This will be quick, but helpful for learners. I apologize that I cannot give walkthroughs, but almost every router will be configured using a different interface/process. I suggest using the below terms in your Routers manual.
1. Encryption
Currently, WPA2 Personal is the standard for home networking. Although very difficult to break, it is not impossible. It simply requires the right tools, a supply of caffeine, and patience. The trick to encrypted passwords is length. Size definitely matters with Passwords. WEP is now easily broken with automated tools, but WEP encryption with a password of 50+ characters is much more difficult to break than WPA2 with a very short password.
Passwords, or "Key's" should be 15+ characters long at minimum.
2. SSID Broadcast
The next more important feature in Wireless Security is the SSID. The SSID is the name of your network and the broadcast should always be disabled. This prevents 'passers by' from seeing a wireless network and requires additional work to be done in order to compromise the network.
Connecting to the Network can be difficult for the standard user, but just remember that SSID's are case sensitive and all devices allow you to manually connect to a 'hidden' network.
3. MAC Filtering
Most routers have the ability to filter access based on MAC address. Any device requesting an IP address on the network, whether they provide proper credentials or not, will be rejected if they are not on the approved MAC address list.
4. WPS
WPS was intended to provide an added layer of security with an 'easy connect' process, but ended up having a screen door protecting the entrance. This should be disabled.
5. DHCP
You can add a layer of security by disabling your Wireless Router's authority to give DHCP addresses. You then define an address space that only you would know and set each device using the network to a static IP.
Most consumer devices use 192.168.0/1.x for their address space. Most IT people will change it to 10.x.x.x, but very few use the B class private range of 172.16.x.x - 172.31.x.x. If using a Static address setup, then it is highly recommended to use a non-standard address space.
If using DHCP, then it is recommended to change the number of available IP Addresses in your address space to the number of devices on your network.
For example, if I have 5 devices in my house, I will configure my Wireless Router to only give DHCP addresses from starting address 172.19.2.3 to ending address 172.19.2.7. If all my devices are connected, then I know there can be no additional devices allowed by the router on the network.
-----------
Unfortunately, consumer devices don't allow for more indepth functionality (e.g. WIPS), but being harder to rob than your neighbor, usually keeps you from getting robbed.
None of the above will completely block someone from getting on your network. In the field of security, there is no locked door, just doors that are harder to break into than others. The goal is to make it as difficult as possible.
1. Encryption
Currently, WPA2 Personal is the standard for home networking. Although very difficult to break, it is not impossible. It simply requires the right tools, a supply of caffeine, and patience. The trick to encrypted passwords is length. Size definitely matters with Passwords. WEP is now easily broken with automated tools, but WEP encryption with a password of 50+ characters is much more difficult to break than WPA2 with a very short password.
Passwords, or "Key's" should be 15+ characters long at minimum.
2. SSID Broadcast
The next more important feature in Wireless Security is the SSID. The SSID is the name of your network and the broadcast should always be disabled. This prevents 'passers by' from seeing a wireless network and requires additional work to be done in order to compromise the network.
Connecting to the Network can be difficult for the standard user, but just remember that SSID's are case sensitive and all devices allow you to manually connect to a 'hidden' network.
3. MAC Filtering
Most routers have the ability to filter access based on MAC address. Any device requesting an IP address on the network, whether they provide proper credentials or not, will be rejected if they are not on the approved MAC address list.
4. WPS
WPS was intended to provide an added layer of security with an 'easy connect' process, but ended up having a screen door protecting the entrance. This should be disabled.
5. DHCP
You can add a layer of security by disabling your Wireless Router's authority to give DHCP addresses. You then define an address space that only you would know and set each device using the network to a static IP.
Most consumer devices use 192.168.0/1.x for their address space. Most IT people will change it to 10.x.x.x, but very few use the B class private range of 172.16.x.x - 172.31.x.x. If using a Static address setup, then it is highly recommended to use a non-standard address space.
If using DHCP, then it is recommended to change the number of available IP Addresses in your address space to the number of devices on your network.
For example, if I have 5 devices in my house, I will configure my Wireless Router to only give DHCP addresses from starting address 172.19.2.3 to ending address 172.19.2.7. If all my devices are connected, then I know there can be no additional devices allowed by the router on the network.
-----------
Unfortunately, consumer devices don't allow for more indepth functionality (e.g. WIPS), but being harder to rob than your neighbor, usually keeps you from getting robbed.
None of the above will completely block someone from getting on your network. In the field of security, there is no locked door, just doors that are harder to break into than others. The goal is to make it as difficult as possible.
