once for each device you connect from. Usually your device has an option to remember the connection setup, SSID and Password, so it will automatically reconnect in the future.


----------



## popscott (Oct 6, 2004)

Ok...Thanks a bunch.....


----------



## popscott (Oct 6, 2004)

Let me get a little deeper here. I have a new wireless setup (through the cable box) when they put in my fiber cable. The company can not, I guess, by law cannot set us up with a "secure" setting, that was up to me. Upstairs are two computers. I have those two plugged into (cat 5) a wireless router. The laptop (downstairs) has its own wireless card setup. I can connect to all three computers via wireless in the house just fine.

A Quick question again.... 

1. The left pic show my network connection as secured WPS2-Personal 
BUT, The right pic shows when I am connection, that "information sent over this network may be visible to others". Does it mean someone setting outside the house can connect to my network and see my 3 house computers and files?


----------



## kkbinco (Jun 11, 2010)

In your router setup there are two steps for a secure network.

You've done the first part by requiring the connection handshake be secure by specifying WPA2-Personal. This makes it difficult for somebody to leach your internet connection for their own access.

Next step is to encrypt communications between your router and wireless devices. This will make it difficult for somebody to "sniff"/monitor your communications. Look for a page on your router setup that lets you select the type of WPA encryption to use. Here's what my config looks like, you can see I've selected AES encryption.

View attachment 19957


----------



## arabian knight (Dec 19, 2005)

Ya you have to put in your own. I have mine set up I believe is 64 bit encryption.
I have a series of 28 numbers that I CHOOSE at random. Pretty done good if you ask me. LOL


----------



## TMTex (Apr 5, 2013)

A couple of related suggestions.

I also like to hide my SSID. Most routers have that option. You'll need to connect with every device you'll want first and hide it afterwards. 

If you take this route, I'd also suggest not using "HOME" as your SSID, but use something that's easy to remember, but not something that anyone would guess. You can go as far as typing something that nobody would even want to type in such as "TRAVOLTA".

It'll make it that much harder for someone to sniff. If you need to broadcast the SSID later, you can always turn it back on temporarily.


----------



## popscott (Oct 6, 2004)

The only place I can change âHomeâ is the left pic in post #6 ABOVE. If I right click, the drop down allows me to rename it âTravoltaâ
BUTâ¦â¦â¦â¦â¦â¦..
When ever I try to reconnect as in the right pic of #6 above, the âhomeâ is re-appearing there. It never recognizes the âTravoltaâ as a network here.
If I go back to the left pic, it says âTravoltaâ, the right pic says âHomeâ
____________________________________________________________________________

Here is what my network property âdrop downsâ allow. I can not change the name in hereâ¦.


----------



## kkbinco (Jun 11, 2010)

Before worrying about the SSID I'd suggest verifying encryption is working. The old "One step at a time" thing. 

In your post #10; Are we looking at your router's configuration, or is that one of your client/device pages we're looking at?


----------



## popscott (Oct 6, 2004)

This is all being done on the wireless laptop.
Control Panel>Network and Sharing>Manage wireless Networks>Left clicking the &#8220;Home&#8221; label (left pic post #6). This gives you the # 10 pics.
The cable co. had this whole thing setup when I got home. On the wireless laptop only. Not secured.
I plugged the upstairs computers (cat 5) into a seperate wireless router up there and all computers connected and are communicating amongst themselves. All are seeing the "Home" network. I have "share" folders on all and can write/read between all.

Maybe the fact there are 2 wireless routers involved?


----------



## kkbinco (Jun 11, 2010)

Yes, two routers make things a little more complicated. Forgive me but I'm getting confused a bit here.

Is this what your network looks like?..
View attachment 19972


1) Is it true that your laptop CAN share files with the PCs?
2) Is it true that your PCs have internet access?


----------



## popscott (Oct 6, 2004)

Is this what your network looks like?.. Yes 

1) Is it true that your laptop CAN share files with the PCs? Yes save copy paste between all 3
2) Is it true that your PCs have internet access? Yes, but password never asked, even after unsecured changed to the WPS2-Personal. They all connect without passwords.

Not to get off track, but .... the password is the same for ALL the pc's at windows start-up/login and is the same as password used for the network also, if that may matter.

If all connect to internet without passwords, can an "outsider" connect without a password?


----------



## kkbinco (Jun 11, 2010)

> Not to get off track, but .... the password is the same for ALL the pc's at windows start-up/login and is the same as password used for the network also, if that may matter.


 Not a "Best Practice" but I'm not going to worry about it right now. This does no harm.



> If all connect to internet without passwords, can an "outsider" connect without a password?


Computers that are hardwired to a router (like your xp & vista boxes) do not have to negotiate a connection to the router via a password. Only those computers making use of a wireless connection "should" be required to use a password to join the network. That is the goal of this thread! 

And yes, if your router does not require a password from wireless devices (like your Win7 box) then anybody can connect and not only leach your internet - they might get into your LAN to share your files too. 


Before we work on your security I'm still a little unsure about your network connections, protocol wise. I have a feeling something I know is wrong!

I need to know the TCP/IP address, Network Mask and Gateway for your XP-Pro's NIC(Network Interface Card) and for your Win7's wireless interface. They should be found somewhere in your config network/hardware info on the respective computers.

Also, I don't think you've been configuring your routers. What make & model routers do you have - both Cable and Upstairs routers.


I have a feeling your laptop is actually connecting via the upstairs router, and that the upstairs router happily connected to the unsecured cable router without you noticing. :facepalm:


----------



## popscott (Oct 6, 2004)

I am very sorry and need to apologize. I just got my flashlight out and started following wires. (The cable co. is supplying me with phone, internet, and T.V.) They literally have run 200 feet of internet cable around corners, through gutters, under flashings, up walls; etc to my router upstairs and it is plugged into the back of it there. So there is only one router in play here.
TP LINK is the upstairs router. (The only router). 

Here is what my setup is like. SORRY.


----------



## kkbinco (Jun 11, 2010)

Ahh, OK. Great! That makes a lot more sense.

Please let me know the make & model of your router.
ETA: Is this it: http://www.tp-link.com/en/products/?categor---=201

Also, on the XP-Pro box I still need its IP Address, Network Mask and Gateway Address.


----------



## popscott (Oct 6, 2004)

TP LINK 54M Wireless Router
Mod # TL WR340G

xp pro ip


----------



## popscott (Oct 6, 2004)

Vista


----------



## kkbinco (Jun 11, 2010)

Terrific!

On your XP or Vista box, using your web browser, go to:
http://192.168.1.1

If you are asked for a username and password try the following:
User: admin
Password: (leave blank)

or

User: admin
Password: admin

Do you see a page similar to this?
View attachment 20074


----------



## popscott (Oct 6, 2004)

Yep...


----------



## kkbinco (Jun 11, 2010)

Woo Hoo - We're in! 

On the left side menu, under Basic Settings, click on Wireless

Set
SSID: (to something other than "Home")
Region: United States
Channel: (no change)
Mode: 802.11g
Enable Wireless Router Radio: checked
Enable SSID Broadcast: checked
Enable Bridges: unchecked
----
Enable Wireless Security: checked
Security Type: WPA-PSK/WPA2-PSK
Security Option: WPA2-PSK
Encryption: AES
PSK Passphrase: (this is the password your wireless clients will use to access your router - set to your liking)
Group Key Update Period: (no change)
---
Click Save


Your wireless router access is now secured.

See if you can connect with your laptop. (fingers crossed)


----------



## popscott (Oct 6, 2004)

Laptop connects... it does not ask for a password (wireless)... the warning sign and "information sent over this network may be visible to others" is gone, though


----------



## kkbinco (Jun 11, 2010)

That you weren't asked for a password might have happened because earlier, when you thought you configuring the router, you actually configured your laptop's wireless client with the same password you just entered into the router?!?


----------



## popscott (Oct 6, 2004)

Alrighty.....I'll let it be for now.... 
Thanks a bunch for your help


----------

