These steps apply to both Linksys wireless access points (WAPs) and Linksys DD-WRT wireless routers. Of course, DD-WRT wireless routers have additional security precautions that need to be taken on the router and wireless side.
1-Change the password – With all Linksys routers and access points, it is extremely important to change the device’s default password. Login to your router and enter the default password. The version of the firmware or the router that you are using will determine where the Change Password button is located. Make sure you find it. This is the single most important step. Change the default password and choose a password that contains both numbers and letters. This will reduce the possibility of your password being guessed or hacked.
2-Change your SSID – The SSID is the shared network name that all devices run on a wireless network. The name is case sensitive and should be no longer than 32 characters. You can use any keyboard character you choose when renaming the SSID. The default SSID of the Linksys access point or wireless broadband router is set to Linksys. It is highly recommended that you change the SSID to a unique name other than the default.
3-Disable SSID broadcasting – In order to keep your Linksys product from broadcasting the SSID to hackers or wireless clients, change the Wireless SSID Broadcast to Disabled.
4-Enable encryption – The Linksys WAPs and wireless routers all come with a wireless security option that uses encryption. To prevent hackers and outside users from accessing your network choose between several forms of encryption: WPA, WPA2 or RADIUS(do not use WEP because it can be easily broken). Once you choose the security encryption type, you will input a passphrase. This same passphrase needs to be entered on each client that uses a wireless network card to connect to the access point.
5-Keep firmware updated – On a regular basis, visit the Linksys or DD-WRT Web site to make sure you have the latest version of firmware for your Linksys product.
6-Enable MAC filtering – There is a Wireless Network Access MAC Filter that you should enable to only allow specific MAC addresses. Some Linksys products have a Select MAC Address from Networked Computers button that will allow you to select the computers on your network that need access. You can run an ipconfig /all (from the Windows command line) on each computer to obtain the MAC address. It is listed as the “Physical Address” and will have a format that looks like this: 00:50:56:X0:00:08.
7-Limit DHCP – Configure your DHCP settings with only the number of computers that need Internet access. For example if you have 5 computers, only configure DHCP to hand out 5 addresses.
8-Block WAN Requests/ Disable Remote Administration – Enable this feature to block intruders from attacking you over the Internet. This setting hides your IP address from the outside world. Disabaling Remote Administration prevent hackers from attacking your network on open ports.
9-Separate your wireless from the rest of the network – create 2 vlans, one for your wireless computers and another one for your physically connected computers, that way if your wireless side becomes compromise, it will not affect the rest of the network.
10-Use desktop firewalls as an additional layer of defense – Don’t rely on the Linksys router as your only means of defense. Enable Windows firewall or Install a desktop firewall on each PC that’s connected to the Internet through the Linksys router.