Ultimate Router Guide: How to Optimize Security and Performance



+ Add a Comment


So, say I want to use another wireless router to expand the range of my current wireless network.  Basically, I want to use a router as a repeater or range expander.  The two routers will be too far apart to connect via an ethernet cable.  Can this be done with a regular router?  How would I set that up?  Or do I need to buy a real "wireless range extender" (which, ironically, is more expensive than a router)?


Thanks for the help! 



As already stated this is nice for the novice but even still these guides are a dime a dozen. Maybe the article writer should have done a google search. He would have seen them all over the place. Not to mention most of this stuff can be found right at the manufacturers site.

The Ultimate router guide would have included so much more that you cant get anywhere else. Like actual test results for a number of different brands and models. It would cover things like how many consumer grade routers fail to follow your port forwarding instructions 100% of the time or that you can DMZ a PC or Console and still have ports blocked. Or how quickly these things are overloaded.

Funny how testers will tests the living crap out of a Processor, HDD, Ram, but put out junk like this for a router guide. Isnt it time to expose these router companies for what they really are? Show the consumer how and why wireless really isnt for what they think its for. Like gaming.



Come on Guy's the easiest way to add more RJ45 ports is with a network switch you can get them up to 1 Ghz with 4,8,or12 ports, or more if you go with an enterprise unit; plug the uplink from the router into port 1 of the switch (or the  link port if one is specified) and and you're good to go with no IP address hassels; you can even stick a WAP into the switch if you need another wireless point.



This is a  "router guide" not switch guide, but yes using a switch would be easier.


I would however qualify that by saying going with a new switch won't save you any money, and is less versatile in the long run. Not only that, but your more likely to have a spare router kicking around from a previous upgrade than a spare switch.



Of cours in windows if your wondering what networks are around you for finding a clear channel you can use net stumbler. 
But for us linux users out there I recently discovered a very awesome tool called kismet.  Kismet will not only sniff out all of the wireless networks out there but through packet sniffing will also find out the names of your networks that are not broadcasting.  I found a neighboor who was not broadcasting and also had their network wide open I couldn't believe they went the step of turning off the broadcast but didn't lock it down that was about useless.  If your a linux user try out kismet it's a little tricky to get setup but one it is, it's awesome.



First off, good article. Articles like these are the reason I come to MaxPC.

You write contradictory statements though early on. You write,

"...but the trick to security is to always keep your attackers guessing. Many routers give you the ability to make the wireless network
invisible, but don’t bother with this feature. Setting your network to
invisible might keep people from accidentally latching on to your
connection, but anyone using the right tools can find it easily."

So you say to always keep attackers guessing then in the very next breath, say to ignore a feature that adds yet another layer of "guessing. That's just silly. Of course, if you're securing your router and don't need to broadcast it, why not turn off broadcasting? You know the SSID and as you say, the trick is to keep the attackers guessing and each layer helps.

Turn off that broadcast and maybe your neighbors more visible router will be attacked and not yours.



My point was simply that it dosn't offer (any) security beneift, and isn't worth the hassle.

Keep them guessing at your password, not your SSID which is being broadcast in the clear even if you turn it off.



If I may say I think the point he's trying to get at is that it's not worth the headache or the effort to make it invisible if an intruder just side-steps with a click of the mouse. I've had my fair share of devices that have issues connecting to invisible Wi-Fi networks and it's not very practical to put into use in order keep out a hacker. Having a password and MAC Authentication list would be enough to keep unwanted roamers from connecting.



This article is pretty much useless in regards to security IMO.

Yea, it does tell you to change the default password and does tell you that essentially that WPA2 is the only way to properly encrypt a wireless signal without compromising security, but it really doesn't provide ample coverage in regards to the actual firewall settings in order to lock the router down.

In the matters of the router firewall it fails in my opinion to talk about stateful packet inspection, and how to properly configure your ports to allow only specific types of traffic through. Yes, port forwarding and QoS are important features, but they do nothing when it comes to the actual security of the network.

Also, in the area of security they should have mentioned the fact that users should only have a certain number of IPs allocated to their internal network, i.e. if you are using only 3 computers, only give your network a grand total of three IPs.  Also those IPs should be associated with the specific MAC addresses of those machines.  This way if someone does happen to find the network, they are unable to obtain an IP on the network.  These steps are prudent when you are dealing with both a DHCP and static IP architecture. IMO.

But, I will digress and give you guys credit where it is due, as this guide will help the novice get a little better understanding in regards to the settings of their router.   



Spoofing a MAC address is a cake walk.  It really is a waste of time as that is the first thing a person that knows what they are doing tries.  Right now, WPA2 is about all that is useful for keeping folks off your network.



If Mac address filtering is your only means of security, it's not enough, and is easily defeated. On the other hand if you have a strong WPA2 implementation, this is an unnecessary step. To each their own.




A really easy way to find out what WiFi channels your neighbors are using is to use this command in Windows:

cmd /k netsh wlan show networks mode=bssid

It's not as pretty as the GUI example you showed, but it gets the job done quickly.



Great tip, thanks!



potentially extremely useful article as per usual MaxPC!

noticed a couple errors on terms and grammar (I agree with first poster Lolz) 

W-LAN, WiFiLan OR WLAN but not just WAN

wireless networks are still Local Area Networks but a WAN is a Wide Area Network is owned and maintained by a single ISP (usually) even if its resources (bandwidth, server clusters etc.) are shared or contracted out

you won't find any accurate home wireless networking information by googling (...or Binging) 'WAN'

also a router having a DHCP server has little to do with sharing an Internet connection (ICS or NAT ring a bell..?) 192.168.0.x & 192.168.1.x are Class C Private IP addresses which esidential routers won't route, they just get looped/broadcast back across the network from which the original signal came which can eat up bandwidth at regular intervals, hence the reason for including a DHCP server for efficiency and better management but not in any way enabling the sharing of that priceless Internet connection

one more 'also' lol to implement that router stacking solution you must or rather 'should' (network appliances keep getting smarter so what do I know anyways?) set the gateway in each of the stacked routers to the static IP of the router closer to the Internet than them in terms of wiring or physical connections so that the Internet connection is directly processed instead of adding overhead to the routing firmware (this assumed you plugged the more distant routers into each closer router's main port labeled "Internet" (usually, aka physical residential gateway port)

confuse anybody yet?



Yeah, I'm guessing you will confuse many people with that garbled mess. Jesus. Did you even read that before you posted it? Do you not feel like a total hypocrite for commenting on the author's grammar?



I apologize for my poor spelling & typing

grammar is fine though!!



I'm actually very surprised to see so many networks using WEP.I'm also surprised that devices like the Nintendo DS Lite vI require a WEP password for online play..




That was a good reminder for me. I had to downgrade to WEP a couple of years ago when I bought a DS for my kid's xmas gift. Now that they don't use it any more I can ratchet back up to WPA2.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.