University of Hawaii at Manoa Professor: Kazuo Sugihara Assignment 2 (ICS426) Network Setup Tutorials By: Yu Fong Okoji (yokoji@hawaii.edu) 10/27/2009
Tutorial on Home Network Setup INTRODUCTION In this tutorial, we will discuss the setup and configuration of a home network with a Linksys Wireless-G Broadband Router. The tutorial is to provide guidelines for fellow students to tighten their home network security. Router used in the tutorial: Manufacturer --- Linksys/Cisco Model No. --- WRT54G2 Firmware Version --- 11.0.03
Express Setup Wizard on Linksys Wireless Router Before going to advanced network and security settings, users can run an express Setup Wizard from the Linksys CD to configure some basic router and security settings, including router password, SSID (network name), network security type, and security key. Fig. 1-1 Fig. 1-2 The router is the gateway to home network. The router authentication is the first step to secure the network by protecting the integrity of the router settings. Without password, it s much easier for intruder to exploit the router settings and allow themselves to control the network. By default, the router use admin as the password. It s strong recommended to change it with strong passwords.
Fig. 1-3 Assign a name (SSID) to the wireless network It s easier to indentify our own wireless connection by changing default router name (Linksys). For the name, it s not recommended to using a name that is associated with your personal information as shown below. We will change the SSID in advanced settings. Fig. 1-4 WPA/WPA2 -- It is recommended as it s a more secured than WEP encryption, but because it is newer, it is not as widely supported. If you re using legacy devices, the better alternative will be WEP-128.
Fig. 1-5 Below is the summary of the basic router and security settings. Advanced Router and Security Settings The above wizard only provides some basic router and security settings. For advanced router and security settings, users can log in the router configuration webpage. (http://192.168.1.1) Fig. 2-1
Global Network (WAN connection) 1. ISP setting By default, Automatic Configuration DHCP is selected. This setting is most commonly used by Cable operators and the router will automatically configure the ISP connection Settings. Fig. 3-1 (Default ISP settings in Basic Setup page) Fig. 3-2 (Status with default IPS settings in the Status page)
Users can change the settings if they know or can obtain the settings from their ISP. It s more secured as the router only points to assigned WAN connection. Fig. 3-3 (Manual ISP settings in Basic Setup page) Fig. 3-4 DNS Settings Users might as well need to input the static DNS servers IP addresses assuming ISP not changing DNS very frequent. With static DNS, response time of DNS request will little faster and routing is more secured.
Local Network (LAN) In the Network section of the Basic Setup page, users can manually configure the LAN settings. Fig. 4-1 (LAN settings in Basic Setup page) LAN setting: 1. Local IP address: it s the IP address of gateway for the private network (router internal gateway IP address). By Default, it is set to 192.168.1.1. To strengthen the security, users can change it to a rarely used private set. For example, 172.16.1.2. 2. Subnet Mask: It s the wildcard to control the number of IP addresses in the subnet (your home network). By default, it s 255.255.255.0 3. DHCP: That s the service hosted by the router to assign private IP addresses to the network devices in your home network. Users can strengthen the security by minimized the number OF DHCP Users. For example, if you only have 3 devices in your home network, you can set the number to 3 and increment the number if more devices are added. 4. As mentioned in Global Network section, users can manually input the DNS.
Wireless Network The Linksys Setup Wizard can only provide basic router and security configurations. For advanced settings, users can go to Wireless sub pages to configure Wireless settings. 1. Basic Wireless Settings Wireless Configuration --- Select Manual for manual settings Wireless Network Mode --- options for B, G standard or Mixed mode SSID --- Wireless connection Identifier Wireless Channel --- Various selections for radio channels to avoid radio interference with neighbors access points. Wireless SSID Broadcast Users can hide their SSID from amateur intruders by disabling SSID Broadcast. Fig. 5-1 (Basic Wireless Settings) 2. Wireless Security Security Mode --- WPA2 is recommended as a more secured encryption method. WEP is less secured but it s compatible with legacy devices. WPA Algorithms --- TKIP+AES (default) WPA Shared Key --- 10 digit keys Group Key Renewal --- Time for routers to renew the Group key. Fig. 5-2 (Wireless Security)
Security 1. Firewall Linksys has built in firewall to filter venerable WAN requests. Block Anonymous Internet Requests --- It s harden security against anonymous external users to get into the network. Filter Multicast --- If enabled, it deny multiple transmission to specific recipients at the same time. Filter Internet NAT Redirection --- It basically blocks access to local servers from local pc's using the public address. It s not selected by default. IDEN --- It blocks IDEN service (port113) being scanned by devices from outer network. Fig. 6-1 2. Access Restriction Internet Access In the internet access page, users can setup lists of trusted or entrusted PCs based on their MAC addresses or/and IP addressed, restrict their internet access by days or time. Fig. 6-2
Fig. 6-3 Blocked Services, Website Blocking by URL Address and Keyword Blocked Services feature allow users block unwanted and venerable ports and services, such as telnet and FTP. Website blocking allows users blocking bad website by URL addresses or Keyword. These features are especially helpful for parents setting up parental control for their children.
Port Forwarding In the Applications & Gaming page, users can setup port forwarding to make certain web services connecte to certain devices based on IP and application ports. For better security, port forwarding should be limited unless it s needed. Fig. 6-4 Remote Administration Remote Administration is not recommended, Remote Management is disable by default. Also, Wireless Access Web can be disabledif it s not needed. Fig 6-5
VPN By default, PSec, PPTP, and L2TP Pass-through are enabled. They can be disabled if VPN services are not used. References: Linksys User Guide: http://www.linksys.com/servlet/satellite?blobcol=urldata&blobheadername1=content-type &blobheadername2=content-disposition&blobheadervalue1=application%2fpdf&blobheade rvalue2=inline%3b+filename%3dwrt54g2_v10_ug_c%2bweb.pdf&blobkey=id&blobta ble=mungoblobs&blobwhere=1193789747833&ssbinary=true&lid=8676486869b38