WEBVTT 1 00:00:00.300 --> 00:00:01.290 In this video, 2 00:00:01.290 --> 00:00:04.230 I want to show you how to set up a wireless router 3 00:00:04.230 --> 00:00:06.090 using the proper settings. 4 00:00:06.090 --> 00:00:08.910 That means we're going to be doing things like MAC filtering, 5 00:00:08.910 --> 00:00:10.920 setting the broadcast to disabled, 6 00:00:10.920 --> 00:00:13.500 and putting it at WPA2. 7 00:00:13.500 --> 00:00:14.550 So as we go through, 8 00:00:14.550 --> 00:00:17.940 I'm going to use this wireless N, wireless router. 9 00:00:17.940 --> 00:00:19.530 This is a standard wireless router 10 00:00:19.530 --> 00:00:20.970 you might find at Best Buy 11 00:00:20.970 --> 00:00:22.797 or Office Depot or someplace like that, 12 00:00:22.797 --> 00:00:25.980 and it's probably what you have something like this at home. 13 00:00:25.980 --> 00:00:27.300 This is a standard model that's 14 00:00:27.300 --> 00:00:29.160 going to have a wireless access point, 15 00:00:29.160 --> 00:00:31.530 a router, and a switch built in. 16 00:00:31.530 --> 00:00:33.900 So as you can see, I have four different ports, 17 00:00:33.900 --> 00:00:35.580 plus the WAN connection, 18 00:00:35.580 --> 00:00:38.790 which will connect to my cable modem or my fiber modem. 19 00:00:38.790 --> 00:00:40.230 Now, what I'm going to do is switch over 20 00:00:40.230 --> 00:00:42.690 into the display and you'll be able to see my computer 21 00:00:42.690 --> 00:00:44.840 as we go through and configure this device. 22 00:00:46.020 --> 00:00:47.640 So I'm on my desktop computer 23 00:00:47.640 --> 00:00:50.160 and I've opened up my network preferences. 24 00:00:50.160 --> 00:00:52.110 This shows me that I'm currently connected 25 00:00:52.110 --> 00:00:55.650 over ethernet directly to that wireless access point 26 00:00:55.650 --> 00:00:57.540 because it has those four switch ports. 27 00:00:57.540 --> 00:00:59.760 I'm plugged into port number one. 28 00:00:59.760 --> 00:01:01.980 I received a DHCP IP address 29 00:01:01.980 --> 00:01:06.690 as you can see here, 192.168.1.2 30 00:01:06.690 --> 00:01:11.400 And the router is 192.168.1.1, 31 00:01:11.400 --> 00:01:13.080 so, for me to be able to configure 32 00:01:13.080 --> 00:01:15.090 this wireless access point, 33 00:01:15.090 --> 00:01:18.420 I'm going to go and type in that router IP address 34 00:01:18.420 --> 00:01:22.500 into a web browser because most of these home access devices 35 00:01:22.500 --> 00:01:25.890 are going to allow you to have a web-based configuration. 36 00:01:25.890 --> 00:01:29.430 So here I go, 192.168.1.1 37 00:01:29.430 --> 00:01:31.590 and it brings up a Netgear Genie, 38 00:01:31.590 --> 00:01:34.410 which is this model of router that I'm using. 39 00:01:34.410 --> 00:01:36.810 So do I want to use the genie to help me? 40 00:01:36.810 --> 00:01:39.460 I'm going to say no, we're going to configure this ourself. 41 00:01:44.400 --> 00:01:47.130 Now, currently I do not have my cable modem 42 00:01:47.130 --> 00:01:48.750 or fiber modem plugged in. 43 00:01:48.750 --> 00:01:51.330 So there will be no connection to the internet, 44 00:01:51.330 --> 00:01:52.590 but I do want to go through 45 00:01:52.590 --> 00:01:54.690 and configure the wireless settings. 46 00:01:54.690 --> 00:01:56.840 So I'm going to start by clicking on Wireless. 47 00:01:58.800 --> 00:02:00.810 And under here, you could see the first thing 48 00:02:00.810 --> 00:02:05.370 that we want to turn off, which is Enable SSID Broadcast. 49 00:02:05.370 --> 00:02:08.100 You should disable the SSID Broadcast, 50 00:02:08.100 --> 00:02:10.800 because this is essentially your wireless access point 51 00:02:10.800 --> 00:02:13.470 going out and saying, "Hey, hey, I'm over here. 52 00:02:13.470 --> 00:02:16.410 Connect to me. My name is blank." 53 00:02:16.410 --> 00:02:17.340 We don't want to do that, 54 00:02:17.340 --> 00:02:19.170 so instead, we're going to turn that off, 55 00:02:19.170 --> 00:02:21.240 which means that each device in your area, 56 00:02:21.240 --> 00:02:23.760 you're going to have to actually type in the name 57 00:02:23.760 --> 00:02:25.950 of the network for them to connect. 58 00:02:25.950 --> 00:02:28.230 Then do we want to have wireless isolation? 59 00:02:28.230 --> 00:02:29.790 I'm going to say, yes. 60 00:02:29.790 --> 00:02:32.880 Now, the reason why is I'm using a wireless N router 61 00:02:32.880 --> 00:02:34.140 in this case. 62 00:02:34.140 --> 00:02:38.370 Wireless N and wireless AC do support wireless isolation. 63 00:02:38.370 --> 00:02:40.680 This allows it to act more like a switch 64 00:02:40.680 --> 00:02:43.650 and less like a hub and that's what we'd like. 65 00:02:43.650 --> 00:02:45.540 So we're going to go ahead and give it a name 66 00:02:45.540 --> 00:02:47.700 and what is its SSID going to be called? 67 00:02:47.700 --> 00:02:51.780 I'm going to go ahead and call it a Dion Test WAP, 68 00:02:51.780 --> 00:02:52.740 that's fine. 69 00:02:52.740 --> 00:02:54.060 And then it has you select the region. 70 00:02:54.060 --> 00:02:56.460 I'm in North America 'cause I'm in the United States 71 00:02:56.460 --> 00:02:58.380 and you can either Auto Select the channel 72 00:02:58.380 --> 00:03:01.020 or specifically select the channel you want 73 00:03:01.020 --> 00:03:05.280 based on one through 11, if you're running wireless B or G. 74 00:03:05.280 --> 00:03:06.780 Now, I'm going to let it Auto Select 75 00:03:06.780 --> 00:03:09.540 for me based on what is in my area. 76 00:03:09.540 --> 00:03:10.920 But if that was a problem, 77 00:03:10.920 --> 00:03:12.600 I could always go back and select one 78 00:03:12.600 --> 00:03:14.400 of the three most common channels 79 00:03:14.400 --> 00:03:15.960 that give us that separation, 80 00:03:15.960 --> 00:03:18.693 channel one, channel six, or channel 11. 81 00:03:19.530 --> 00:03:21.330 Next, I'm going to look at Mode 82 00:03:21.330 --> 00:03:24.270 and mode tells me how fast it's going to operate. 83 00:03:24.270 --> 00:03:25.320 Am I going to be operating 84 00:03:25.320 --> 00:03:28.560 under wireless B or G, which would be 54? 85 00:03:28.560 --> 00:03:30.720 Or can I go up to 150, 86 00:03:30.720 --> 00:03:34.140 which would be a mixed mode between G and N? 87 00:03:34.140 --> 00:03:36.240 Or can I go up to 300, 88 00:03:36.240 --> 00:03:38.700 which would give me just a wireless N? 89 00:03:38.700 --> 00:03:41.190 In my case, I do want to have this mixed mode 90 00:03:41.190 --> 00:03:42.960 because maybe I have some older devices 91 00:03:42.960 --> 00:03:45.030 that are still using wireless G. 92 00:03:45.030 --> 00:03:46.800 And so we'll do that. 93 00:03:46.800 --> 00:03:49.260 Then we're going to look at our security options. 94 00:03:49.260 --> 00:03:51.030 Are we going to have no security, 95 00:03:51.030 --> 00:03:53.460 meaning no password is needed? 96 00:03:53.460 --> 00:03:55.500 Now, sometimes you may want that. 97 00:03:55.500 --> 00:03:57.450 For example, at our offices, 98 00:03:57.450 --> 00:04:01.110 we have a wireless network called Dion Guest. 99 00:04:01.110 --> 00:04:02.640 It has no password. 100 00:04:02.640 --> 00:04:04.440 You can go ahead and connect to it 101 00:04:04.440 --> 00:04:05.820 and it's going to give you a direct connection 102 00:04:05.820 --> 00:04:06.690 out to the internet. 103 00:04:06.690 --> 00:04:09.630 It's isolated and there's nothing touching our network. 104 00:04:09.630 --> 00:04:11.880 It just gives you direct access out. 105 00:04:11.880 --> 00:04:13.710 But if you're setting this up for your home, 106 00:04:13.710 --> 00:04:15.270 you want to have a password 107 00:04:15.270 --> 00:04:16.560 'cause you don't want somebody connecting 108 00:04:16.560 --> 00:04:18.900 into it and then touching your other devices. 109 00:04:18.900 --> 00:04:21.600 So on this particular wireless access point, 110 00:04:21.600 --> 00:04:24.480 it only supports two different types of encryption, 111 00:04:24.480 --> 00:04:29.160 WPA or WPA2, notice WEP isn't here. 112 00:04:29.160 --> 00:04:30.270 Why is that? 113 00:04:30.270 --> 00:04:32.250 Well, because WEP is easy to crack 114 00:04:32.250 --> 00:04:35.700 and we have to choose between WPA and WPA2. 115 00:04:35.700 --> 00:04:39.630 Do we want WPA with a pre-shared key and using TKIP? 116 00:04:39.630 --> 00:04:43.830 Or do we want WPA2 with a pre-shared key using AES? 117 00:04:43.830 --> 00:04:46.620 Or do we want to support both of those 118 00:04:46.620 --> 00:04:48.840 or do we want to support an enterprise mode? 119 00:04:48.840 --> 00:04:51.450 Well, if we're a home user, we're probably going to go 120 00:04:51.450 --> 00:04:53.820 for the most secure and easiest to use, 121 00:04:53.820 --> 00:04:58.410 which is WPA2 with a pre-shared key using AES. 122 00:04:58.410 --> 00:05:02.400 And here's where we're going to choose some long passphrase 123 00:05:02.400 --> 00:05:04.320 and you want it to be something long 124 00:05:04.320 --> 00:05:07.380 and complicated, and maybe it's something like that. 125 00:05:07.380 --> 00:05:08.250 I don't know. 126 00:05:08.250 --> 00:05:10.920 Or maybe you have it as a long sentence. 127 00:05:10.920 --> 00:05:12.420 Whatever it is, you want to have something 128 00:05:12.420 --> 00:05:14.670 between eight and 63 characters 129 00:05:14.670 --> 00:05:16.440 and you want it to be long and complex 130 00:05:16.440 --> 00:05:18.240 because that lengthens the time it takes 131 00:05:18.240 --> 00:05:20.040 for somebody to break into it. 132 00:05:20.040 --> 00:05:21.090 So we're going to go ahead 133 00:05:21.090 --> 00:05:23.613 and hit Apply and that'll save those settings. 134 00:05:24.960 --> 00:05:26.430 Now, there wasn't a whole lot 135 00:05:26.430 --> 00:05:28.020 of in-depth settings here, right? 136 00:05:28.020 --> 00:05:30.270 They only gave me very basic things 137 00:05:30.270 --> 00:05:32.700 because they're trying to keep it easy for the consumer. 138 00:05:32.700 --> 00:05:34.830 What I want to do is I want to go to the Advanced tab though 139 00:05:34.830 --> 00:05:36.960 and see if there's any more in-depth settings 140 00:05:36.960 --> 00:05:39.000 that we might be able to use. 141 00:05:39.000 --> 00:05:40.260 So now, that I went to Advanced 142 00:05:40.260 --> 00:05:41.970 I'm going to go to Setup and I'm going to go 143 00:05:41.970 --> 00:05:45.960 to Wireless and we're going to see what settings we have. 144 00:05:45.960 --> 00:05:47.910 Again, there's not much there. 145 00:05:47.910 --> 00:05:49.650 Now, if I go to Guest Network, 146 00:05:49.650 --> 00:05:51.690 this particular access point allows me 147 00:05:51.690 --> 00:05:53.640 to have two different networks. 148 00:05:53.640 --> 00:05:55.500 I can have one for my personal 149 00:05:55.500 --> 00:05:57.630 and one for guests and the guests can connect 150 00:05:57.630 --> 00:05:59.400 and go directly out to the internet. 151 00:05:59.400 --> 00:06:02.520 Just as in the example I gave you at our business offices. 152 00:06:02.520 --> 00:06:04.620 So maybe you want to do that for your friends 153 00:06:04.620 --> 00:06:08.850 and you're going to call it Friend Guest Network 154 00:06:08.850 --> 00:06:10.470 and you're going to allow isolation, 155 00:06:10.470 --> 00:06:12.570 and you're going to enable this guest network 156 00:06:12.570 --> 00:06:14.610 and you're going to allow it to be broadcast. 157 00:06:14.610 --> 00:06:15.810 We're not going to allow guests 158 00:06:15.810 --> 00:06:17.940 to access your local area network though. 159 00:06:17.940 --> 00:06:19.110 We want them to go directly 160 00:06:19.110 --> 00:06:22.020 to the internet and not touch anything inside your network. 161 00:06:22.020 --> 00:06:23.820 And we can go ahead and set that up. 162 00:06:26.250 --> 00:06:27.720 Another thing we might want to do 163 00:06:27.720 --> 00:06:30.510 is we might want to use MAC filtering. 164 00:06:30.510 --> 00:06:33.630 So if I want to enable MAC filtering, I need to find it first. 165 00:06:33.630 --> 00:06:36.060 And I believe it's under Advanced Setup here. 166 00:06:36.060 --> 00:06:37.740 And then we're going to go down here 167 00:06:37.740 --> 00:06:40.443 and find it under Wireless Settings. 168 00:06:42.210 --> 00:06:43.560 And then under Wireless Settings, 169 00:06:43.560 --> 00:06:45.930 they call it Wireless Card Access List. 170 00:06:45.930 --> 00:06:48.090 And if I set up this access list, 171 00:06:48.090 --> 00:06:50.130 I can actually turn it on 172 00:06:50.130 --> 00:06:52.890 and only allow certain MAC addresses 173 00:06:52.890 --> 00:06:55.800 to be able to connect to this wireless network. 174 00:06:55.800 --> 00:06:57.240 So the good thing about this 175 00:06:57.240 --> 00:06:58.500 is it will keep out people 176 00:06:58.500 --> 00:07:00.660 who don't know you're using MAC filtering. 177 00:07:00.660 --> 00:07:03.870 The bad thing is as a hacker or an attacker, 178 00:07:03.870 --> 00:07:07.200 it only takes me about 30 seconds to bypass MAC filtering. 179 00:07:07.200 --> 00:07:09.480 And so, really, it's a lot of work for you 180 00:07:09.480 --> 00:07:12.300 to be able to keep somebody out for maybe 30 seconds. 181 00:07:12.300 --> 00:07:14.430 But if you wanted to use it, you could go through and do it 182 00:07:14.430 --> 00:07:17.790 and we might say something like, Jason's iPhone 183 00:07:17.790 --> 00:07:19.410 and then his MAC address, 184 00:07:19.410 --> 00:07:21.410 whatever that MAC address happens to be. 185 00:07:22.800 --> 00:07:24.090 And now, if I add that, 186 00:07:24.090 --> 00:07:27.000 it's going to allow that wireless network card 187 00:07:27.000 --> 00:07:30.480 to be able to connect to my wireless network 188 00:07:30.480 --> 00:07:32.160 and it will prevent everybody else 189 00:07:32.160 --> 00:07:34.500 if I turn Access Control on. 190 00:07:34.500 --> 00:07:36.000 Now, that's not my real MAC address, 191 00:07:36.000 --> 00:07:37.140 so I'm not going to turn that on, 192 00:07:37.140 --> 00:07:39.440 but that's just an example of what you can do. 193 00:07:42.300 --> 00:07:44.070 The other thing I want you to look at here 194 00:07:44.070 --> 00:07:47.640 is WPS and WPS is something that was put 195 00:07:47.640 --> 00:07:50.100 into routers to make it easy for people. 196 00:07:50.100 --> 00:07:52.410 It's that button on the front of your wireless router 197 00:07:52.410 --> 00:07:54.750 or wireless access point that you push the button 198 00:07:54.750 --> 00:07:57.480 on your device and you push the button on the access point 199 00:07:57.480 --> 00:07:59.100 and they'll automatically pair, 200 00:07:59.100 --> 00:08:01.380 share this router pin with each other, 201 00:08:01.380 --> 00:08:04.440 and then connect each other securely to the network. 202 00:08:04.440 --> 00:08:06.900 In theory, this was a great thing, 203 00:08:06.900 --> 00:08:09.270 but unfortunately, it was easily hacked 204 00:08:09.270 --> 00:08:11.100 and so, it's something you do want to turn off 205 00:08:11.100 --> 00:08:12.660 for your best security. 206 00:08:12.660 --> 00:08:14.190 You'll notice on my device here, 207 00:08:14.190 --> 00:08:16.560 it doesn't give me the option of turning it off. 208 00:08:16.560 --> 00:08:17.850 And so, I'm going to have to dig deep 209 00:08:17.850 --> 00:08:19.890 into the settings to turn this off. 210 00:08:19.890 --> 00:08:22.300 Most likely, it's here under the WPS Wizard 211 00:08:23.580 --> 00:08:25.320 or under the Advanced Settings. 212 00:08:25.320 --> 00:08:28.320 And we would go through and turn off that WPS 213 00:08:28.320 --> 00:08:30.900 if you're allowed to by your device. 214 00:08:30.900 --> 00:08:32.010 The last thing I want to talk 215 00:08:32.010 --> 00:08:34.350 about here is your Remote Management. 216 00:08:34.350 --> 00:08:35.790 If you click on Remote Management, 217 00:08:35.790 --> 00:08:38.280 this is something where it allows you to connect 218 00:08:38.280 --> 00:08:41.310 to the device remotely over the internet 219 00:08:41.310 --> 00:08:43.920 through this web-based graphical interface. 220 00:08:43.920 --> 00:08:48.780 Now we're doing this locally on 192.168.1.1 221 00:08:48.780 --> 00:08:50.040 and that's okay because you'd have 222 00:08:50.040 --> 00:08:51.720 to be connected to my network first 223 00:08:51.720 --> 00:08:54.720 to be able to access this device and make these changes. 224 00:08:54.720 --> 00:08:57.180 But if I turned remote management on, 225 00:08:57.180 --> 00:08:59.700 I can actually give it an IP address 226 00:08:59.700 --> 00:09:01.920 and allow anyone on the internet to be able 227 00:09:01.920 --> 00:09:04.440 to connect to this device and make changes. 228 00:09:04.440 --> 00:09:06.300 Now, why would you want to do that? 229 00:09:06.300 --> 00:09:08.520 Maybe you have to set this up for your mother's house 230 00:09:08.520 --> 00:09:10.350 and she's not very technically savvy. 231 00:09:10.350 --> 00:09:11.580 And every time she has a problem, 232 00:09:11.580 --> 00:09:13.800 she's going to call you and ask you to fix it. 233 00:09:13.800 --> 00:09:16.590 So if that was the case, you might want to turn this on, 234 00:09:16.590 --> 00:09:17.730 but you're going to want to configure it 235 00:09:17.730 --> 00:09:20.310 to only allow certain computers 236 00:09:20.310 --> 00:09:22.560 with certain IPs to be able to connect to it. 237 00:09:22.560 --> 00:09:24.810 Again, the best practice here is to turn 238 00:09:24.810 --> 00:09:26.700 off remote management and you'll notice 239 00:09:26.700 --> 00:09:29.220 it was off by default and keep it off 240 00:09:29.220 --> 00:09:32.100 to keep your device the most secure it can be. 241 00:09:32.100 --> 00:09:35.400 So in summary, what are some of the big steps we did? 242 00:09:35.400 --> 00:09:38.310 Well, we wanted to make sure we're using WPA2 243 00:09:38.310 --> 00:09:41.460 with a good, long, strong pre-shared key. 244 00:09:41.460 --> 00:09:44.940 We want to disable the SSID broadcast to make it harder 245 00:09:44.940 --> 00:09:46.920 for somebody to find our wireless network. 246 00:09:46.920 --> 00:09:50.580 We'd want to enable Wireless Isolation to keep those channels 247 00:09:50.580 --> 00:09:52.740 and frequencies isolated from each other 248 00:09:52.740 --> 00:09:54.570 from people connecting and make it act more 249 00:09:54.570 --> 00:09:56.970 like a switch and less like a hub. 250 00:09:56.970 --> 00:10:00.210 We also want to enable MAC filtering according to the exam, 251 00:10:00.210 --> 00:10:01.710 although honestly, in reality, 252 00:10:01.710 --> 00:10:03.270 I usually don't do MAC filtering 253 00:10:03.270 --> 00:10:05.370 because it's just more of a pain for me, 254 00:10:05.370 --> 00:10:08.280 and it really doesn't give me that much more security. 255 00:10:08.280 --> 00:10:11.190 And finally, we want to disable the WPS setting 256 00:10:11.190 --> 00:10:12.450 if you're able to. 257 00:10:12.450 --> 00:10:15.210 Again, WPS was a great idea for convenience, 258 00:10:15.210 --> 00:10:16.980 but it doesn't provide good security 259 00:10:16.980 --> 00:10:19.770 and so I would disable that anytime you can. 260 00:10:19.770 --> 00:10:21.600 I hope you take these tips and you put 'em 261 00:10:21.600 --> 00:10:23.910 to work in your own home or office network 262 00:10:23.910 --> 00:10:26.043 and get yourself a little bit more secure.