Securing a Linksys WRT54G Wireless-G Broadband Router



Straight out of the box wireless routers come with many default settings that are very unsecure. Certain steps need to be taken in order to secure your wireless network. In this instance I will be explaining how to secure a Linksys WRT54G Wireless-G Broadband router. To secure your Linksys WRT54G Wireless-G Broadband router follow the steps listed below:

NOTE: This tutorial is based on the Linksys WRT54G Wireless-G Broadband router

First put the following into the address field of your browser: http://192.168.1.1

You will be prompted for a username and password, you will need to put in admin for both and you should be sent to the setup page.


On the main setup screen > Setup tab > Basic Setup:
Find the "Router Name" field and change the name from the default "WRT54G" setting to something more secure.

With any passwords or security settings in genernal you should always use at least six characters and a mix of upper and lower case alphanumeric characters. Its also a good idea to mix some standard numeric characters in with the alphanumeric characters. Its also good practice not to use actual words but instead leave out certain letters or replace them with numeric characters such that a dictionary style attack would be rendered all but useless.

IE: spider becomes Sp1D3r (Note the mix of alpha and numeric characters along with upper and lower case characters)

Optional: For additional security you can also disable DHCP (Dynamic Host Configuration Protocol). What DHCP does is automatically configure an IP address, default gateway (gateway of last resort) and DNS information on hosts that make a DHCP request to the local area network once they are connected. While this eases management for the end user, it also makes a LAN more vulnerable once its been compromised as the attacker will automatically get a vaild network address for the local network. You can disable LAN DHCP services by clicking the "disable" radio button in the DHCP server field. Keep in mind that if you do so you will have to manually configure the TCP/IP protocol on your wireless adapter with a valid address, subnet mask, default gateway and DNS information. This should only be done if you have advanced knowledge with the TCP/IP protocol.

Once you have changed the Router Name (and optionally disabled DHCP) scroll to the bottom of the page and click on "Save Settings", you should then see the "Settings are successful" dialog. Click continue here.

On the main setup screen > Wireless tab:



Find the "Wireless Network Name (SSID)" field and change the default setting to something more secure. You should apply the passwords and security settings tip from the first step here as well. If you wish you can use the same setting that you used for the Router Name in the first step. You also want to disable the "Wireless SSID Broadcast" setting so the router doesn't broadcast this important setting to the world. Note: By disabling this setting you will manually have to configure the SSID in your wireless adapter settings because the SSID of the network will no longer be able to be determined by the find networks option.

Once you have changed the SSID and disabled the SSID broadcast option scroll to the bottom of the page and click on "Save Settings", you should then see the "Settings are successful" dialog. Click continue here.

Find the Wireless Security subsection on the top of the setup screen and click on that to take you to the encryption security section. Find the "Security Mode" dropdown box and select WEP. Then find the "WEP Security" drop down box and select the 128 bits 26 hex digits key option. Type a passphrase between 6 and 8 characters into the passphrase box and then click generate and the 128 bits 26 hex digits key will be generated. Make sure and remember this passphrase and these particular settings as the keys will have to be generated to match on your wireless adapter as well. You will not be able to pass traffic on the network with WEP enabled unless the settings and the keys match on all devices. WPA encryption is also an option but not always supported on all wireless devices.

Once you have completed the WEP configuration settings click on "Save Settings", you should then see the "Settings are successful" dialog. Click continue here.

Find the Wireless MAC Filter subsection on the top of the setup screen and click on that to take you to the MAC Filtering section. Find the Wireless MAC Filter setting and enable that. Then select the "Permit Only" option that will only allow devices to connect to the wireless network when their physical (MAC) address is listed in the filter list. Next click on "Save Settings", you should then see the "Settings are successful" dialog. Click continue here.

Now click on the Edit MAC Filter List button which will open a new window with the MAC filter list that you can edit. This is where you will need to enter the MAC address of any wireless devices that you wish to allow access to your WLAN.


NOTE: To find the MAC (physical address) on an Windows machine open the start menu and select run. Type CMD into the run field and click OK. A command prompt window will open. In this window type in IPCONFIG /ALL. Find the "physical address" of the wireless adapter. You will need this address to add to the MAC filter list.

Once you have entered all the MAC addresses that you want to be able to access your WLAN into the MAC Filter List click on "Save Settings", you should then see the "Settings are successful" dialog. Click continue here.

Last but not least, on the main setup screen > Administration tab:



Find the "Router Password" field and change the default password to something you will use for administration purposes later. This password protects the router config from potential intruders. Apply the passwords tip from the first step to creating your password. Type in the password and then confirm it. Now insure that HTTPS is selected as the access server method and that wireless access web, remote management and UPnP are all disabled. Once you have changed the passwords and changed the management settings click on "Save Settings", you should then see the "Settings are successful" dialog.

Congratulations, you've successfully secured your Linksys WRT54G Wireless-G Broadband router! If you have had any problems working through this tutorial you should refer to the product manual.