What Settings Should I Change On My Wi-Fi Router?

2
What Settings Should I Change On My Wi-Fi Router?

Dear Lifehacker, I just moved into my first apartment, and bought my first Wi-Fi router. It’s a standard Linksys “blue box” and seems to work fine, but I’m wondering — are there any settings I should be looking to change? Signed, Curious about Configuration

Photo by webhamster.

Dear Curious,

Good question! For most broadband home users, a Wi-Fi net connection “works” once you plug in the cable and power on the Linksys box, but there’s more to having a secure, convenient and easy-to-use network than just connecting.

Head to your router’s administration page by connecting to your router (usually linksys), opening a browser to it (usually 192.168.1.1), and entering the default username and password (written in the manual, but usually some combination of “admin”, “default” and blanks).

I’m recommending at least four changes and look-intos for the typical router:

Change the Administrator Password

Why bother? If you’re going to leave your network “open” mdash; or not requiring a password to connect — it’s crucial to have your router administration password in place, as anybody who’s half-familiar can point to 192.168.1.1, use a site like RouterPasswords.com, and then do … well, all kinds of hincky stuff. Even if you’re going to password-protect your system, it’s still a smart idea to prevent anyone from messing with your settings.

Want to lock down administrative access even further? Turn off “Wireless Web Access” from this password page. Maybe it’s too much of an annoyance to require that router configuration changes require a physical cable connection, but it’s also a good way to ensure only those inside your house can mess with your network.

Change Your Security Settings

If you haven’t set up a password, do so now. As with any net-related password, don’t make it weak. Use non-dictionary words, add numbers and special characters, and make it as long as you can remember. And change the security mode to WPA2 Personal. WEP is easily cracked, as noted above, and the first WPA has proven fairly easy for hacker-types to get into. WPA2 Personal isn’t perfect, but it’s the home networking security standard at the moment, and most devices made in the past few years can connect through it.

Open and Forward Any Needed Ports

uTorrent

The layout is a bit confusing, but it’s actually a simple setup. Name your port whatever you’d like for reference in the “Application” field, add the port “range” in the two “Start” and “end” fields (usually they’re the same number, for a single-number “range”), then choose the IP address of the computer you’d like incoming requests routed to, and click “Enable”. In other words, if you want incoming SSH requests sent to your main desktop, add an “SSH” entry, assign it a port (22 is standard, though you can change it for more security from scanning attacks), and direct it to your home desktop’s IP address.

But, wait, how do you know which IP address your home computer is on, and how do you reach it from, say, Panera? Good question! We’ll tackle that in this next section.

Set Up Dynamic DNS

DynDNS

You’ll also need to make sure your home computers stay on the same internal IP addresses assigned to them by the router — 192.168.1.105 and the like. Adam’s covered that in his remote BitTorrent guide. The basic explanation is that you set your steady, almost-always-on computers to an IP address that’s lower than the “dynamic”, changing numbers given out by your router.

Those are four settings we recommend peeking into as a new router owner. We are, however, just one crew of geeky Wi-Fi users. Good luck with your new router, and may your browser never tell you of pages not found,

Sincerely,

Lifehacker

P.S. — If our readers have any suggestions on what router settings to change for better access, speed or connectivity, we welcome them to share, and we’ll try to update the post with any good tips.

Comments

  • Don’t set up ddns unless you actually need it. By creating a ddns entry, you are inviting hackers to ‘try’ to get in to your network. It’s like having a phonebook entry – without one, you are a little bit less easy to find.

    (at least I’ve found, when trawling through my logs, that with ddns active there are a lot more portscans and attempted ssh connections than without)

Log in to comment on this story!