Hardware and software setup

home Computer
Computer

WiFi security. How to secure a Wi-Fi network? Basic and effective tips

So you got WiFi router– it gives you a comfortable and no less fast access to the Internet from anywhere in your house or apartment, which is already excellent. As a rule, most users purchase the distribution device themselves and it happens that they hardly set it up, except perhaps only adjust the basic settings for optimal performance. However, do not forget that setting up Wi-Fi security is necessary if you do not want intruders on your network and the headache that comes with them.

Why are visitors dangerous?

If you do not take care of the proper configuration of certain parameters, they will connect to your network and pull a decent share of the speed for themselves, they can reconfigure the router, or even get to your computer if there is an interested person with certain hacking skills on the other side.

The conclusion is this: if you do not protect yourself, sooner or later it can play a cruel joke on you; this is especially true for places where Wi-Fi can become almost public - high-rise buildings, houses near parks, and so on.

Where to look for router settings

If you just bought the device and have not changed anything yet, but want to at least minimally secure your wireless network, you will need to follow the steps described below.

To get started, open the browser you have on your computer. Find the address bar at the top and enter the values ​​192.168.1.1. If it does not work out, we change the first unit to zero, it turns out 192.168.0.1. Of course, there may be situations when the manufacturer has changed the standard address: in this case, you will find it either on the sticker of the device or on the box.

The next window that you will see will be for the login and password: by default, this is the word admin, or again, we specify it on the device sticker. By the way, the first and most primitive reason for the vulnerability is to leave standard login information on the router.

Well, now that you've already got inside, the fun begins - setting up Wi-Fi security.

How to protect yourself

We will show everything with an example TP-Link modem. And first of all, we will change the username and password.

We find the menu items on the left and select "System Tools" there, and then in the submenu - the "Password" item. Here we enter the old data in the first two fields, then new login and twice New password. After that, we just have to click on "Save".

We continue to strengthen Wi-Fi security and change the network name or SSID. Here we go to the "Wireless Mode" tab and then proceed as shown in the screenshot. It is important to use the Latin alphabet and numbers in the title - we do not use Cyrillic at all.

Some devices also have a special option - hiding the network name, so that after the first correct setting you no longer have to enter anything manually: a computer or tablet will connect automatically, and no one will be able to access the Internet without permission, even from your computer.

The third action, which is aimed at protecting your network, is changing the encryption - everything is clear here. There is no point in using WEP encryption, as it is quite outdated and has many flaws.

Here we are looking for "Basic Settings", then "Wireless Mode" and in it the item "Wireless Security". On the tab, we recommend using WPA-PSK/WPA2-PSK. Now we save again.

Another feature that is needed only 10% of the time, but creates a serious gap, is WPS: we find separate tab with it and turn it off, after which we save the changes again.

Now we have in turn such an aspect of Wi-Fi security as IP protection using Firewall. Of course, all computers that will be connected to the network must also have firewalls enabled and antivirus software installed.

We go to the "Security" tab, there we are interested in " Basic protection". Here we need the "SPI Firewall", in front of which we check the "Activate" item. This gives us another plus on the way to relative security.

As a last resort, if someone can still guess the password, there is such an option as filtering by MAC addresses - by enabling it, you can increase security even more WiFi sharing by severely restricting access to it. In fact, only devices on the list will be able to connect, and others will be closed under any conditions.

We find the item "Wireless Mode" and the sub-item "MAC Address Filtering". Here we need to click on the "Enable" button and select the "Allow" item. Now at the bottom we find the “Add” button and write out the necessary addresses: do not forget to name the devices to make it easier to understand.

To find out the MAC address of your computer, just go to the Start menu and find there command line, or find the “Run” item and enter cmd there: in both cases, you will see a window in front of you, as in the screenshot, in which you need to enter getmac. In the screenshot, the required field is highlighted with a red frame.

To get information about the address of your Android tablet or phone, follow the path: "Settings" > "About phone" > " Technical information". Now you will be protected from all sorts of intrusions.

Some of the devices have inside settings interesting feature– work schedule settings, thanks to which the device will work and will be available only during certain time and on certain days.

Today you will not call something out of the ordinary. However, many users (especially mobile device owners) face the problem of which security system to use: WEP, WPA or WPA2-PSK. What kind of technology, we now see. However, the greatest attention will be paid to WPA2-PSK, since it is this protection that is most in demand today.

WPA2-PSK: what is it?

Let's say right away: this is a protection system for any local connection to a wireless network based on WI-Fi. To wired systems based on network cards using a direct connection using Ethernet, this is irrelevant.

With the use of WPA2-PSK technology today is the most "advanced". Even somewhat outdated methods that require a login and password request, as well as encrypting confidential data during transmission and reception, look, to put it mildly, childish babble. And that's why.

Varieties of protection

So, let's start with the fact that until recently, the WEP structure was considered the most secure connection security technology. It used a key integrity check when connecting any device wirelessly and was the IEEE 802. 11i standard.

WPA2-PSK WiFi network security works, in principle, in much the same way, but it performs access key verification at the 802.1X level. In other words, the system checks all possible options.

However, there is a newer technology called WPA2 Enterprise. Unlike WPA, it requires not only the request for a personal access key, but also the presence of a Radius server that provides access. At the same time, such an authentication algorithm can work simultaneously in several modes (for example, Enterprise and PSK, while using AES CCMP encryption).

Basic protection and security protocols

As well as those of the past, modern protection methods use the same protocol. This is TKIP (WEP based security update software and the RC4 algorithm). All this involves entering a temporary key to access the network.

As shown practical use, by itself, such an algorithm did not give a special security connection in a wireless network. That is why new technologies were developed: first WPA and then WPA2, supplemented by PSK (Personal Access Key) and TKIP (Temporary Key). In addition, the data received and transmitted, today known as the AES standard, were also included here.

Legacy technologies

The WPA2-PSK security type is relatively recent. Prior to this, as mentioned above, the WEP system was used in combination with TKIP. TKIP protection is nothing more than a means of increasing the bit length of the access key. On the this moment it is believed that the basic mode allows you to increase the key from 40 to 128 bits. With all this, you can also change the one and only WEP key to several different ones, generated and sent automatically by the server itself, which performs user authentication at login.

In addition, the system itself provides for the use of a strict key distribution hierarchy, as well as a technique that allows you to get rid of the so-called predictability problem. In other words, when, say, for a wireless network using WPA2-PSK security, the password is set in the form of a sequence like "123456789", it is easy to guess that the same key and password generator programs, usually called KeyGen or something like that, when entering the first four characters, they can automatically generate the next four. Here, as they say, you do not need to be unique in order to guess the type of sequence used. But this, as is probably already understood, is the simplest example.

As for the date of birth of the user in the password, this is not discussed at all. You can easily be identified by the same registration data in in social networks. Digital passwords of this type themselves are absolutely unreliable. It is better to use together numbers, letters, as well as symbols (even non-printable ones, provided that a combination of hot keys is set) and a space. However, even with this approach, it is possible to crack WPA2-PSK. Here it is necessary to explain the method of operation of the system itself.

Typical access algorithm

Now a few more words about the WPA2-PSK system. What is it in terms of practical application? This is a combination of several algorithms, so to speak, in working mode. Let's explain the situation with an example.

Ideally, the execution sequence of the connection protection procedure and encryption of transmitted or received information is as follows:

WPA2-PSK (WPA-PSK) + TKIP + AES.

In this case, the main role is played by a common key (PSK) with a length of 8 to 63 characters. In what sequence the algorithms will be involved (whether encryption will occur first, or after transmission, or in the process using random intermediate keys, etc.), is not important.

But even with protection and an encryption system at the AES 256 level (meaning the cipher key bit length), cracking WPA2-PSK for hackers who are knowledgeable in this matter will be a task, albeit difficult, but possible.

Vulnerability

Back in 2008, at the PacSec conference, a technique was presented that allows hacking wireless connection and read the transmitted data from the router to the client terminal. All this took about 12-15 minutes. However, it was not possible to crack the reverse transmission (client-router).

The fact is that when the QoS router mode is enabled, you can not only read transmitted information, but also replace it with a fake one. In 2009, Japanese experts introduced a technology that reduces the hacking time to one minute. And in 2010, information appeared on the Web that the easiest way to crack the Hole 196 module present in WPA2 is using your own private key.

There is no question of any interference in the generated keys. First, the so-called dictionary attack is used in combination with "brute-force", and then the space is scanned wireless connection for the purpose of intercepting transmitted packets and their subsequent recording. It is enough for the user to make a connection, as he is immediately deauthorized, intercepting the transmission of initial packets (handshake). After that, even being close to the main access point is not required. You can easily work offline. True, to perform all these actions, you will need special software.

How to hack WPA2-PSK?

For obvious reasons, the full algorithm for breaking the connection will not be given here, since this can be used as some kind of instruction for action. Let us dwell only on the main points, and then only in general terms.

As a rule, when accessing the router directly, it can be put into the so-called Airmon-NG mode to monitor traffic (airmon-ng start wlan0 - rename wireless adapter). After that, traffic is captured and fixed using the airdump-ng mon0 command (tracking data of the channel, beacon speed, encryption speed and method, amount of data transmitted, etc.).

Next, the command to fix the selected channel is activated, after which the Aireplay-NG Deauth command is entered with the accompanying values ​​(they are not given for reasons of the legality of using such methods).

After that (when the user has already passed authorization when connecting), the user can simply be disconnected from the network. In this case, when you re-enter from the hacking side, the system will repeat the login authorization, after which it will be possible to intercept all access passwords. Next, a window will appear with a "handshake" (handshake). You can then apply launch special file WPAcrack, which will allow you to crack any password. Naturally, no one will tell anyone exactly how it is launched. We only note that with certain knowledge, the whole process takes from several minutes to several days. For example, an Intel-level processor running on a stock clock frequency 2.8 GHz, capable of processing no more than 500 passwords in one second, or 1.8 million per hour. In general, as is already clear, you should not flatter yourself.

Instead of an afterword

That's all for WPA2-PSK. What it is, perhaps, from the first reading it is clear and will not be. Nevertheless, it seems that any user will understand the basics of data protection and the encryption systems used. Moreover, today almost all owners of mobile gadgets face this. Have you ever noticed that when you create a new connection on the same smartphone, the system suggests using a certain type of protection (WPA2-PSK)? Many simply do not pay attention to it, but in vain. In advanced settings, you can use enough a large number of additional settings to improve the security system.

What could be more important in our time than protecting one's own home wifi networks 🙂 This is a very popular topic, on which more than one article has already been written on this site. I decided to collect all the necessary information on this topic on one page. Now we will understand in detail the issue of protecting a Wi-Fi network. I'll tell you and show you how to protect wifi password how to do it correctly on routers different manufacturers, which encryption method to choose, how to guess a password, and what you need to know if you are thinking of changing your wireless network password.

In this article, we will talk about about securing your home wireless network. And about password protection only. If we consider the security of some large networks in offices, then it is better to approach security a little differently there. (at least another authentication mode). If you think that one password is not enough to protect a Wi-Fi network, then I would advise you not to bother. Set a good, complex password with these instructions, and don't worry. It is unlikely that someone will spend time and effort to hack into your network. Yes, you can also, for example, hide the network name (SSID), and set filtering by MAC addresses, but these are unnecessary troubles, which in reality will only bring inconvenience when connecting and using a wireless network.

If you are thinking about whether to secure your Wi-Fi, or leave the network open, then the solution here can only be one - to protect. Yes, the Internet is unlimited, and almost every house has its own router, but over time, exactly someone will connect to your network. And why do we need this, after all, extra clients, this is an extra load on the router. And if it is not expensive for you, then it simply cannot withstand this load. Also, if someone connects to your network, they can access your files. (if configured the local network) , and access your router settings (after all default password admin, which protects the control panel, you most likely did not change).

Be sure to protect your wifi network a good password with the correct (modern) encryption method. I advise you to install protection immediately when setting up the router. Also, it's a good idea to change your password from time to time.

If you are worried that someone will hack your network, or has already done it, then just change your password and live in peace. By the way, since you will all go into the control panel of your router exactly, I would also advise, which is used to enter the router settings.

Proper home Wi-Fi network protection: which encryption method to choose?

During the password setting process, you will need to select the Wi-Fi network encryption method. (authentication method). I recommend only installing WPA2-Personal, with algorithm encryption AES. For home network, this is the best solution, at the moment the newest and most reliable. It is this protection recommended by router manufacturers.

Only under one condition that you do not have old devices that you want to connect to Wi-Fi. If, after setting up, some old devices refuse to connect to the wireless network, you can install the protocol WPA (with TKIP encryption algorithm). I do not advise you to install the WEP protocol, as it is already outdated, not secure and can be easily hacked. Yes, and there may be problems with connecting new devices.

Protocol combination WPA2 - Personal with AES encryption, this is the best option for a home network. The key (password) itself must be at least 8 characters long. The password must consist of English letters, numbers and symbols. The password is case sensitive. That is, "111AA111" and "111aa111" are different passwords.

I do not know what kind of router you have, therefore, I will prepare small instructions for the most popular manufacturers.

If after changing or setting a password you have problems connecting devices to a wireless network, then see the recommendations at the end of this article.

I advise you to immediately write down the password that you will set. If you forget it, you will have to install a new one, or.

We protect Wi-Fi with a password on Tp-Link routers

Connecting to the router (via cable or Wi-Fi), launch any browser and open the address 192.168.1.1, or 192.168.0.1 (the address for your router, as well as the standard username and password, are indicated on the sticker on the bottom of the device itself). Specify a username and password. By default, these are admin and admin. In, I described in more detail the entrance to the settings.

In settings go to the tab Wireless(Wireless mode) - Wireless Security(Wireless Security). Check the box next to the protection method WPA/WPA2 - Personal(Recommended). Drop down menu version(version) select WPA2-PSK. On the menu Encryption(encryption) install AES. In field Wireless Password(PSK Password) Specify a password to protect your network.

Setting a password on Asus routers

In the settings we need to open the tab Wireless network, and make the following settings:

  • In the "Authentication Method" drop-down menu, select WPA2 - Personal.
  • "WPA Encryption" - install AES.
  • In the "WPA Preshared Key" field, write down the password for our network.

To save the settings, click the button Apply.

Connect your devices to the network already with the new password.

We protect the wireless network of the D-Link router

Go to your D-Link router settings at 192.168.0.1. You can see detailed instructions. Open the settings tab WiFi - Security Settings. Set the security type and password as in the screenshot below.

Setting a password on other routers

We have more detailed instructions for ZyXEL routers and Tenda. See links:

If you did not find instructions for your router, then you can configure Wi-Fi network protection in the control panel of your router, in the settings section called: security settings, wireless network, Wi-Fi, Wireless, etc. I think I can find it won't be difficult. And what settings to set, I think you already know: WPA2 - Personal and AES encryption. Well, the key.

If you can't figure it out, ask in the comments.

What should I do if the devices do not connect after installation, changing the password?

Very often, after installation, and especially changing the password, devices that were previously connected to your network do not want to connect to it. On computers, these are usually errors "The network settings stored on this computer do not match the requirements of this network" and "Windows could not connect to ...". On tablets and smartphones (Android, iOS), errors like "Failed to connect to the network", "Connected, protected", etc. may also appear.

These problems are solved simple removal wireless network, and reconnect, already with a new password. How to delete a network in Windows 7, I wrote. If you have Windows 10, then you need to "forget the network" by. On the mobile devices click on your network, hold, and select "Delete".

If connection problems are observed on older devices, then set the WPA security protocol and TKIP encryption in the router settings.

The question often arises: what type of Wi-Fi encryption to choose for a home router. It would seem a trifle, but with incorrect parameters, to the network, and even with the transfer of information over an Ethernet cable, problems may arise.

Therefore, here we will consider what types of data encryption are supported by modern WiFi routers, and how the aes encryption type differs from the popular wpa and wpa2.

Type of wireless network encryption: how to choose a protection method?

So, there are 3 types of encryption in total:

  1. 1. WEP encryption

The WEP encryption type appeared back in the distant 90s and was the first option for protecting Wi-Fi networks: it was positioned as an analogue of encryption in wired networks and used the RC4 cipher. There were three common data encryption algorithms - Neesus, Apple and MD5 - but each of them did not provide the required level of security. In 2004, the IEEE declared the standard obsolete due to the fact that it finally ceased to ensure the security of connecting to the network. At the moment, this type of encryption for wifi is not recommended, because. it is not cryptographically secure.

  1. 2.WPS is a standard that does not require the use of . To connect to the router, just click on the appropriate button, which we described in detail in the article.

Theoretically, WPS allows you to connect to an access point using an eight-digit code, but in practice, only four are often enough.

This fact is quietly used by numerous hackers who quickly (in 3 - 15 hours) hack wifi networks, so use this compound also not recommended.

  1. 3.Encryption type WPA/WPA2

Things are much better with WPA encryption. Instead of the vulnerable RC4 cipher, AES encryption is used here, where the password length is an arbitrary value (8 - 63 bits). This type encryption provides a normal level of security security, and is quite suitable for simple wifi routers. In this case, there are two varieties of it:

Type PSK (Pre-Shared Key) - connection to the access point is carried out using a pre-shared given password.
- Enterprise - the password for each node is generated automatically with verification on RADIUS servers.

The WPA2 encryption type is an extension of WPA with security improvements. This protocol uses RSN, which is based on AES encryption.

Like WPA encryption, WPA2 type has two modes of operation: PSK and Enterprise.

Since 2006, the WPA2 encryption type has been supported by all Wi-Fi equipment, and the corresponding geo can be selected for any router.

Advantages of WPA2 encryption over WPA:

Encryption keys are generated during the connection to the router (instead of static ones);
- Using the Michael algorithm to control the integrity of transmitted messages
- Use of an initialization vector of significantly greater length.
In addition, the type of Wi-Fi encryption should be chosen depending on where your router is used:

WEP, TKIP, and CKIP encryption should not be used at all;

For a home access point, WPA / WPA2 PSK is fine;

For worth choosing WPA / WPA2 Enterprise.

Greetings.
WiFi network protection is considered important point especially if you live in an apartment building.
And if you have an open network, there is a chance that you will start intercepting passwords, I wrote one of these methods in this article.
Of course, if you don’t feel sorry for the Internet, then you need to at least use vpn services to encrypt your data and at least change the password of the router’s admin panel.
In the article protecting a wi fi network, we will consider some types of protection.
Changing the login password for the router interface(must do)

Protecting the router from kicking(attack by picking up pin code).
- Allow only your devices to connect to WI FI.

- Learn how to hide the router from prying eyes.

The last 2 points can lead to a bit of a hassle if you may have new devices in the house frequently. Therefore, they are not required, but if you have a lot of paranoia, then you can apply them.

I will consider the example of my router DSL-2640U.

Your interface may differ, but everything will be similar in meaning.

WiFi network protection.

Open any browser (through which you access the Internet).
Enter in address bar 192.168.1.1 (maybe you will 192.168.0.1 ) to go to the router settings.


The menu of your router will open.
Enter Username and password interface ( username and password).
If you have not changed anything, then most likely you need to enter in the name field Admin, you may have a password too Admin or it may not exist at all.
If not suitable, then specify in the instructions or in the search engine.

Change the password for entering the router interface.

Entering the interface go to "Advanced settings- System- Administrator password
Enter new password(new password) and password confirmation (confirm password).
When you press apply (save).


Now entering the interface 192.168.1.1 you will enter the new password that you have come up with.

Why do you need to change your password.

If you have a standard password, for example, unscrupulous neighbors can connect, get into the interface of your router and change something there, for example, to harm you somehow, believe me, such people can easily be found.

Enabling / changing the password for connecting to WI FI.

Let's move on Settings - Wi FI - Security Settings


Network Authentication(WIreless security mode) - encryption method. Better choose WPA / WPA2 because wep outdated and easily hacked.
PSK Encryption Key, password to connect to Wi-Fi. It is better to set the password consisting of small and large letters as well as numbers, this is more difficult to crack.
After settings press save(Save).

Protecting a wi fi network (router) from pin selection (kicking).

Even without knowing the Wi FI password on outdated devices, you can connect by selecting a pin to WPS .
I consider this function superfluous (personally, it is always easier for me to enter the Wi FI password).
Let's go to point WiFiWPS and if you have a check mark "Enable WPS" uncheck it and click apply.

I remind you that the following 2 points can cause some trouble in the future if you often connect to Wi Fi new devices. But if it's important to you good protection wi fi networks, then apply.

Hide your network from prying eyes.

With this item, your network will not be visible in the list of available ones; in order to connect to it, you must enter the network login.
Let's go to point "Wi Fi - Basic Settings".
Put a tick "Hide hotspot".


You may have the option "Enable wireless connection"(activate network privacy) .
Still change SSID to whatever is convenient for you. This is the login that will allow you to connect to Wi-Fi later.

How to connect to Wi-Fi later .
On Windows 7 .
Click on the network management icon (in the lower right corner, where the clock is).


Network and Sharing Center.
Wireless network management.


Add .
Create a network profile manually.
Enter the network name(SSID you have set)
The type of security in case there is encryption and a password for Wi FI, choose the one that you have configured
The WI FI password that you set earlier. And click next.
The entire network has been created. You can click on the created network right click mice, "Properties" and put "connect automatically if the network is in range" .

We allow only your devices to connect to WI FI.

If you have only a few of your devices and you only connect from them, then this
a good option for point wi fi network protection. We will set up a connection filter by mac addresses.
Go to WiFi - Mac filter(Advanced - mac filter.)


Now, for ease of setup, I recommend connecting all Wi-Fi devices that you have at home.
Tab "Mac addresses" .
Known Ip/mac addresses list connected devices.
Click on the list and add devices one by one.

When everything is added, click apply (save).
When added, in the tab "filter mode" choose "allow(Turn mac filtering on and allow)".
Now only allowed devices will be able to connect.

We enter a list of devices.
If you want to connect a new device, you need to go back to the router settings and enter the mac address in the "Mac Addresses" table.

How to find mac address on windows.

Open command line. To do this, click Start, in the search for programs and files type "cmd" and select CMD.exe from the list

We enter the command getmac and press enter on the keyboard.


In the physical address section, there is a mac (the very first one) that needs to be entered into the filter.
On the Android devices .
Settings - Wi FI - Advanced.

There you will see the item "mac address" and it should be added to the list.

That's all, I think that the issue of protecting wi fi networks has exhausted itself.
Take care of yourself and your computers.

Liked the article? Share with friends!
Twitter
print
Was this article helpful?
Yes
Not
Thanks for your feedback!
Something went wrong and your vote was not counted.
Thank you. Your message has been sent
Did you find an error in the text?
Select it, click Ctrl+Enter and we'll fix it!
Related Tips
First look at the iPhone SE Video reviews iPhone SE
First look at the iPhone SE Video reviews iPhone SE
Samsung A9 processor is more voracious than TSMC iPhone SE in hand
Samsung A9 processor is more voracious than TSMC iPhone SE in hand
Sharp has created the world's first completely frameless smartphone
Sharp has created the world's first completely frameless smartphone
Sharp Aquos S2 is the new smartphone with the smallest bezels
Sharp Aquos S2 is the new smartphone with the smallest bezels
Proper charging of iPhone, iPad, MacBook batteries
Proper charging of iPhone, iPad, MacBook batteries
Why do photographers choose RAW format for photography?
Why do photographers choose RAW format for photography?