How can I stop someone accessing my wireless home network on Windows 7?

Lets break your home network down so you can understand and ask an appropriate question in order to get a precise answer for your problem.

Here's what I'm seeing your network is based upon what you've told us so far:

[Your PC/Cell Phones/Laptops] ---WIRED/WIRELESS--- WiFi Enabled Router ---WIRED --- ISP Modem --- WIRED --- Cable Jack or Phone Jack.

What you're looking to protect is the intrusion of your Wireless connection at the Router level... Windows 7 means absolutely nothing when trying to protect the router from unauthorized logins from external sources.. If you notice my diagram above, you're the last on the loop of the network.. Protecting your PC will only protect your PC from unauthorized intrusions from your internal network (LAN) and external network (WAN). Depending upon which make/model of router you have will determine what alternatives you may have in order to beef up security and prevent users from hopping onto your network without your permission via wireless.

What you need to do:

1. Find what your default gateway IP address is, this address is the routers IP address and is needed in order to log into it and perform changes. To find what your default gateway IP address is, click Start and in the search bar at the bottom type CMD. You'll see a little black box with C:/. in the center of it. Click it -- that is your Command Prompt and will be referenced as such throughout this document.

2. Inside the command prompt, type IPCONFIG and press enter.

3. Look through the information that is posted on the command prompt for a default gateway. Usually it will be 192.168.0.1 or 1.1 or some variant of that sort. Once you locate it, write it down as you'll need it for the next step.

4. Open up any browser (IE, Firefox, Chrome, Opera -- it doesn't matter which) and type in the default gateway IP address you wrote down in the address bar. Once it's entered, press enter.

5. You'll be prompted for a user name and password. This is where you'll have to remember what you set the username and password to when you set up the router. If you don't know, you'll need to do a little research online for the default username and password as I do not know what type of router and make you have.

6. Once you've typed it in click OK or Login depending on the screen that pops up.

7. When you log in, you'll probably be at the basic info splash screen, you'll need to look around for a Wireless Tab or "Wireless Settings" or "Wireless" there will be a link to manage your wireless connectivity, you'll want to click on that.

8. Once you've clicked on that, this page will help you determine what encryption type you have and the like. If it's WEP, i'd immediately suggest changing it to WPA or WPA2 with AES encryption. It will open up a password section for you to make up your network password. It really doesn't matter how complex the password is, if the hacker wants in, they'll get in if they tried hard enough and long enough. Make it at least longer than 8 characters long.

9. Click save settings and let the router do its rebooting cycle. This may kick all your wireless devices off line -- this is okay and normal especially if you changed the security on it. You'll simply need to reconnect to your SSID and type in the new password you created to get back on line.

That is as far as I'll go for now... There are other things you'll need to do; however, you need to give us the make and model of your router... WPA is still hackable due to the WPS (WiFi Protected Setup) glitch found in many router models. You'll need to disable it as it's really a useless tool to have on your router and prevents people from using Reaver on you.

Personally, people don't tap into secure networks to borrow the Internet, it's simply too much effort to do that and takes a little bit of technical knowledge to do and is not always 100% successful. What I am thinking you saw was someone's cellphone from your household connected up for Internet use... Cellphones have WiFi cards in them now and someone in your home probably wanted to use WiFi because it doesn't count against their bandwidth cap and is genuinely faster.

There are other methods of locking your Internet down but Yahoo! Answers made me delete a few paragraphs because my response is too long...

I hope this helps, if you can give us the router make and model, I'm sure we all could help you better... This is at least a generic step-by-step process that will walk you through your router's config pages.

2

First of all anything can be hacked. Once you have accepted that without losing sleep you can move forward. Now all the encryptions you mentioned above are for wifi connection. To check to see what wireless encryption you are using just click on the wireless icon at the bottom right hand portion of the screen. WPA2 is the best. To change to WPA2 (if needed) you have to access your wireless router/modem's user interface. To do this look up the default ip address for the make and model of the modem/router. type that ip address into your internet browser just like you would for a website. This will take you to the modem/router's login page. The default login information can be looked up online according to make and model of the unit. Once in it will show you what type of wireless encryption your unit supports and you can also change the wireless access password. Some models will even make your SSID invisible so no other computer outside your home can even detect the signal. Hope this helps.

Your iSP will not (nor should they) know anything about your private WiFi LAN.

These are settings you make on your router, and only select Admin's know what they are.

First, look up your model's default entrance info (page: http://www.routerpasswords.com/ )

Write down those values...you need them later.

Disconnect the modem-to-router cable.

Tether a computer to the router. Not the modem jack- use the other one. (You can't access the router Administration by WiFi.)

Open a browser. Type in the router address (192.168.0.1 or similar from that website above).

The Admin. "log-in" page should now appear> Type in those values you got on the above website into the log-in page slots.

Once you have that operational, consider these settings for maximum security:

In the "Security" heading: Set for WPA (WPA2 if your computers support this level) & AES.

(Use WEP only as a last resort: it's apprentice work to crack).

Also;

For the 'SSID' broadcast: give your network a new name (nothing obvious!) & write it down on tape then put that on the router itself; it will be needed to 'Add' your WiFi network later in your computer settings. Once that's entered, TURN OFF SSID broadcast.

To prevent Google from geo-mapping your network, do this: "...opt out of having your wireless access point included in the Google Location Server. To opt out, visit your access point’s settings and change the wireless network name (or SSID) so that it ends with “_nomap.” For example, if your SSID is “Network,” you‘d need to change it to “Network_nomap.”

Disable: UPnP***; QoS and "Ping reply" (unless using VoIP or gaming); and WAN access to Administrative interface.

*** This is critical: there is an exploit in the wild that leverages this feature to gain access.

Change default router Administration "Username" & "Password" to something unguessable and blended characters.

This is not the same as Internet access password: that is the PSK (Pre-Shared Key).

PSK's should be over 9 characters; letters & numbers (mixed), not words. Write your selection into a unit handbook FIRST, then enter the values into the slots. Also put this # on tape & put on the top of the router for easy access.

You might want to also set (in 'Connections') as 'always connected' to prevent disconnects when there is no activity to or from the Internet.

These changes should be "Saved" before you disconnect the CAT5. See your manual for how/where to do that.

Re-attach the modem-to-router cable.

----------

Each device will have to have this new Network info entered in it's WiFi settings.

I believe Windows has a "Wizard" which can copy the relevant info onto a portable USB device, which can then be migrated throughout the other devices...or it can be done the hard way, manually.

Note that MAC address filtering will not be enough to prevent dedicated hackers. MAC's are on the front end of packets, and can be intercepted and cloned within the insurgent NIC card, which gets them access to the WLAN.

The best way is entering into your router settings and set up the Mac Filter with White-list. This will only allow to connect to your wifi the mac addresses that are registered in the white-list. So even if they get the pa sword again they won't be able to connect because their mac address is not registered.

What is the MAC address? You may know the ip address which is the address online and can be change, the mac address is the physical address of a device, so it cannot be changed. You will have to register any device you want to connect to the wifi.

How to do this?

Press Windows Logo Button+R or open Execute

Type: cmd and press enter

This will open the command console.

Type: ipconfig /all

find where it says "default gateway" for example mine is 192.168.1.1

you could have the same or another.

Once you got the ip type it on chrome, firefox or internet explorer just like that: 192.168.1.1 (but yours)

You'll be asked to type the login and password. This comes with the router documents or just google it because it's usualy the same for each router of the same internet provider.

Now you've entered your router settings.

Every router has it's OS. Find MAC FILTERING it should be in SECURITY.

Once you've found it set White-List to allow the registered Macs or Black-list to allow any address but that one. The first one is recommended.

Now get back to the command console and find your WIFI ADAPTER MAC ADDRESS it's where it says LAN ADAPTER WIRELESS CONNECTION or something like that.

It's where it says physical address or mac address. just below the "Description".

Now type that direction in the MAC filtering settings, apply and there you go, the most secure way ever.

Change the password on your wi-fi router.

=

Filter by MAC Address - A MAC address is a unique* identifier NICs and network adapters use for identification. Routers allow you to limit access by MAC address. Entering these unique identifiers into the router access list means only devices that you have explicitly added to the router interface will have access to the WiFI signal.

-

Disable Service Set Indentifier Broadcast - Service Set Indentifier (SSID) is the name of your wireless network. By disabling SSID the name of the network will not be visible to other users within the hotspot range. This will reduce the number of attempts to access your network.

-

Assign each user a username && password.

The following steps refer to a Linksys WAP54G wireless router. The steps for your router may differ. This guide assumes you are connected to your router (either through a network cable or over its wireless signal) correctly.

Open the router's administration panel.

Open your web browser and input your router's IP address. If you do not know this, refer to your documentation. Default for Linsys products is usually 192.168.1.1

Next, Input your router's username and password. Default for Linksys products is usually username: admin password: admin

If you are using the default username and password, go to the Administration tab to change it to something more secure.

Finding who is on your network.

Navigate to the Setup tab.

Scroll down until you see 'DHCP Server' if it is enabled, continue to the next step.

Click on the Status tab and then on Local Network just below the main tabs.

Click the button that says 'DHCP Clients Table'.

This list will tell you the computer name of everyone that is connected to your network on DHCP (DHCP automatically configures a computer's IP and DNS settings)

The most secure implication for wireless networks is to use MAC filtering, as the MAC address for a computer is hard coded and cannot be changed. Simply go into your Wireless router and look for the MAC filtering option. Add the devices that you want to use to the list to accept access, and it will deny any other devices even if they were to get the password.

*if it was working before i wouldn't see it being a driver conflict. *192.168.1.1 will only work once you've made connection to the router *usually limited or no connectivity with wireless indicates an issue with the WEP or WPA key *try going to network and sharing center>manage wireless networks, and removing the profile for the network and trying to connect again inscase it's the profile that is corrupt.

Enable the Media Access Control (MAC) address filter of your router. In that way you can only allow those computer who are on the MAC filter list to connect to your network.