Protection in Wi-Fi networks has been constantly improved since the advent of this wireless technology. Recently, it has evolved so that almost all modern routers are protected from possible attacks by strong passwords, sophisticated encryption methods, built-in firewalls and many other means of protection against intruders. But what happens if the encryption algorithms that still make Wi-Fi one of the most secure protocols turn out to be hacked?

This is exactly what happened in the fall of 2017, when Belgian researchers from Leuven University found several critical vulnerabilities in the WPA2 protocol and published a detailed report on this. The WPA2 protocol is used to protect most Wi-Fi networks in the world and is considered the most reliable security tool available for mass use.

Content

How to protect your data if Wi-Fi no longer guarantees security?

The fact that the WPA was hacked is troubling news that affects many electronic devices, but there is no reason for alarm.

In fact, the researchers found a vulnerability in the Wi-Fi protocol, which makes wireless traffic potentially accessible to attack by cybercriminals. In other words, anyone can use this flaw in network security to spy on other people's actions on the Internet, steal credit card numbers, passwords, intercept messages in instant messengers, etc.

Fortunately, manufacturers of many gadgets have already managed to improve and modify their devices, eliminating the vulnerability found. And besides, WPA2 is far from the only wall of protection between the hacker and the personal data of users.

To hack someone else’s Wi-Fi, an attacker, first, needs to position his receiving antenna within the range of the radio channel, and secondly, most of the information on the Internet is transmitted in an encrypted form, and in any case, the hacker will not be able to read it.

The https protocol, which most web servers run on, adds an extra layer of protection to the connection, as well as the use of VPN services.

That is why you always need to remember the lock icon in the address bar of the browser. If a small padlock is not displayed there, this means that the site does not use the https protocol, and all information entered into the forms, including passwords, may be available to third parties.

That is why, before sending somewhere your home address or payment data, you always need to make sure that there is a lock in the address bar.

All the leading software developers almost immediately after the news about the vulnerability of the Wi-Fi protocol released the corresponding patches for their products. For example, Microsoft released an update for Windows in October 2017. Apple also fixed its macOS and iOS operating systems at about the same time.

Google released an update for Android in November, so each owner of devices with this platform needs to read the About section in the phone or tablet settings to find out when the last security update was. If it was running before November, and Android 6 or an earlier version of the OS is installed on the phone, then an update is necessary.

Which wireless security standard should I prefer?

Wireless routers can use a wide range of different protocols to encrypt data. Here are three basic standards that most home and office routers work with:

1. Wired Equivalent Privacy (WEP): this protocol was introduced in 1997 immediately after the development of the 802.11 Wi-Fi standard; WEP is currently considered unsafe and already since 2003 it has been replaced by WPA information security technology with the TKIP encryption method.

2. Integrity Key Temporal Key Protocol (TKIP). This standard is also obsolete and is phasing out. But unlike WEP, it can still be found in the firmware of many models of modern equipment.

3. Advanced Encryption Standard (AES). This standard was introduced immediately after TKIP in 2004, along with an updated and improved WPA2 connection certification system. Routers working with this technology should be preferred when choosing new network equipment. Wireless gadgets must also support AES in order to communicate properly with such routers. Despite the vulnerability mentioned above, WPA2 is still considered the best Wi-Fi protection method. Currently, router manufacturers and Internet service providers typically use WPA2 as a standard; some of them use a combination of WPA2 and WPA to make it possible to work with the widest range of wireless gadgets.

In the technical documentation for routers, you can also sometimes see letters PSK, which mean Pre-Shared-Key or Personal Shared Key. When there is a choice, it is always better to give preference to models with WPA2-PSK (AES) instead of WPA2-PSK (TKIP), but if some old gadgets cannot connect to the router, then you can stop at WPA2-PSK (TKIP). TKIP technology uses the advanced WPA2 encryption method, leaving older TKIP-dependent devices able to connect to wireless routers.

How to secure your Wi-Fi

Disabling WPS

WPS stands for Wi-Fi Protected Setup, a standard and protocol that was created to make wireless setup easier. Despite its practicality and functionality, this solution contains a serious flaw: an eight-digit PIN code consisting of only numbers is easy to break by primitive selection, and this creates a convenient starting point for hackers who want to take over someone else's Wi-Fi.

To find out if a wireless router uses WPS or not, you need to take a closer look at the box in which it is delivered: WPS support is indicated by the presence of a special logo on the package and a separate physical button on the device’s body. From the point of view of protection against hacking, it is better to disable this protocol and never use it.

article

Kaspersky Lab blog article.
VPN Kaspersky Secure Connection
Microsoft support site.

(System Tools → Password).
article.
Click Save (Save).

The interfaces of the routers vary depending on the manufacturer, the specific model and firmware version. To navigate the settings of the router, use the user manual for your model. As a rule, it is attached to the router, or you can download it on the device manufacturer’s website.

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section ( Wireless → Basic Settings).
In field Wireless name (Wireless network name
Click Save (Save).

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section Wireless Mode → Basic Settings (Wireless → Basic Settings).
Uncheck Enable SSID Broadcast (Enable SSID Broadcast).
Click Save (Save).

Disable WPS

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the settings page of the router, go to the section Wireless → WPS (Wireless → WPS).
Click Disable (Disable).

Enable Encryption

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section ( Wireless → Wireless Security).
Select WPA / WPA2 - Personal.
In field Version (Authentication Type) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

article.

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section Wireless → Wireless Security (Wireless → Wireless Security).
Select WPA / WPA2 - Personal.
In field Wireless password (Wireless password
Click Save (Save).

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section ().
Click Add (Add new).

Included (Enabled).
Click Save (Save).

Click Enable (Enable).
Select ().

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.

In the window Network connections double tap.
In the window condition click Wireless Features.
In the window Wireless Features go to tab Security.
Choose security type WPA2-Personal article.
Click Ok.
Close the window condition.

Windows 10, Windows 7, 8, 8.1, 10.

For all products: Software compatibility

For all products: Purchase and license

For all products: Before installation

For all products: Getting started

For all products: Software Setup

For all products: Uninstall programs

For all products: Bugs

For all products: Secure payments.

For all products: Diagnostics and reports.

For all products: My Kaspersky Articles

For all products: Windows Articles

When you connect to a public Wi-Fi network, such as a cafe, the data is transmitted in unencrypted form. This means that your passwords, logins, correspondence and other confidential information are becoming available to attackers. Email addresses can be used to send spam, and the data on your social network page can be changed.

Home Wi-Fi networks are also at risk. Even the highest level of security for wireless networks: WPA2 encryption - can be “hacked" using the attack method with the key reset (KRACK). See the Kaspersky Lab blog article for more details.

When connecting to any Wi-Fi network, always follow these guidelines:

Make sure you have Firewall installed and turned on. This protection component checks network traffic and protects your computer from network attacks.
The firewall is part of Kaspersky Lab's programs: Kaspersky Internet Security, Kaspersky Anti-Virus, Kaspersky Total Security, Kaspersky Security Cloud and Kaspersky Small Office Security.
Use a secure HTTPS connection. Make sure that your browser’s address bar has a green or gray padlock icon. See the Kaspersky Lab blog article for more details.
Secure your connection with a VPN by adding another layer of encryption. To do this, install Kaspersky Secure Connection on your device and enable a secure connection each time you connect to the Internet.
If you use the Windows operating system, turn off the file and printer sharing service for all public networks to which you are connecting. Instructions on the Microsoft support site.
If possible, use mobile Internet instead of public Wi-Fi networks.

Create a strong password to access your router

As a rule, standard login and password are used to access the settings of the router. An attacker can find out the login and password from your router by downloading the user manual for the device from the manufacturer’s website. To prevent this, change the password for the router.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the password for accessing the router:

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section System Tools → Password (System Tools → Password).
Enter the username, old and new password to access the router. Recommendations for creating a strong password in the article.
Click Save (Save).

The password for accessing the router will be changed.

Create a unique name (SSID) for your Wi-Fi network

Often, password crackers use a rainbow table. Pre-created rainbow tables for popular SSIDs store millions of possible passwords. If your SSID and password are in such a table, an attacker will be able to instantly recover the password to the network using special programs.

To increase the security of your home wireless network, come up with a non-proxy SSID.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the Wi-Fi network name:

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section Wireless Mode → Basic Settings (Wireless → Basic Settings).
In field Wireless name (Wireless network name) invent and enter a name for the Wi-Fi network.
Click Save (Save).

The name for the Wi-Fi network will be changed.

Make your Wi-Fi network invisible

In the settings of the router, hide the network name. Your Wi-Fi network will not appear in the list of available wireless networks. It will be impossible to detect it without special software.

For example, we show the configuration of the TP-Link TL-WR841N router. To make a Wi-Fi network invisible to other devices:

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section Wireless Mode → Basic Settings (Wireless → Basic Settings).
Uncheck Enable SSID Broadcast (Enable SSID Broadcast).
Click Save (Save).

Your Wi-Fi network will be invisible to other devices.

Disable WPS

WPS technology is designed to simplify connecting devices to Wi-Fi networks. Using WPS, you can connect to a router without a password. We recommend that you disable WPS in your router settings.

For example, we show the configuration of the TP-Link TL-WR841N router. To disable WPS:

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section Wireless → WPS (Wireless → WPS).
Click Disable (Disable).

WPS technology will be disabled.

Enable Encryption

When working on a network with weak encryption, cybercriminals can intercept your data. If you connect to your home network and receive a message about weak encryption, change the encryption type to more reliable. Common types of wireless encryption: WEP, TKIP, WPA, WPA2 (AES / CCMP).

The main difference between them is the level of protection. We recommend WPA2, as it is the most reliable of the proposed.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the type of wireless encryption:

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section Wireless → Wireless Security (Wireless → Wireless Security).
Select WPA / WPA2 - Personal.
In field Version (Authentication Type) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

Wi-Fi network encryption will be enabled.

Create a strong Wi-Fi password

Without a password, your Wi-Fi network will be accessible to everyone. A strong password will not allow outsiders to connect to it. Recommendations for creating a strong password in the article.

For example, we show the configuration of the TP-Link TL-WR841N router. To create a password:

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section Wireless → Wireless Security (Wireless → Wireless Security).
Select WPA / WPA2 - Personal.
In field Wireless password (Wireless password) invent and enter a password for the Wi-Fi network.
Click Save (Save).

A password for the Wi-Fi network will be created.

Enable MAC Filtering

Each device that has a network card or network interface has its own MAC address. Create a list of MAC addresses of trusted devices or deny devices with specific MAC addresses to connect.

For example, we show the configuration of the TP-Link TL-WR841N router. To configure MAC address filtering for trusted devices:

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.
On the authorization page, enter your username and password. If you did not change them, they are indicated on the back of the router.
On the settings page of the router, go to the section Wireless → MAC Filtering (Wireless → Wireless MAC Filtering).
Click Add (Add new).

Enter MAC address, device description and select status Included (Enabled).
Click Save (Save).

Click Enable (Enable).
Select Allow access to stations specified in the included rules from the list (Allow the stations specified by any enabled entries in the list to access).

Access to the router will only be for those devices whose MAC addresses you have added to the list.

Reduce Wi-Fi Signal Radius

In the settings of the router, reduce the transmit power to a value when the network signal will be received only within your premises. The reduced radius of the Wi-Fi signal will not allow outsiders to connect to it.

For example, we show the configuration of the TP-Link TL-WR841N router. To reduce the radius of a Wi-Fi signal:

Enter the IP address of the router in the address bar of the browser. You will be taken to the login page to the router settings. The IP address of the router is shown on the back of the device and in the user manual.

In the window Network connections double tap Wireless network connection.
In the window condition click Wireless Features.
In the window Wireless Features go to tab Security.
Choose security type WPA2-Personal and change the network security key. Recommendations for creating a strong password in the article.
Click Ok.
Close the window condition.

The key and type of Wi-Fi network security will be changed.

After changing the settings of the home Wi-Fi network, devices will not be able to automatically connect to this network, so you need to reconnect to the wireless network. See detailed instructions on the Microsoft support site for Windows 10, Windows 7, 8, 8.1, 10.

Now in most apartments and houses there is more than one device that is connected to the Internet. This led to the popularity of routers and wireless access points, which almost completely replaced the connection of the ISP cable directly to a single computer. Now the wire of the Internet connection service provider is included in a special device that allows you to use the same connection for several computers at once, as well as connect mobile devices, laptops and ordinary computers via Wi-Fi, combining them in a local network.

Routers are at home, warm and comfortable, and this gives rise to a false feeling that the routers are safe. This is not at all true, each router stands on seven winds - in a very aggressive environment: any (literally ANY) within the reach of a wireless signal can interact with your router, record the transmitted traffic; you also need to remember that routers have Internet access, where numerous automated scanners can scan ports, running services dozens of times a day, sort passwords, and perform exploits in relation to your router.

Your router needs protection - without your help, it can become a victim of hackers, this article will tell how to protect and configure a Wi-Fi router so that it is impossible to crack.

What can hackers get by hacking a Wi-Fi router?

Many users are frivolous about protecting the router, because they do not understand the danger that a hacking router can entail. It is curious that most users understand the danger of hacking their computer, since an attacker can gain access to their personal data, photos, passwords. It is very important to understand that hacking a router is a previous step towards hacking a computer. Having penetrated the router, a hacker can:

perform a man-in-the-middle attack, which is aimed at intercepting passwords and other data that you transmit over the network;
perform a man-in-the-middle attack aimed at infecting the user's computer with a backdoor or trojan;
perform phishing attacks aimed at obtaining logins and passwords from sites, luring money, infecting your computer with a backdoor or trojan;
monitor network activity of users;
block the Internet connection completely or to individual sites;
use an Internet connection for criminal activity (law enforcement agencies will see your IP as the address of a cybercriminal);
access webcams and other peripheral equipment connected to your router
make changes to the firmware of the router.

Hacking a router is a serious threat that can lead to serious consequences for the user.

How to get into the router settings

In most cases, a web interface is used to manage routers, i.e. You can make all the settings directly from the browser. Your computer and your router are on the same local network (it doesn’t matter if you use Wi-Fi or a wire). To get "inside" your router, type in the browser bar

If this address does not work, then sometimes it can be

You will be greeted by a form for entering a username and password. You can see them in the device passport, on the box, on the case. Or just look for the default (factory) credentials for your router on the Internet.

Each model has its own peculiarities of interface design and grouping of settings, but usually there are always items “Wireless Network”, “Local Area Network” and “Internet”. Menu items and settings may be called a little differently, but if you understand the meaning of the settings, you can easily find it at home.

Recommendations for protecting your router and Wi-Fi access point from hacking

Use a password to access your network.

Do not leave your wireless network open (“Open”), choose encryption (authentication method) WPA or WPA2.

Stop using WEP

WEP is an outdated, virtually unused Wi-Fi security algorithm. It can be hacked in minutes. Nevertheless, access points with WEP still come across, so check yours and if it uses WEP for encryption, switch to WPA or WPA2.

Disable WPS

WPS (Wi-Fi Protected Setup) provides an easy but not secure way to create a wireless network. Depending on the degree of vulnerability, WPS, and then Wi-Fi password, can be cracked in a day or even in a matter of minutes.

Set a strong password

Since, by its very nature, a Wi-Fi network is accessible to anyone within its range, anyone can try to connect to it by trying different passwords (called online brute force). Another technique is also popular, which is based not on attempts to connect, but on the capture of certain data that a legitimate user and access point exchange at the time of connection and their subsequent hacking (offline busting). The use of the latter allows you to bust at a speed of tens and hundreds of thousands of passwords per second. You can protect yourself from such an attack only by setting a long and complex password.

The following rules will allow you to almost guaranteedly protect yourself from any hacks by brute force:

use a long password. Wi-Fi password cannot be less than eight characters. If possible, try to use passwords of 10 or more characters;
the password should not be a meaningful phrase, consist of several united meaningful words, since such a variant of the password can be cracked using a dictionary;
use four character classes in the password: numbers, uppercase and lowercase letters, punctuation marks;
from time to time, for example, once every few months, change your password to a new one.

The screenshot above shows that routers often use generated passwords consisting of eight characters and including three classes of characters (uppercase and lowercase letters, numbers): L95atyz7, 6rQTeRBb, YssvPT4m, WJ5btEX3, dn8MVX7T. To crack these passwords on a typical home computer, it will take 1-3 years of continuous enumeration. BUT having assembled the computer on several top-end video cards (by doing something like a “farm” for mining), a complete search of such a password can be reduced to one to several months. In my opinion, such passwords cannot be considered reliable. As already mentioned, add a fourth class of characters (syntax characters) and increase the number of characters - this will guarantee you that your Wi-Fi network will not be hacked even with very powerful equipment.

Check 5 GHz network settings

Many users do not know that their router operates in two frequency ranges: 2.4 GHz and 5 GHz. If you have secured one range, but forgot about the other, then the attacker can take advantage of this. Set a strong password for the 5 GHz network, disable WPS for it. If you are not using the 5 GHz band, you can simply turn it off.

Set a strong password to log into the admin panel of the router

As already mentioned, your router is connected to local and global networks, where anyone can try to connect to it. To prevent an attacker from picking up a password, set a long password using different character classes.

Change admin name

Change the username from Admin / admin to another, less predictable one - this will further complicate the task of password selection.

Disable access to the router control panel from the Internet

In the vast majority of cases, you just need access to the admin panel of the router from the local network. If you do not need access to the router settings from an external network (from the Internet), disconnect it, this will not allow the attacker to try to find the login password. This setting may be called Enable Web Access from WAN.

Update the firmware of your router

Even with a strong password, an attacker can gain access to the router or get this password in clear form if the router contains a vulnerability. New firmware from manufacturers should eliminate vulnerabilities and other errors, improve stability and functionality, so regularly (every few months) check for new firmware and update them on your router.

Search for vulnerabilities in the router

Unfortunately, sometimes vulnerabilities are found after the manufacturer ceases to support the router. This can lead to a situation where hackers are aware of a vulnerability in your router, but there are no firmware updates.

You can check your router for vulnerabilities with Router Scan by Stas’M. This is a pretty easy to use GUI program.

If you are familiar with Linux, then you can use a similar program RouterSploit, it may contain exploits that are not in Router Scan. Instructions for use:

If your router is vulnerable without the possibility of updating the firmware, it is recommended to abandon its use and replace it with a new one.

Disable unused network services

The more complex the device, the more potential points for the application of the hacker's efforts. Many of the network services and additional features are not used by most users, and some of them also contain known vulnerabilities. Therefore, disable SSH, FTP, Telnet, file sharing from the Internet (for example, AiDisk), file / media server (for example, UPnP), SMB (Samba), TFTP, IPv6 and others that you do not need.

Enable HTTPS for administrative connections

On most routers, it is disabled by default. This setting will allow you to prevent the interception of your password from the admin panel of the router if you connect to it from the Internet, or in the middle of an attack if the attacker has already penetrated your local network.

Exit (log out) when you finish working on the router

Simply closing the page may leave the authorization session in the router open.

Turn on logging

It is a good habit to check the logs for suspicious activity from time to time. Correctly set the clock and time zone so that the logs are more accurate.

Check logs, control connected devices

This already applies to identifying a router hack - this issue will be discussed in more detail below.

Set up a Guest Network

Many modern routers can create separate guest networks.

Make sure that it has access only to the Internet, and not to the local network. Naturally, use WPA2 and, of course, the password should be different, not the same as your main Wi-Fi.

Additional steps to protect the router

If you still have little previous, then here are some more tips.

Change the default IP address range for your local network

All routers for users that I saw have the same range of local addresses. This is 192.168.1.x or 192.168.0.x. This facilitates an automated attack using a script.

Available ranges:

Any 10.x.x.x
Any 192.168.x.x
172.16.x.x to 172.31.x.x

Change the default local address of the router

If someone penetrates your network, they know for sure that the address of your router is x.x.x.1 or x.x.x.254, making it difficult for them.

Restrict administrative access over a wireless network

This is not for everyone. For example, it may be that absolutely all computers are connected only over a wireless network. But if this can be done, then this will greatly complicate the task of the attacker.

Using MAC Filter

A little effective way of protection, because an attacker can easily find out MAC addresses that are skipped and fake them. No need to rely on this protection.

Network hiding

Security-ineffective reception. It does not impair security, but it does not increase it, because an attacker can easily find out the name of a network.

Signs of a hacked Wi-Fi router

Change router settings without your knowledge

If any settings were changed by illegitimate users, and especially the password for entering the administration panel, DNS, VPN settings was changed, then this is a sign that the hacker has gained access to your router.

Control devices connected to your local network

Programs such as NetworkConnectLog and Wireless Network Watcher () can be used for this.

An unauthorized connection means that your network is compromised.

View the router log

If your router supports logging, which records the device administrator’s input, then regularly review it to identify suspicious activity.

Man-in-the-middle attacks and weird network outages

Advanced users, in addition to discovering new devices on the network, can also take actions to identify attacks that have begun against them “)”.

Strange network disruptions can also indicate changes to the network equipment settings and interception / modification of traffic by the attacker.

Today, wireless networks play an important role in the lives of users. If 10 years ago it was considered common to carry an Internet cable behind a laptop, today today every phone is connected to the Internet via wi-fi. Computers, laptops, netbooks, tablets, smartphones, printers - all this equipment can be connected to the network and connected simply by air. And of course, such equipment is not only with you, but also with others. Therefore, it is extremely important to be able to protect your wireless network.

1. Protection directly of the wi-fi network itself.

You must select a reliable type of security and install a security key that is difficult to select. We recommend choosing a WPA2-PSK and a 8-10 character security key.

Often, it is also not superfluous to hide the wi-fi network. To do this, check the box. Enable hidden Wireless (see pic above)

In some cases, it makes sense to adjust the transmitter power so that the access point covers your apartment, but does not “push” to the neighbors.

2. Protection of the access point (or router)

For example, D-Link DIR-300:

Go to the section MAINTENANCEselect subsection Device administrationin setting Admin passwordenter the new password twice:

And in the setting Administration uncheck Enable Remote Managementwhich will make it impossible to access the device’s web interface from the Internet.

What today can be more important than protecting your home Wi-Fi network 🙂 This is a very popular topic on which more than one article has already been written on this site. I decided to collect all the necessary information on this topic on one page. Now we will examine in detail the issue of protecting Wi-Fi networks. I’ll tell and show how to protect Wi-Fi with a password, how to do it correctly on routers of different manufacturers, which encryption method to choose, how to choose a password, and what you need to know if you plan to change the wireless password.

In this article we will talk specifically on securing your home wireless network. And about password protection only. If we consider the security of some large networks in offices, then it’s better to approach security a little differently (at least another authentication mode). If you think that one password is not enough to protect Wi-Fi networks, then I would advise you not to bother. Set a good, complex password according to this instruction, and don’t worry. It is unlikely that someone will spend time and effort to break into your network. Yes, you can, for example, hide the network name (SSID), and set up filtering by MAC address, but these are unnecessary troubles that will only bring inconvenience when connecting and using a wireless network.

If you are thinking about protecting your Wi-Fi, or leaving the network open, then the only solution here is to protect. Yes, the Internet is unlimited, but almost every home has its own router, but over time, exactly someone will connect to your network. And why do we need this, because extra customers, this is an extra load on the router. And if it’s not expensive with you, then it simply cannot withstand this load. And if someone connects to your network, he will be able to access your files (if LAN is configured), and access to the settings of your router (After all, the standard password admin, which protects the control panel, you most likely did not change).

Be sure to protect your Wi-Fi network with a good password with the correct (modern) encryption method. I advise you to set up protection immediately when configuring the router. And also, it would be nice to change the password from time to time.

If you are worried that someone is hacking your network, or has already done so, just change the password and live in peace. By the way, since you will all be logged into the control panel of your router, I would also advise which one is used to enter the router settings.

Proper protection of your home Wi-Fi network: which encryption method to choose?

In the process of setting a password, you will need to choose a method for encrypting Wi-Fi networks (authentication method). I recommend installing only WPA2 - Personal, with encryption according to the algorithm AES. For a home network, this is the best solution, at the moment the newest and most reliable. This is the kind of protection that router manufacturers recommend installing.

Only under the condition that you do not have old devices that you want to connect to Wi-Fi. If after setting up some old devices you refuse to connect to the wireless network, you can set the protocol WPA (with TKIP encryption algorithm). I do not recommend installing the WEP protocol, as it is already outdated, not secure, and can be easily cracked. Yes, and there may be problems connecting new devices.

Protocol combination WPA2 - Personal with AES Encryption, this is the best option for a home network. The key itself (password) must be at least 8 characters. Password must consist of English letters, numbers and symbols. Password is case sensitive. That is, “111AA111” and “111aa111” are different passwords.

I don’t know which router you have, therefore, I’ll prepare small instructions for the most popular manufacturers.

If after changing or setting a password you have problems connecting devices to a wireless network, then see the recommendations at the end of this article.

I advise you to immediately write down the password that you will set. If you forget it, you will have to install a new one, or.

We protect Wi-Fi with a password on Tp-Link routers

We are connected to a router (via cable or Wi-Fi), launch any browser and open the address 192.168.1.1, or 192.168.0.1 (the address for your router, as well as the standard username and password are indicated on the sticker on the bottom of the device). Enter your username and password. By default, these are admin and admin. In, I described in more detail the entrance to the settings.

In the settings, go to the tab Wireless (Wireless) - Wireless security (Wireless Security). Place a checkmark next to the protection method WPA / WPA2 - Personal (Recommended). In the drop down menu Version (version) select WPA2-PSK. On the menu Encryption (encryption) install AES. In field Wireless password (PSK password) provide a password to protect your network.

In the settings we need to open the tab Wireless network, and make the following settings:

In the "Authentication Method" drop-down menu, select WPA2 - Personal.
"WPA Encryption" - install AES.
In the field "Preliminary key WPA" write the password for our network.

To save the settings, click on the button To apply.

Connect your devices to the network already with a new password.

Protecting the wireless network of the D-Link router

Go to the settings of your D-Link router at 192.168.0.1. You can watch detailed instructions. In the settings, open the tab Wifi - Security Settings. Set the security type and password as in the screenshot below.

Setting a password on other routers

We have more detailed instructions for ZyXEL and Tenda routers. Look at the links:

If you did not find instructions for your router, then you can configure Wi-Fi network protection in the control panel of your router, in the settings section, which is called: security settings, wireless network, Wi-Fi, Wireless, etc. I think I’ll find it will not be difficult. And what settings to install, I think you already know: WPA2 - Personal and AES encryption. Well, the key.

If you can’t figure it out, ask in the comments.

What to do if devices do not connect after installation, password change?

Very often, after setting, and especially changing the password, devices that were previously connected to your network do not want to connect to it. On computers, this is usually an error "Network settings stored on this computer do not meet the requirements of this network" and "Windows could not connect to ...". On tablets and smartphones (Android, iOS), errors like “Failed to connect to the network”, “Connected, protected”, etc. may also appear.

These problems are solved by simply removing the wireless network, and reconnecting, already with a new password. How to remove a network in Windows 7, I wrote. If you have Windows 10, then you need to "forget the network" by. On mobile devices, click on your network, hold, and select Delete.

If connection problems are observed on older devices, then set the WPA protection protocol and TKIP encryption in the router settings.