How to survive configuring and securing a wireless LAN - Part Deux

Last time I started this thread about what it takes to set up - and lock down - a Linksys wireless router. I ran through the automated setup routine, which prompted me to create a new SSID and choose an encryption and authentication option. Then - bang - the setup program ended and I was back in Windows.

At this point you might think that you're done. You're not - at least not if you want to really lock down the wireless network. 

The Missing Pieces
So there you are, back in Windows. What to do now? I thought I'd start by reading the manual. To do that you can restart the installation CD and go to the "User Manual Screen" option that you may have missed on the introductory screen or you can just pull up Windows Explorer, open the "Doc" subfolder and open the PDF file wrt54gv6-ug.pdf. Pretty straightforward, isn't it?

The 82-page manual is informative, but the security information I really needed was scattered about. In this case, I found the answer I needed in Appendix B, titled Wireless Security. In my last posting I had renamed the SSID of the wireless router from the default. However the router was still advertising its existence - and the SSID name - to every Wi-Fi device in range. If you leave it this way, the only thing preventing unauthorized users from logging into the network is that password you hopefully created when you ran the automated installation routine (described last time). Appendix B tells you that you really should disable SSID broadcast so that only authorized machines know that your WiFi broadband router is there. How do you do that?

You can also lock down the computer in another, important way. Each computer's network adapter has a unique hardware code, called its "physical address," or "MAC address." Since no two computers have the same code, you can set up your wireless network to allow access only to machines with Mac addresses of the machines you approve. This is called MAC address filtering. But how do you configure these settings?

With the Linksys router, the answer to both questions appears in Chapter 5: You change the settings from the management console. In the Linksys, as in most wireless routers, that program is embedded in a ROM chip located in the router itself. To access it you need to fire up a browser and enter the correct IP address. In my case, that was http://192.168.1.1. To get in you enter a user name and password (which I changed that from the default last time).

Interestingly, you click on the "Wireless" tab, not the "Security" tab, in the admin program to enable MAC address filtering and disable SSID broadcast. From there you go to the Basic Wireless Settings sub-menu and click a radio button to turn off SSID broadcast. Under the Wireless MAC Filter option you can enable filtering, then you enter a list of MAC addresses of the machines you want to have access.

Under the Wireless Security tab, you can set encryption method and key (password for unlocking encrypted data streams).  I selected WPA-2 and entered a key previously when I ran the automated installation routine. But it's nice to know that both can be modified from here if you change your mind.

Now I had all of the security was set up, but there was just one last problem. The Linksys manual tells you the format to enter your MAC addresses, but how do you find out the MAC addresses for the machines you want to have access? The answer is in the manual. Again, you have to look for it. More on that next time.