Untitled Document

Linksys Access point hardening

The following document is intended to outline the configuration changes required for tightening the security on the Linksys WRT54G access point. The Current generation of Linksys products provide several network security features, but they require specific action on your part for implementation.

The following is a complete list of steps to be followed. Following this list are detailed instructions on how to do each of these steps. These changes should be done while connected to the Access point VIA a Ethernet connection not VIA the wireless.

A. Change the default SSID
B. Disable SSID Broadcasts
C. Change the default password for the administrator account
D. Enable MAC filtering
E. Enable Security mode WPA Pre-Shared Key
F. Change the WPA key periodically
G. Change the SSID periodically

A & B) Change the Default SSID and disable broadcasts

Follow the direction that came with your Access point to gain access to the administrative web page of the access point. After logging into the web page select wireless from the menu then the basic wireless settings windows will appear. The default SSID is set to linksys change the SSID. Do not use any passwords that you currently use for the SSID. You will need this name in order to access your wireless access point in the future. Also select Disable to stop the SSID broadcast.

C) Change the default password for the administrator account

If a hacker gets a hold of the administrator’s password, he can then change settings on your access point. So, make it harder for a hacker to get that information. Change the administrator’s password regularly. Select the administration menu on the web browser then management as shown below.

D) Enable MAC filtering

Utilizing MAC filtering you can control what computers are allowed to connect to your access point. The following screen shots will show you how to configure MAC filtering for your access point. Step one is to enable MAC filtering from the wireless menu then the Wireless MAC Filtering select the enable Button.

The following menu will appear when you select enable from the previous menu. Then Select Permit only PCs

Once you choose this setting you will have to click on the “Edit MAC Filter List” button. This is where you are going to add your MAC address for your wireless adapter. On the screen below enter the MAC address of your wireless adapter. You can find your MAC address located on the back of your Linksys wireless adapter card.

E) Enable Security mode WPA Pre-Shared Key

The following steps will show you how to configure the Security Mode for WPA pre-shared key. You will be prompted for a passpharse that will be used to encrypt the traffic between you and the access point. From the Wirless Menu select the wireless security submenu. Then from the screen that appears select WPA Pre-shared key.

Once this option is selected a screen similar to the following will appear. From this screen choose AES for the WPA algorithm. Then from the WPA pre-shared key field is where you will type your pass phrase. Type a string of words that will act as your password. A sample pass phrase is included.