Hardening Wireless Router?Security
John Eberechukwunemerem, BSc.
IT Security Manager, || Oracle Cloud Certified || Cybersecurity Analyst, || Cloud Admin, || InfoSec Researcher, || Cybersecurity Consultant,||
Introduction:
In this lab exercise, we use Packet Tracer to simulate the configuration and hardening of a wireless router and its connected devices. The objectives are to configure basic security settings, secure the wireless networks, set up wireless clients including laptops and IoT devices, and verify connectivity and isolation between networks. This hands-on lab aims to address common security issues, such as default credentials and insecure configurations, thereby providing practical experience in protecting a wireless network against potential attacks.
Objectives: Part 1: Configure Basic Security Settings for a Wireless Router
Part 2: Configure Wireless Router Network Security
Part 3: Configure Wireless Clients (Laptop1, Laptop2, Webcam, HomeDoor, Siren) Network Security
Part 4: Verify Connectivity and Security Settings
Requirements: Router PC Desktop Laptop 1 Laptop 2 Siren HomeDoor Webcam
Instructions: Part 1: Configure Basic Security Settings for a Wireless Router It is a good security practice to change the default password of your devices; hackers can discover the default password online.
Step 1: Change the default router password. a. Click the Home, and then click PC desktop> Desktop tab > Web Browser.
b. Connect to the Router at 192.168.0.1.
c. Enter admin for both the username and password.
d. Click the Administration tab, and then enter cicsoacadrocks! for both password fields.
e. Scroll to the bottom and click Save Settings.
f. The router requests that you re-authenticate. Log back in with the username admin and the new password, and then click Continue.
Step 2: Disable remote management. a. From the Administration tab, click the Disabled next to Remote Management.
b. Click Save Settings.
Note: This change will cause the router to reset. Return to PC Desktop and click IP Configuration to check if IP addressing is reassigned. If necessary, toggle between DHCP and Static until PC Desktop receives IP addressing from the 192.168.0.1/24 network. Close IP Configuration, and then click Web Browser. Navigate to 192.168.0.1, and re-authenticate in preparation for the next part of the activity.
Part 2: Configure Wireless Router Network Security Step 1: Configure and broadcast the HomeNet SSID. The practice of turning off the SSID broadcast could potentially make the network a higher target for attack because the administrator is trying to hide it.
a. Click the Wireless tab, and then for each of the three networks, click the Enabled for SSID Broadcast.
b. For each of the three networks, change the SSID from default to HomeNet.
c. Click Save Settings.
Step 2: Configure security for the HomeNet wireless networks. a. From the Wireless tab, click Wireless Security.
b. For each of the three networks, configure the following:
o Security Mode: WPA2 Personal
o Encryption: AES
o Passphrase: ciscorocks
c. Click Save Settings.
Step 3: Configure security for the GuestNet wireless network. a. From the Wireless tab, click Guest Network.
b. For each of the three networks, click Enable Guest Profile, and then configure the following:
o SSID: GuestNet
o Broadcast SSID: Enabled
o Security Mode: WPA2 Personal
o Encryption: AES
领英推荐
o Passphrase: guestpass
c. Click Save Settings.
Part 3: Configure Wireless Clients Step 1: Configure wireless connectivity for the laptops. a. Click Laptop 1, and then click the Desktop tab > PC Wireless.
b. Click the Connect tab.
c. Click the first entry for HomeNet, and then click Connect.
d. Security is already set to WPA2-Personal. Enter ciscorocks for the pre-shared key, and then click Connect.
e. Click the Link Information tab. You should see the message “You have successfully connected to the access point.” If you are still not connected, check the configuration of the router and try this step again.
f. Close the PC Wireless window and click IP Configuration. If the laptop still has an address from the “169” network, toggle between DHCP and Static until it receives IP addressing from the 192.168.0.0/24 network.
g. Repeat this step for Laptop 2, but use the first entry for GuestNet. Enter guestpass as the pre-shared key.
Step 2: Configure wireless connectivity for the IoT devices. a. Click the webcam.
b. Click the Config > Wireless0.
c. Enter HomeNet for the SSID.
d. Choose WPA2-PSK for the authentication, and then enter ciscorocks for the PSK passphrase.
e. Under IP Configuration, click DHCP and verify the device received IP addressing from the 192.168.0.0/24 network. Toggle between DHCP and Static, if necessary.
f. Repeat this step for both the Siren and Home Doors.
Part 4: Verify Connectivity and Security Settings Step 1: Test internet connectivity for wireless laptops. a. Click Laptop 1 > Desktop tab > Web Browser.
b. Navigate to www.ptsecurity.com. Packet Tracer may take several seconds to converge. You can click Fast Forward Time (Alt+D) to speed up the process until the Data Center Public Web page loads.
c. Repeat this step for Laptop 2.
Step 2: Configure security for GuestNet and HomeNet interconnectivity. a. Use any method you wish to determine the IP address for Laptop 1.
b. Click Laptop 2 > Desktop tab > Command Prompt.
c. Enter ping command followed by the IP address for Laptop 1.
Laptop 1 responds to the pings indicating that Laptop 2 can access devices on the home network. You will need to set the router to prevent hosts on different networks from communicating with each other.
d. From PC desktop, if necessary, log back into the router configuration web page at 192.168.0.1.
e. Click the Wireless tab, and then the Guest Network submenu.
f. Uncheck the box next to Allow guests to see each other and access the local network, and then click Save Settings.
g. From Laptop 2, attempt to ping Laptop 1 again. The pings should now fail. This indicates that the hosts are not allowed to communicate between the two networks.
Conclusion:
Upon completing this lab, you have successfully enhanced the security of the wireless router and its associated networks. The process included updating default settings, configuring WPA2 encryption for both home and guest networks, and ensuring that wireless clients are securely connected. Verifying connectivity and enforcing network isolation confirmed that the implemented security measures are effective. This exercise not only mitigates potential vulnerabilities but also reinforces best practices in network security, laying a solid foundation for maintaining a secure wireless environment.