The Internet is Infected! The Ultimate Cyber Security Guide for Small Business and Home Computing!

If you find the information on this blog valuable you will find my upcoming three volume cyber security books infinitely more so! Visit my website at http://thatcybersecurityguy.com. My 8 years of research and 900 written pages are about much more than just cyber security as my writing presents valuable small business and general home computer knowledge. Visit me on Twitter @ThatCyberSecGuy. See the ACLU video "Invasion of the Data Snatchers" at YouTube to understand why you need my books and PDF files on the infected Internet.


Sunday, November 30, 2014

Setting up a DD-WRT robust router by author Matthew Robinson

For today’s small business or home computer user, sometimes an ordinary router just doesn’t cut it. Many of us require the manageability and flexibility of a more robust router.  Whether we are setting up a home VPN/SSH server, have the need to manage who can access the network, or desire the ability to configure every aspect of our network, ordinary will just not do.  This is where DD-WRT steps in. Today, I am going to walk you through the basic setup of a DD-WRT router and explore the feature rich interface that it has to offer. Before we get started there are a few questions that need to be answered.

First of all, what exactly is DD-WRT?
DD-WRT is a Linux-based, OpenSource firmware that is made for wireless routers.  It offers all of the functionality for which a home user or small business could ask.  Some of the highlighted features include:

·         Configuring QoS (Quality of Service) to regulate which users or applications take priority.

·         Enable Port forwarding: This option allows you to access your local network from anywhere. The use of a VPN/SSH server gives you secure access to your network or you could enable your home/small business webserver to be accessed from anywhere in the world

·         Access restrictions based on time or destination
How do I get a DD-WRT router?

Currently there are a few ways to get your hands on a router running DD-WRT.  The first option is to buy a router that has the software pre-installed. Due to DD-WRT’s growing popularity there are several places to find a router with it preinstalled.  Manufacturers such as Buffalo http://www.buffalotech.com/products/wireless offers pre-installed DD-WRT routers straight from their website, while other manufactures, such as Asus http://promos.asus.com/US/ASUS_DD-WRT are offering a wider range of products with DD-WRT compatibility.  A simple search on Amazon or eBay will show dozens of results for routers with DD-WRT ready to go.
The other option is for the DIYers out there.  All you need is a router that is compatible with DD-WRT and the latest version of the firmware.  Flashing your router with the new firmware is beyond the scope of this post.  The process can be a little tricky and the steps to complete the task can differ between the various manufactures.  You also risk turning your new (or repurposed) router into a nice paperweight if things don’t go as planned.  For this reason, I recommend buying a router with DD-WRT pre-installed.  It may cost a few dollars more but it’s worth the peace of mind (and the warranty) that comes with it.

DD-WRT.com http://www.dd-wrt.com/wiki/index.php/Installation has extensive documentation on flashing (upgrading/installing) DD-WRT including hardware specific instructions.  It is strongly encouraged that you read through this documentation before upgrading or installing DD-WRT on your router. Installations and upgrades do have specific instructions that vary between different manufacturers.
How do I know if my router is supported?  Where can I find the latest version of DD-WRT?

If you still wish to do it yourself, you can download the latest version of the firmware direct from DD-WRT’s website: http://www.dd-wrt.com/site/index.  Using the router database http://www.dd-wrt.com/site/support/router-database you can check to see if your router is supported.  By selecting your router you will be presented with a list of files containing the firmware that is available for download.

Now that you know what DD-WRT is and where to find a router of your own, let’s explore the basic setup.  For my setup I will be using a Buffalo AirStation N600 router with DD-WRT pre-installed.  The first step is to plug the router in and wait for it to boot up.
Once the router is up and running, go to your wireless enabled device and search for the network.  On Windows 7 Go to Start > Control Panel > Network and Sharing Center and click on Connect to a Network or click on the arrow in the bottom right of the screen > then click the network icon (stepped bars).  This will populate a list in the bottom right of the screen with the available wireless networks.  Select the network that pertains to your router. (Mine was Buffalo-7FB212_A.  The default network name will be listed on the back or bottom of the router as SSID: networkname) > Click Connect.  You will be required to enter the encryption key, which you can find on the back or bottom of the router.

After entering the key, your default web browser will open and prompt you for a user name and password (If your browser does not open automatically, open your browser and type in 192.168.11.1 (192.168.1.1 for other manufacturers) in the search bar.  This will take you to the router interface.)  The default username/password for DD-WRT is root/admin.  This also varies by manufacturer.  For example, the default username/password combination for my router was admin/password.

Immediately after being granted access to the router web interface the wireless Setup Assistant will pop up.  This allows you to change the default SSID and Encryption Key (Password) to whatever you like.  For now, keep it as the default.

As you will notice, there are numerous tabs across the top including Setup, Wireless, Services, Security, Access Restrictions, Nat/QoS, Administration, and Status.  Clicking on each tab reveals a submenu that has even more options.

The first thing you will want to do is check for firmware updates.  To do this Go to the Administration tab > Select Firmware Upgrade from the submenu > under Online Updates click Check for Upgrades.  After checking for upgrades, if there are any that need to be installed click the Radio button next to the file and then Upgrade at the bottom of the screen.  This will take a few minutes to complete.

Note: These directions assume that the router is new and already set to factory default settings. It is recommended to set the router to default settings before upgrading the firmware. During the upgrade process do not power down the router or press any of the buttons on the router.  Doing so could interrupt the upgrade and leave the router in an unusable state.

Once the router is finished with the upgrade process you will need to restart the router for the changes to take effect.  To do so, with the router powered "ON", press and hold the reset button for 30 seconds, which is located on the outside of the router. Then, unplug the router from the power source and continue to hold the power button for another 30 seconds.  Finally, plug the power source back in and continue to hold the reset button for another 30 seconds.

When this is complete the router will boot up using the new version of the DD-WRT firmware.  The default IP address to access the web interface for Buffalo routers is 192.168.11.1 (This can vary between manufacturers).  Type this into your browser search bar and again you will be prompted for a username and password. Enter the password as before and you will be granted access.

There are two more important configurations you need to change before anything else. The default username and passwords for the router and for your wireless network. This can be done by utilizing the Wireless Setup Assistant or changing the configuration under the Administration tab.  Clicking the Setup tab shows you the current configuration of your wireless network.  From this page you are able to change the default SSID and the Wireless Passphrase.  Clicking Apply Settings and Save at the bottom of the screen will allow you to save all configurations.

At this point, you are ready to start configuring your router towards your specific needs.  Take some time to explore the tabs and different options offered.  There are far too many options to list here.

To highlight a few, look under the Access Restrictions tab.  Here you can create different policies to dictate which days and times access to the WAN (internet) is allowed.  You can also choose to block specific URLs or websites containing certain keywords.

Under the NAT/QoS tab you can configure port forwarding to allow services like SSH or VPN to pass through your router.  By clicking the QoS sub-tab you can change the QoS settings to give certain services priority on the network.

Another useful feature of DD-WRT is the ability to run commands from the web interface.  Go to the Administration tab > click on Commands.  Here you are presented with a “Command Shell”.  You can type commands into the shell and choose from the options along the bottom that include: Run Commands, Save Startup, Save Shutdown, Save Firewall, Save Custom Script.  This feature comes in handy during router troubleshooting, diagnostics, and advanced configurations.

One other feature worth mentioning is under the Status tab.  By clicking on the WAN sub-tab you will be able to monitor the network usage by month.  Under the Bandwidth sub-tab you will be able to monitor bandwidth/network usage in real time.

DD-WRT’s advanced functionality combined with its easy to use web interface offer an exciting solution for home users and small business networks.  It can provide the security you need and a solid platform for a controlled, more efficient network.

Your welcome for this free help from author Matthew Robinson.  Matthew gave this free advice to ThatCyberSecurityGuy, LLC, which we all must greatly appreciate.

No comments:

Post a Comment

Please leave a comment so I can improve my writing and content!