Installing and Configuring a SOHO Router
Out of the box, a typical SOHO wireless router is ready to provide open (unencrypted) connec-tions for your network. However, an unsecure network is vulnerable to misuse and could even be taken over by unauthorized users. This section reviews the security and other advanced settings in a typical SOHO wireless router. Understanding and using these settings helps create a more secure and better functioning wireless network.
The SSID (service set identifier) identifies the wireless network—By default, the SSID ispreset at the factory, typically identifying the manufacturer and sometimes the router model as well. Change it to a name that does not identify your router, your location, or your fam-ily/company for better security.
SSID Broadcast—By disabling SSID broadcast, you make your wireless network harder todetect by casual snoopers.
Wireless encryption—Enable wireless encryption to protect your network from being usedby unauthorized users. Select WPA2 (also known as WPA with AES encryption) for the best protection.
Firewall—Enable the firewall feature in your router for additional protection against unau-thorized traffic from outside the network.
MAC address filtering—By creating a list of authorized MAC addresses (each networkdevice has a unique MAC address), you block casual snoopers from connecting to your net-work.
Wireless channel—Although 2.4 GHz wireless networks have 11 available channels, inactuality only 3 (1, 6, and 11) have minimal overlap. To help determine which channel is used least in your area, use the freeware inSSIDer program (available from www.metageek. net) to view existing wireless networks and their frequencies. 5GHz wireless networks have many more channels to choose from and their frequencies don’t overlap.
DHCP—This feature provides IP address, gateway, and DNS server information to wirelessclients on the network. Leave it enabled if you have devices that join your network tem-porarily, such as tablets or smartphones. However, if you need to use port forwarding, port triggering, or DMZ, consider configuring devices that are always on the network with static IP addresses that are in the range of addresses supported by your router.
Port forwarding—This feature sends specified types of traffic (such as HTTP, port 80 orFTP, port 21) to a specified IP address. Use port forwarding if you host some type of server on your network.
Port triggering—Enabling this feature allows a computer with a dynamic IP address toopen a port or range of ports on demand.
NAT—Network Address Translation has two benefits: It enables a single IP addressassigned to the router to take care of multiple devices connected to the router and it helps protect computers whose addresses are translated by the router from being attacked by remote systems.
52 CompTIA A+ Quick Reference
DMZ—Demilitarized zone is a feature that enables a router to permit traffic on all TCP andUDP ports to flow to and from a single computer. Essentially, the computer using DMZ is as vulnerable as if it had a direct connection to the Internet. This feature is used sometimes for gaming, and a computer in the DMZ should have its own firewall.
WPS—Wi-Fi protected setup is an easy-to-use setup feature supported by some late-modelrouters and wireless adapters. Push a button on the router and the router is set up with encryption. WPS-compatible network adapters use special setup software with a virtual push button or a place to enter a PIN on the router to complete the configuration process.
Basic QoS—Basic quality of service configures streaming real-time services such as Voiceover IP (VoIP) or streaming media to have a higher priority than other types of traffic. When Basic QoS is enabled in the router, all devices on the network also need to have QoS enabled.
