1
00:00:00,150 --> 00:00:02,280
In this video, I want to show you how

2
00:00:02,280 --> 00:00:05,850
to set up a wireless router using the proper settings.

3
00:00:05,850 --> 00:00:08,670
That means we're going to be doing things like MAC filtering,

4
00:00:08,670 --> 00:00:13,230
setting the broadcast to disabled and putting it at WPA2.

5
00:00:13,230 --> 00:00:14,340
So as we go through,

6
00:00:14,340 --> 00:00:17,670
I'm going to use this wireless N wireless router.

7
00:00:17,670 --> 00:00:19,860
This is a standard wireless router you might find

8
00:00:19,860 --> 00:00:22,527
at Best Buy or Office Depot or someplace like that,

9
00:00:22,527 --> 00:00:25,740
and it's probably what you have something like this at home.

10
00:00:25,740 --> 00:00:26,880
This is a standard model

11
00:00:26,880 --> 00:00:29,547
that's going to have a wireless access point, a router,

12
00:00:29,547 --> 00:00:31,260
and a switch built in.

13
00:00:31,260 --> 00:00:33,600
So as you can see, I have four different ports

14
00:00:33,600 --> 00:00:35,340
plus the WAN connection,

15
00:00:35,340 --> 00:00:38,550
which will connect to my cable modem or my fiber modem.

16
00:00:38,550 --> 00:00:41,040
Now what I'm going to do is switch over into the display

17
00:00:41,040 --> 00:00:42,450
and you'll be able to see my computer

18
00:00:42,450 --> 00:00:44,700
as we go through and configure this device.

19
00:00:44,700 --> 00:00:46,320
So I'm on my desktop computer

20
00:00:46,320 --> 00:00:48,870
and I've opened up my network preferences.

21
00:00:48,870 --> 00:00:50,790
This shows me that I'm currently connected

22
00:00:50,790 --> 00:00:54,330
over ethernet directly to that wireless access point

23
00:00:54,330 --> 00:00:56,220
because it has those four switch ports,

24
00:00:56,220 --> 00:00:58,150
I'm plugged into port number one.

25
00:00:58,150 --> 00:01:00,660
I received a DHCP IP address,

26
00:01:00,660 --> 00:01:05,370
as you can see here, 192.168.1.2,

27
00:01:05,370 --> 00:01:10,080
and the router is 192.168.1.1.

28
00:01:10,080 --> 00:01:11,760
So for me to be able to configure

29
00:01:11,760 --> 00:01:14,610
this wireless access point, I'm going to go

30
00:01:14,610 --> 00:01:18,450
and type in that IP address, that router IP address

31
00:01:18,450 --> 00:01:19,980
into a web browser,

32
00:01:19,980 --> 00:01:22,980
because most of these home access devices are going

33
00:01:22,980 --> 00:01:25,950
to allow you to have a web-based configuration.

34
00:01:25,950 --> 00:01:29,490
So here I go, 192.168.1.1,

35
00:01:29,490 --> 00:01:31,650
and it brings up a NETGEAR Genie,

36
00:01:31,650 --> 00:01:34,470
which is this model of router that I'm using.

37
00:01:34,470 --> 00:01:36,840
So do I want to use the genie to help me?

38
00:01:36,840 --> 00:01:39,490
I'm going to say no, we're going to configure this ourself.

39
00:01:44,460 --> 00:01:47,190
Now currently, I do not have my cable modem

40
00:01:47,190 --> 00:01:48,810
or fiber modem plugged in,

41
00:01:48,810 --> 00:01:51,390
so there will be no connection to the internet.

42
00:01:51,390 --> 00:01:52,650
But I do want to go through

43
00:01:52,650 --> 00:01:54,750
and configure the wireless settings.

44
00:01:54,750 --> 00:01:56,900
So I'm going to start by clicking on Wireless,

45
00:01:58,860 --> 00:02:00,840
and under here, you could see the first thing

46
00:02:00,840 --> 00:02:02,760
that we want to turn off, which is,

47
00:02:02,760 --> 00:02:05,220
Enable SSID Broadcast.

48
00:02:05,220 --> 00:02:07,290
According to the network plus exam

49
00:02:07,290 --> 00:02:09,030
and the security plus exam,

50
00:02:09,030 --> 00:02:11,760
you should disable the SSID broadcast

51
00:02:11,760 --> 00:02:13,140
because this is essentially

52
00:02:13,140 --> 00:02:15,427
your wireless access point going out and saying,

53
00:02:15,427 --> 00:02:20,040
"Hey, hey, I'm over here, connect to me, my name is blank."

54
00:02:20,040 --> 00:02:21,000
We don't want to do that,

55
00:02:21,000 --> 00:02:22,830
so instead we're going to turn that off,

56
00:02:22,830 --> 00:02:24,900
which means that each device in your area,

57
00:02:24,900 --> 00:02:27,420
you're going to have to actually type in the name

58
00:02:27,420 --> 00:02:29,580
of the network for them to connect.

59
00:02:29,580 --> 00:02:31,890
Then do we want to have wireless isolation?

60
00:02:31,890 --> 00:02:33,450
I'm going to say yes.

61
00:02:33,450 --> 00:02:36,510
Now, the reason why is I'm using a wireless N router

62
00:02:36,510 --> 00:02:37,800
in this case.

63
00:02:37,800 --> 00:02:42,000
Wireless N and wireless AC do support wireless isolation.

64
00:02:42,000 --> 00:02:44,310
This allows it to act more like a switch

65
00:02:44,310 --> 00:02:47,280
and less like a hub and that's what we'd like.

66
00:02:47,280 --> 00:02:49,170
So we're going to go ahead and give it a name,

67
00:02:49,170 --> 00:02:51,330
and what is its SSID going to be called?

68
00:02:51,330 --> 00:02:56,330
I'm going to go ahead and call it a DionTestWap, that's fine.

69
00:02:56,400 --> 00:02:57,690
And then it has you select the region.

70
00:02:57,690 --> 00:03:00,120
I'm in North America 'cause I'm in the United States,

71
00:03:00,120 --> 00:03:02,010
and you can either auto select the channel

72
00:03:02,010 --> 00:03:05,160
or specifically select the channel you want based

73
00:03:05,160 --> 00:03:08,940
on 1 through 11 if you're running wireless B or G.

74
00:03:08,940 --> 00:03:11,400
Now, I'm going to let it auto select for me based on

75
00:03:11,400 --> 00:03:13,170
what is in my area,

76
00:03:13,170 --> 00:03:15,480
but if that was a problem, I could always go back

77
00:03:15,480 --> 00:03:18,060
and select one of the three most common channels

78
00:03:18,060 --> 00:03:19,590
that give us that separation,

79
00:03:19,590 --> 00:03:22,323
channel 1, channel 6, or channel 11.

80
00:03:23,160 --> 00:03:24,960
Next, I'm going to look at mode.

81
00:03:24,960 --> 00:03:27,930
And Mode tells me how fast it's going to operate,

82
00:03:27,930 --> 00:03:30,690
am I going to be operating under wireless B or G,

83
00:03:30,690 --> 00:03:32,190
which would be 54,

84
00:03:32,190 --> 00:03:35,760
or can I go up to 150, which would be a mixed mode

85
00:03:35,760 --> 00:03:37,800
between G and N,

86
00:03:37,800 --> 00:03:39,900
or can I go up to 300,

87
00:03:39,900 --> 00:03:42,360
which would give me just a wireless N.

88
00:03:42,360 --> 00:03:44,880
In my case, I do want to have this mixed mode

89
00:03:44,880 --> 00:03:46,620
because maybe I have some older devices

90
00:03:46,620 --> 00:03:50,460
that are still using wireless G, and so we'll do that.

91
00:03:50,460 --> 00:03:52,890
Then we're going to look at our security options.

92
00:03:52,890 --> 00:03:54,660
Are we going to have no security,

93
00:03:54,660 --> 00:03:57,090
meaning no password is needed.

94
00:03:57,090 --> 00:03:59,160
Now, sometimes you may want that.

95
00:03:59,160 --> 00:04:02,970
For example, at our offices we have a wireless network

96
00:04:02,970 --> 00:04:04,770
called Dion Guest.

97
00:04:04,770 --> 00:04:06,270
It has no password,

98
00:04:06,270 --> 00:04:08,070
you can go ahead and connect to it

99
00:04:08,070 --> 00:04:09,690
and it's going to give you a direct connection out

100
00:04:09,690 --> 00:04:10,523
to the internet.

101
00:04:10,523 --> 00:04:13,260
It's isolated and there's nothing touching our network,

102
00:04:13,260 --> 00:04:15,510
it just gives you direct access out.

103
00:04:15,510 --> 00:04:17,370
But if you're setting this up for your home,

104
00:04:17,370 --> 00:04:18,930
you want to have a password

105
00:04:18,930 --> 00:04:20,550
'cause you don't want somebody connecting into it

106
00:04:20,550 --> 00:04:22,530
and then touching your other devices.

107
00:04:22,530 --> 00:04:25,260
So on this particular wireless access point,

108
00:04:25,260 --> 00:04:28,140
it only supports two different types of encryption,

109
00:04:28,140 --> 00:04:30,810
WPA or WPA2.

110
00:04:30,810 --> 00:04:33,930
Notice, WAP isn't here, why is that?

111
00:04:33,930 --> 00:04:35,910
Well, because WAP is easy to crack,

112
00:04:35,910 --> 00:04:37,980
and I'm going to show you that in a separate video,

113
00:04:37,980 --> 00:04:42,000
but for right now, we have to choose between WPA and WPA2.

114
00:04:42,000 --> 00:04:45,930
Do we want WPA with a pre-shared key and using TKIP,

115
00:04:45,930 --> 00:04:50,100
or do we want WPA2 with a pre-shared key using a AES,

116
00:04:50,100 --> 00:04:52,890
or do we want to support both of those,

117
00:04:52,890 --> 00:04:55,140
or do we want to support an Enterprise mode?

118
00:04:55,140 --> 00:04:57,750
Well, if we're a home user, we're probably going to go

119
00:04:57,750 --> 00:05:00,090
for the most secure and easiest to use,

120
00:05:00,090 --> 00:05:04,710
which is WPA2 with a pre-shared key using AES.

121
00:05:04,710 --> 00:05:08,700
And here's where you're going to choose some long passphrase,

122
00:05:08,700 --> 00:05:11,970
and you want it to be something long and complicated,

123
00:05:11,970 --> 00:05:14,550
and maybe it's something like that, I don't know,

124
00:05:14,550 --> 00:05:17,220
or maybe you have it as a long sentence.

125
00:05:17,220 --> 00:05:18,690
Whatever it is, you want to have something

126
00:05:18,690 --> 00:05:20,970
between 8 and 63 characters

127
00:05:20,970 --> 00:05:22,710
and you want it to be long and complex

128
00:05:22,710 --> 00:05:24,540
because that lengthens the time it takes

129
00:05:24,540 --> 00:05:26,340
for somebody to break into it.

130
00:05:26,340 --> 00:05:28,140
So we're going to go ahead and hit Apply

131
00:05:28,140 --> 00:05:29,913
and that'll save those settings.

132
00:05:31,230 --> 00:05:32,730
Now, there wasn't a whole lot

133
00:05:32,730 --> 00:05:34,320
of in-depth settings here, right?

134
00:05:34,320 --> 00:05:36,510
They only gave me very basic things

135
00:05:36,510 --> 00:05:38,970
because they're trying to keep it easy for the consumer.

136
00:05:38,970 --> 00:05:41,100
What I want to do is I want to go to the Advanced tab though

137
00:05:41,100 --> 00:05:43,260
and see if there's any more in-depth settings

138
00:05:43,260 --> 00:05:44,882
that we might be able to use.

139
00:05:44,882 --> 00:05:47,730
So now that I went to Advanced, I'm going to go to Setup

140
00:05:47,730 --> 00:05:49,680
and I'm going to go to Wireless,

141
00:05:49,680 --> 00:05:52,230
and we're going to see what settings we have.

142
00:05:52,230 --> 00:05:54,210
Again, there's not much there.

143
00:05:54,210 --> 00:05:55,950
Now, if I go to Guest Network,

144
00:05:55,950 --> 00:05:57,990
this particular access point allows me

145
00:05:57,990 --> 00:05:59,940
to have two different networks.

146
00:05:59,940 --> 00:06:02,880
I can have one for my personal and one for guests,

147
00:06:02,880 --> 00:06:03,930
and the guests can connect

148
00:06:03,930 --> 00:06:05,670
and go directly out to the internet,

149
00:06:05,670 --> 00:06:08,820
just as in the example I gave you at our business offices.

150
00:06:08,820 --> 00:06:10,890
So maybe you want to do that for your friends,

151
00:06:10,890 --> 00:06:15,150
and you're going to call it a friend guest network,

152
00:06:15,150 --> 00:06:16,770
and you're going to allow isolation

153
00:06:16,770 --> 00:06:18,840
and you're going to enable this guest network

154
00:06:18,840 --> 00:06:20,880
and you're going to allow it to be broadcast.

155
00:06:20,880 --> 00:06:22,110
We're not going to allow guests

156
00:06:22,110 --> 00:06:24,210
to access your local area network though.

157
00:06:24,210 --> 00:06:26,010
We want them to go directly to the internet

158
00:06:26,010 --> 00:06:28,290
and not touch anything inside your network,

159
00:06:28,290 --> 00:06:30,090
and we can go ahead and set that up.

160
00:06:32,550 --> 00:06:34,020
Another thing we might want to do

161
00:06:34,020 --> 00:06:36,780
is we might want to use Mac filtering.

162
00:06:36,780 --> 00:06:39,900
So if I want to enable Mac filtering, I need to find it first,

163
00:06:39,900 --> 00:06:42,330
and I believe it's under Advanced Setup here,

164
00:06:42,330 --> 00:06:44,040
and then we're going to go down here

165
00:06:44,040 --> 00:06:46,743
and find it under Wireless Settings.

166
00:06:48,510 --> 00:06:49,860
And then under Wireless Settings,

167
00:06:49,860 --> 00:06:52,230
they call it Wireless Card Access List.

168
00:06:52,230 --> 00:06:56,022
And if I set up this access list, I can actually turn it on

169
00:06:56,022 --> 00:06:59,190
and only allow certain Mac addresses

170
00:06:59,190 --> 00:07:02,070
to be able to connect to this wireless network.

171
00:07:02,070 --> 00:07:04,800
So the good thing about this is it will keep out people

172
00:07:04,800 --> 00:07:06,960
who don't know you're using Mac filtering,

173
00:07:06,960 --> 00:07:10,170
the bad thing is, as a hacker or an attacker,

174
00:07:10,170 --> 00:07:11,850
it only takes me about 30 seconds

175
00:07:11,850 --> 00:07:13,470
to bypass Mac filtering.

176
00:07:13,470 --> 00:07:16,080
And so really it's a lot of work for you to be able

177
00:07:16,080 --> 00:07:18,570
to keep somebody out for maybe 30 seconds.

178
00:07:18,570 --> 00:07:20,700
But if you wanted to use it, you could go through and do it

179
00:07:20,700 --> 00:07:23,580
and we might say something like, Jason's iPhone

180
00:07:23,580 --> 00:07:25,680
and then his Mac address,

181
00:07:25,680 --> 00:07:27,680
whatever that Mac address happens to be.

182
00:07:29,070 --> 00:07:31,590
And now if I add that, it's going to allow

183
00:07:31,590 --> 00:07:34,290
that wireless network card to be able to connect

184
00:07:34,290 --> 00:07:38,460
to my wireless network and it will prevent everybody else

185
00:07:38,460 --> 00:07:40,800
if I turn access control on.

186
00:07:40,800 --> 00:07:42,270
Now, that's not my real Mac address,

187
00:07:42,270 --> 00:07:43,440
so I'm not going to turn that on,

188
00:07:43,440 --> 00:07:45,740
but that's just an example of what you can do.

189
00:07:48,570 --> 00:07:52,050
The other thing I want you to look at here is WPS,

190
00:07:52,050 --> 00:07:54,600
and WPS is something that was put into routers

191
00:07:54,600 --> 00:07:56,370
to make it easy for people.

192
00:07:56,370 --> 00:07:58,710
It's that button on the front of your wireless router

193
00:07:58,710 --> 00:08:00,120
or wireless access point

194
00:08:00,120 --> 00:08:01,740
that you push the button on your device

195
00:08:01,740 --> 00:08:03,780
and you push the button on the access point

196
00:08:03,780 --> 00:08:05,400
and they'll automatically pair,

197
00:08:05,400 --> 00:08:07,650
share this router pin with each other,

198
00:08:07,650 --> 00:08:10,710
and then connect each other securely to the network.

199
00:08:10,710 --> 00:08:13,170
In theory, this was a great thing,

200
00:08:13,170 --> 00:08:15,570
but unfortunately it was easily hacked,

201
00:08:15,570 --> 00:08:17,400
and so it's something you do want to turn off

202
00:08:17,400 --> 00:08:18,960
for your best security.

203
00:08:18,960 --> 00:08:20,490
You'll notice on my device here,

204
00:08:20,490 --> 00:08:22,860
it doesn't give me the option of turning it off,

205
00:08:22,860 --> 00:08:24,150
and so I'm going to have to dig deep

206
00:08:24,150 --> 00:08:26,160
into the settings to turn this off.

207
00:08:26,160 --> 00:08:28,600
Most likely, it's here under the WPS Wizard

208
00:08:29,880 --> 00:08:32,429
or under the Advanced Settings, and we would go through

209
00:08:32,429 --> 00:08:37,200
and turn off that WPS if you're allowed to by your device.

210
00:08:37,200 --> 00:08:39,059
The last thing I want to talk about here

211
00:08:39,059 --> 00:08:40,650
is your remote management.

212
00:08:40,650 --> 00:08:42,809
If you click on Remote Management, this is something

213
00:08:42,809 --> 00:08:46,290
where it allows you to connect to the device remotely

214
00:08:46,290 --> 00:08:47,610
over the internet

215
00:08:47,610 --> 00:08:50,220
through this web-based graphical interface.

216
00:08:50,220 --> 00:08:55,080
Now, we're doing this locally on 192.168.1.1,

217
00:08:55,080 --> 00:08:57,030
and that's okay because you'd have to be connected

218
00:08:57,030 --> 00:08:58,260
to my network first to be able

219
00:08:58,260 --> 00:09:00,990
to access this device and make these changes.

220
00:09:00,990 --> 00:09:03,480
But if I turned remote management on,

221
00:09:03,480 --> 00:09:05,970
I can actually give it an IP address

222
00:09:05,970 --> 00:09:08,670
and allow anyone on the internet to be able to connect

223
00:09:08,670 --> 00:09:10,710
to this device and make changes.

224
00:09:10,710 --> 00:09:12,600
Now, why would you want to do that?

225
00:09:12,600 --> 00:09:14,790
Maybe you have to set this up for your mother's house

226
00:09:14,790 --> 00:09:16,620
and she's not very technically savvy,

227
00:09:16,620 --> 00:09:17,880
and every time she has a problem,

228
00:09:17,880 --> 00:09:20,070
she's going to call you and ask you to fix it.

229
00:09:20,070 --> 00:09:22,890
So if that was the case, you might want to turn this on,

230
00:09:22,890 --> 00:09:24,030
but you're going to want to configure it

231
00:09:24,030 --> 00:09:26,295
to only allow certain computers

232
00:09:26,295 --> 00:09:28,860
with certain IPs to be able to connect to it.

233
00:09:28,860 --> 00:09:30,540
Again, the best practice here is

234
00:09:30,540 --> 00:09:32,460
to turn off remote management,

235
00:09:32,460 --> 00:09:34,590
and you'll notice it was off by default,

236
00:09:34,590 --> 00:09:36,690
and keep it off to keep your device

237
00:09:36,690 --> 00:09:38,160
the most secure it can be.

238
00:09:38,160 --> 00:09:41,490
So in summary, what are some of the big steps we did?

239
00:09:41,490 --> 00:09:44,370
Well, we wanted to make sure we're using WPA2

240
00:09:44,370 --> 00:09:47,550
with a good long, strong pre-shared key,

241
00:09:47,550 --> 00:09:51,000
we want to disable the SSID broadcast to make it harder

242
00:09:51,000 --> 00:09:53,010
for somebody to find our wireless network,

243
00:09:53,010 --> 00:09:56,670
we'd want to enable wireless isolation to keep those channels

244
00:09:56,670 --> 00:09:58,830
and frequencies isolated from each other,

245
00:09:58,830 --> 00:09:59,850
from people connecting

246
00:09:59,850 --> 00:10:03,060
and make it act more like a switch and less like a hub.

247
00:10:03,060 --> 00:10:06,270
We also want to enable Mac filtering according to the exam,

248
00:10:06,270 --> 00:10:07,800
although honestly, in reality,

249
00:10:07,800 --> 00:10:09,360
I usually don't do MAC filtering

250
00:10:09,360 --> 00:10:11,460
because it's just more of a pain for me,

251
00:10:11,460 --> 00:10:14,340
and it really doesn't give me that much more security.

252
00:10:14,340 --> 00:10:17,280
And finally, we want to disable the WPS setting

253
00:10:17,280 --> 00:10:18,540
if you're able to.

254
00:10:18,540 --> 00:10:21,300
Again, WPS was a great idea for convenience,

255
00:10:21,300 --> 00:10:23,070
but it doesn't provide good security,

256
00:10:23,070 --> 00:10:25,860
and so I would disable that anytime you can.

257
00:10:25,860 --> 00:10:27,210
I hope you take these tips

258
00:10:27,210 --> 00:10:29,970
and you put 'em to work in your own home or office network

259
00:10:29,970 --> 00:10:32,133
and get yourself a little bit more secure.