How to protect your Wi-Fi connection. Protection of the Wi-Fi network itself. Setting a Wi-Fi password

Today, when in most homes you can catch a wireless Internet network, the question of how to set a password for wifi takes on a role important aspect ensuring data security. Creating a reliable “line of defense” home network- the matter is quite responsible, and has its own subtleties. With this in mind, you will benefit from adopting the knowledge and advice offered in this article.

The plan for introducing the topic will be as follows:

First we will cover the main existing types encryption in wifi networks;
Then we’ll look at a general example of how to password protect a network.

Encryption in WIFI networks

Personal information stored in files on a computer connected to wireless network, may be accessible to strangers who do not have the right to do so. In other words, with bad intent or not, for fun or profit, it can be obtained through a network without a password. unauthorized access to all PC contents. To prevent this, various encryption methods have been developed to protect users. Further about what they exist.

WEP

This technology (802.11 standard) was one of the first systems to ensure the security of a wifi network. She provided weak defense, which is why it was often hacked by hackers for the purpose of stealing important information. The result of this has been a significant slowdown in the adoption of wifi networks in companies and business organizations. The managers did not have the slightest confidence in the confidentiality of communications transmitted through wireless communication, data. In addition, this system did not provide the ability to set a password.

The IEEE Institute, which organized 802.11i, took up the solution to this problem - working group, which began creating a new data encryption model that can protect wifi networks.

The result was the emergence of WPA (Wifi Protected Access or secure access) in 2004. New system corrected the shortcomings of the old one thanks to a combination of several technologies that could solve the problem of its vulnerability and put an end to the history of easy network hacking.

WPA

The 802.1x standard, as mentioned above, replaced 802.11. The main difference was mutual authentication and constant encapsulation of data transmitted between the server and client access points. The authentication protocol (EAP) has also been expanded.

We invite you to familiarize yourself with a schematic representation of the operation of WAP and many other security systems (see figure)

In addition, Temporary Key Integrity Protocol (TKIP) and MIC methods have been integrated into WAP - check sum message that prevents any modification of data packets during transmission. Working together, these technologies can reliably protect the network, giving the right to connect to it only to users who own the password.

WPA2

The next leap towards network security was the release of the WPA2 (802.11i) program. Only with its advent, enterprises and companies began to actively implement wireless networks, giving privacy a special role.

The most important innovation was the introduction of AES, a 128-bit advanced data encryption algorithm. It allows you to put an end to the work of the “blocker” of the cipher, which makes it possible to use one code for both authentication and encryption. It has now become mandatory to use different ciphers for each of these operations. We also added key caching and pre-authentication of users (to organize them by access points).

There are modifications of the 802.11i standard:

802.11r is a technology specializing in the fast and reliable transfer of key hierarchies based on the Handoff algorithm. This standard wifi is fully compatible with 802.11a/b/g/n modifications.
802.11w is intended to improve the security mechanism by placing greater emphasis on protecting 802.11i-based control packets. Both of these standards belong to the 802.11n group.

Thus, the use of the latest (WPA2) standard when organizing wireless network security is obvious.

Enough theory. Next step should become an organization wifi protection password, which we will now consider.

Wifi password - installation details

A wireless network makes it possible to connect various devices to the Internet within a radius far beyond the apartment. Therefore, if your wifi is not password protected, your neighbors will be able to use it. And it’s one thing if such an unauthorized “visit” is made only for the sake of receiving free internet, and quite another thing - if his goal is to obtain personal information to commit fraudulent activities.

Therefore, setting a wifi password is a top priority after creating and configuring the network.

This procedure may vary slightly when working with different models routers. But despite this, there is one general algorithm settings that apply in all cases.

Step 1

The first operation required to password protect the network is to enter the router settings.

It comes with a CD designed to make setting up the equipment easier. But if you find it difficult to find it, you can use the router’s web interface. In this case, you will need to launch your web browser and enter in the address bar special code(a construction consisting of “http://” and “IP router”). Standard addresses for most routers they start with “192.168.”, and then follow: “1.1”, “0.1”, “2.1” (for example, 192.168.1.1). Which one is suitable in your case? You can find this out by looking at back cover router (for 99% of cases), or by looking on the Internet.

Please note the following:

It is better to enter the router settings from a computer connected to it using an Ethernet cable. Using wifi connection You will have to repeat the login procedure every time after any change.
The name and password for the router is almost always “admin”. If it doesn’t work, look through the instructions to find the correct option, or look at the back cover of the device.
If you find it difficult to remember the password you set earlier, reboot the router with the Reset button. This will reset everything custom settings devices, returning them to factory settings.

Step 2

Now you need to find a tab with a name similar to “Network Security Properties”. It is most often located in the “Wifi Settings” or the “Security” section. Having trouble locating a tab? You can enter the name of your router model into the search and determine its location.

Step 3

Next you need to select the type of data encryption. IN modern models intended use various methods network protection. We talked about the features of each at the beginning of the article. And, as discussed there, it is most advisable to use WPA2 today due to its highest reliability.

Important! Older router models may not be able to use WPA2. Therefore, you need to install either WPA or change the device to a more modern one.

STEP 4

After choosing an encryption method, you need to install its algorithm. For WPA2-Personal you need to install AES. The other one - TKIP - is much inferior to the first in reliability, and it is not advisable to use it.

Important! Some router models no longer even provide TKIP, as it is outdated and cannot provide the required level of protection.

Step 5

Here we are the most important stage the entire procedure. You need to decide on the SSID (access point name) and set a password for wifi (in other words, specify a codeword or password protect the network).

When choosing a secret phrase, keep in mind:

The password should be a combination of both numbers and symbols, and it is very good if they are mixed. By complicating the secret code in this way, you can pose a difficult task to ill-wishers who want to pick it up.
The Internet is littered with many generators simple passwords, with the help of which they are hacked in a matter of seconds.

Step 6. Last

All that remains is to save the new settings and reboot the router. Click on “Apply” (“save”, “save”, “apply”...), and all changes will be ready to take effect. This will happen only after rebooting the router. In most cases, the router will start self-reboot, and all connected devices are in mandatory disconnect from wifi. To make them aware of changes in the network, you will have to re-establish the connection and enter New Password, indicated in the previous step.

Important to remember:

If automatic reboot did not start after saving, you will need to do it manually. You need to unplug the router from the power supply, count to 10, and then turn it on again. You can start working after he completes bootstrap. You will be notified of its completion indicator lights, having stopped blinking chaotically.
This reboot is different from the one obtained as a result of clicking on RESET button! The latter will erase all your settings, resetting them to the initial (factory) settings.
To prevent network intrusions, it is recommended to change your password at least twice a year.

Remember, you have everything you need at your disposal so as not to compromise the security of your personal data. The main thing is to learn how to use wireless network security methods.

article

Kaspersky Lab blog article.
VPN Kaspersky Secure Connection
Microsoft support site.

(System Tools → Password).
article.
Click Save (Save).

Router interfaces vary depending on the manufacturer, specific model and firmware versions. To navigate the router settings, use the user manual for your model. As a rule, it is included with the router, or you can download it from the device manufacturer's website.

Enter the router's IP address in address bar browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section ( Wireless → Basic Settings).
In field Wireless network name (Wireless Network Name
Click Save (Save).

Router interfaces vary depending on the manufacturer, specific model and firmware version. To navigate the router settings, use the user manual for your model. As a rule, it is included with the router, or you can download it from the device manufacturer's website.

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless mode→ Basic settings (Wireless → Basic Settings).
Uncheck Enable SSID Broadcast (Enable SSID Broadcast).
Click Save (Save).

Disable WPS

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the router settings page, go to the section Wireless mode → WPS (Wireless → WPS).
Click Disable (Disable).

Enable encryption

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section ( Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Version (Authentication Type) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

article.

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless Mode → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Wireless password (Wireless Password
Click Save (Save).

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are listed on the back of the router.
On the router settings page, go to the () section.
Click Add (Add New).

Included (Enabled).
Click Save (Save).

Click Turn on (Enable).
Select ().

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.

In the window Network connections press twice.
In the window State click Wireless Network Properties.
In the window Wireless Network Properties go to the tab Safety.
Select security type WPA2-Personal article.
Click OK.
Close the window State.

Windows 10, Windows 7, 8, 8.1, 10.

For all products: Software compatible

For all products: Purchase and license

For all products: Before installation

For all products: Getting started

For all products: Program settings

For all products: Uninstall programs

For all products: Errors

For all products: Secure Payments

For all products: Diagnostics and reports

For all products: Articles on My Kaspersky

For all products: Windows Articles

When you connect to a public Wi-Fi network, such as in a café, the data is transferred unencrypted. This means that your passwords, logins, correspondence and other confidential information become available to attackers. Email addresses can be used to send spam, and the data on your page social network can be changed.

Home Wi-Fi networks are also at risk. Even the most high level protection for wireless networks: WPA2 encryption - can be “hacked” using the key reinstallation attack (KRACK). For more details, see the Kaspersky Lab blog article.

Always follow these guidelines when connecting to any Wi-Fi network:

Make sure you have it installed and enabled Firewall. This security component checks network traffic and protects your computer from network attacks.
Firewall is included in Kaspersky Lab programs: Kaspersky Internet Security, Kaspersky Anti‑Virus, Kaspersky Total Security Kaspersky Security Cloud and Kaspersky Small Office Security.
Use protected HTTPS connection. Make sure your browser's address bar is green or gray icon castle For more details, see the Kaspersky Lab blog article.
Secure your connection with a VPN, adding another layer of encryption. To do this, install Kaspersky Secure Connection on your device and enable secure connection every time you connect to the Internet.
If you are using an operating room Windows system, turn off the service public access to files and printers for everyone public networks, to which you connect. Instructions on the Microsoft support site.
If possible, use Mobile Internet instead of public Wi-Fi networks.

Create a strong password to access the router

As a rule, a standard login and password are used to access the router settings. An attacker can find out the login and password for your router by downloading the user manual for the device from the manufacturer’s website. To prevent this from happening, change the router password.

For example, we show the setting TP-Link router TL-WR841N. To change the password to access the router:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section System Tools → Password (System Tools → Password).
Enter your username, old and new password to access the router. Recommendations for creating a strong password are in the article.
Click Save (Save).

The password to access the router will be changed.

Create a unique name (SSID) for your Wi-Fi network

Rainbow tables are often used to crack passwords. Pre-built rainbow tables for popular SSIDs store millions of possible passwords. If your SSID and password are in such a table, an attacker can instantly recover your network password using special programs.

To increase the security of your home wireless network, come up with an uncommon SSID.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the Wi-Fi network name:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless mode → Basic settings (Wireless → Basic Settings).
In field Wireless network name (Wireless Network Name) come up with and enter a name for the Wi-Fi network.
Click Save (Save).

The name for the Wi-Fi network will be changed.

Make your Wi-Fi network invisible

In the router settings, hide the network name. Your Wi-Fi network will not appear in the list of available wireless networks. Detect it without special software will be impossible.

For example, we show the configuration of the TP-Link TL-WR841N router. To make a Wi-Fi network invisible to other devices:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless mode → Basic settings (Wireless → Basic Settings).
Uncheck Enable SSID Broadcast (Enable SSID Broadcast).
Click Save (Save).

Your Wi-Fi network will be invisible to other devices.

Disable WPS

WPS technology designed to make it easy to connect devices to Wi-Fi networks. WITH using WPS You can connect to the router without a password. We recommend disabling WPS in your router settings.

For example, we show the configuration of the TP-Link TL-WR841N router. To disable WPS:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless mode → WPS (Wireless → WPS).
Click Disable (Disable).

WPS technology will be disabled.

Enable encryption

When working on a network with weak encryption, your data can be intercepted by attackers. If you connect to your home network and receive a message about weak encryption, change the encryption type to a stronger one. Common wireless encryption types: WEP, TKIP, WPA, WPA2 (AES/CCMP).

The main difference between them is the level of protection. We recommend WPA2 as it is the most secure available.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the wireless encryption type:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless Mode → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Version (Authentication Type) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

Wi-Fi network encryption will be enabled.

Create a strong password for your Wi-Fi network

Without a password, your Wi-Fi network will be accessible to everyone. A strong password will not allow strangers to connect to it. Recommendations for creating a strong password are in the article.

For example, we show the configuration of the TP-Link TL-WR841N router. To create a password:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless Mode → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Wireless password (Wireless Password) create and enter a password for the Wi-Fi network.
Click Save (Save).

A password for the Wi-Fi network will be created.

Enable MAC Address Filtering

Every device that has network card or network interface, has its own MAC address. Create a list of MAC addresses trusted devices or prevent devices with specific MAC addresses from connecting.

For example, we show the configuration of the TP-Link TL-WR841N router. To configure MAC address filtering for trusted devices:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless Mode → MAC Address Filtering (Wireless → Wireless MAC Filtering).
Click Add (Add New).

Enter MAC address, device description and select status Included (Enabled).
Click Save (Save).

Click Turn on (Enable).
Select Allow access to stations specified in enabled rules from the list (Allow the stations specified by any enabled entries in the list to access).

Only those devices whose MAC addresses you added to the list will have access to the router.

Reduce Wi-Fi signal range

In the router settings, reduce the transmission power to a value where the network signal can only be received within your premises. Reduced radius Wi-Fi signal will not allow strangers to connect to it.

For example, we show the configuration of the TP-Link TL-WR841N router. To reduce the Wi-Fi signal range:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.

In the window Network connections double click Wireless network connection.
In the window State click Wireless Network Properties.
In the window Wireless Network Properties go to the tab Safety.
Select security type WPA2-Personal and change the network security key. Recommendations for creating a strong password are in the article.
Click OK.
Close the window State.

The Wi-Fi network key and security type will be changed.

After changing home network settings Wi-Fi devices will not be able to automatically connect to this network, so you need to connect to the wireless network again. Look detailed instructions Online Microsoft support for Windows 10, Windows 7, 8, 8.1, 10.

article

Kaspersky Lab blog article.
VPN Kaspersky Secure Connection
Microsoft support site.

(System Tools → Password).
article.
Click Save (Save).

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section ( Wireless → Basic Settings).
In field Wireless network name (Wireless Network Name
Click Save (Save).

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless mode → Basic settings (Wireless → Basic Settings).
Uncheck Enable SSID Broadcast (Enable SSID Broadcast).
Click Save (Save).

Disable WPS

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the router settings page, go to the section Wireless mode → WPS (Wireless → WPS).
Click Disable (Disable).

Enable encryption

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section ( Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Version (Authentication Type) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

article.

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless Mode → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Wireless password (Wireless Password
Click Save (Save).

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are listed on the back of the router.
On the router settings page, go to the () section.
Click Add (Add New).

Included (Enabled).
Click Save (Save).

Click Turn on (Enable).
Select ().

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.

In the window Network connections press twice.
In the window State click Wireless Network Properties.
In the window Wireless Network Properties go to the tab Safety.
Select security type WPA2-Personal article.
Click OK.
Close the window State.

Windows 10, Windows 7, 8, 8.1, 10.

For all products: Software compatible

For all products: Purchase and license

For all products: Before installation

For all products: Getting started

For all products: Program settings

For all products: Uninstall programs

For all products: Errors

For all products: Secure Payments

For all products: Diagnostics and reports

For all products: Articles on My Kaspersky

For all products: Windows Articles

When you connect to a public Wi-Fi network, such as in a café, the data is transferred unencrypted. This means that your passwords, logins, correspondence and other confidential information become available to attackers. Email addresses may be used to send spam, and information on your social network page may be changed.

Home Wi-Fi networks are also at risk. Even the highest level of security for wireless networks: WPA2 encryption, can be “cracked” using a key reinstallation attack (KRACK). For more details, see the Kaspersky Lab blog article.

Always follow these guidelines when connecting to any Wi-Fi network:

Make sure you have Firewall installed and enabled. This security component inspects network traffic and protects your computer from network attacks.
Firewall is included in the Kaspersky Lab programs: Kaspersky Internet Security, Kaspersky Anti‑Virus, Kaspersky Total Security, Kaspersky Security Cloud and Kaspersky Small Office Security.
Use a secure HTTPS connection. Make sure there is a green or gray padlock icon in your browser's address bar. For more details, see the Kaspersky Lab blog article.
Secure your connection with a VPN, adding another layer of encryption. To do this, install Kaspersky Secure Connection on your device and enable a secure connection every time you connect to the Internet.
If you use operating system Windows, turn off File and Printer Sharing for all public networks you connect to. Instructions on the Microsoft support site.
If possible, use mobile Internet instead of public Wi-Fi networks.

Create a strong password to access the router

For example, we show the configuration of the TP-Link TL-WR841N router. To change the password to access the router:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section System Tools → Password (System Tools → Password).
Enter your username, old and new password to access the router. Recommendations for creating a strong password are in the article.
Click Save (Save).

The password to access the router will be changed.

Create a unique name (SSID) for your Wi-Fi network

To increase the security of your home wireless network, come up with an uncommon SSID.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the Wi-Fi network name:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless mode → Basic settings (Wireless → Basic Settings).
In field Wireless network name (Wireless Network Name) come up with and enter a name for the Wi-Fi network.
Click Save (Save).

The name for the Wi-Fi network will be changed.

Make your Wi-Fi network invisible

In the router settings, hide the network name. Your Wi-Fi network will not appear in the list of available wireless networks. It will be impossible to detect it without special software.

For example, we show the configuration of the TP-Link TL-WR841N router. To make a Wi-Fi network invisible to other devices:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless mode → Basic settings (Wireless → Basic Settings).
Uncheck Enable SSID Broadcast (Enable SSID Broadcast).
Click Save (Save).

Your Wi-Fi network will be invisible to other devices.

Disable WPS

WPS technology is designed to make it easier for devices to connect to Wi-Fi networks. Using WPS you can connect to your router without a password. We recommend disabling WPS in your router settings.

For example, we show the configuration of the TP-Link TL-WR841N router. To disable WPS:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless mode → WPS (Wireless → WPS).
Click Disable (Disable).

WPS technology will be disabled.

Enable encryption

The main difference between them is the level of protection. We recommend WPA2 as it is the most secure available.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the wireless encryption type:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless Mode → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Version (Authentication Type) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

Wi-Fi network encryption will be enabled.

Create a strong password for your Wi-Fi network

Without a password, your Wi-Fi network will be accessible to everyone. A strong password will not allow strangers to connect to it. Recommendations for creating a strong password are in the article.

For example, we show the configuration of the TP-Link TL-WR841N router. To create a password:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless Mode → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Wireless password (Wireless Password) create and enter a password for the Wi-Fi network.
Click Save (Save).

A password for the Wi-Fi network will be created.

Enable MAC Address Filtering

Each device that has a network card or network interface has its own MAC address. Create a list of MAC addresses of trusted devices or deny connections to devices with specific MAC addresses.

For example, we show the configuration of the TP-Link TL-WR841N router. To configure MAC address filtering for trusted devices:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless Mode → MAC Address Filtering (Wireless → Wireless MAC Filtering).
Click Add (Add New).

Enter MAC address, device description and select status Included (Enabled).
Click Save (Save).

Click Turn on (Enable).
Select Allow access to stations specified in enabled rules from the list (Allow the stations specified by any enabled entries in the list to access).

Only those devices whose MAC addresses you added to the list will have access to the router.

Reduce Wi-Fi signal range

In the router settings, reduce the transmission power to a value where the network signal can only be received within your premises. The reduced radius of the Wi-Fi signal will not allow strangers to connect to it.

For example, we show the configuration of the TP-Link TL-WR841N router. To reduce the Wi-Fi signal range:

Enter the router's IP address into the address bar of your browser. You will be taken to the router settings login page. The router's IP address is listed on the back of the device and in the user manual.

In the window Network connections double click Wireless network connection.
In the window State click Wireless Network Properties.
In the window Wireless Network Properties go to the tab Safety.
Select security type WPA2-Personal and change the network security key. Recommendations for creating a strong password are in the article.
Click OK.
Close the window State.

The Wi-Fi network key and security type will be changed.

After changing your home Wi-Fi network settings, devices will not be able to automatically connect to the network, so you will need to reconnect to the wireless network. See detailed instructions on the Microsoft support site for Windows 10, Windows 7, 8, 8.1, 10.

Nowadays, most apartments and houses have more than one device that is connected to the Internet. This led to the popularity of routers and wireless points access, which almost completely replaced the connection of the Internet provider cable directly to the only computer. The ISP wire is now plugged into special device, which allows you to use the same connection for several computers at once, as well as connect mobile devices, laptops and regular computers via Wi-Fi, combining them into local network.

We have routers at home, in a warm and cozy place, and this gives rise to a false feeling that the routers are safe. This is not true at all, each router is located on the seven winds - in a very aggressive environment: anyone (literally ANYONE) is within reach wireless signal can interact with your router, record transmitted traffic; you also need to remember that routers have access to the Internet, where numerous automated scanners can scan ports dozens of times a day, running services, try passwords, perform exploits against your router.

Your router needs protection - without your help it could become a victim of hackers, this article will tell you how how to protect and configure Wi-Fi router so that it cannot be hacked.

What can hackers get by hacking a Wi-Fi router?

Many users take router security lightly because they do not understand the dangers that can result from hacking a router. It is curious that most users understand the danger of their computer being hacked, since an attacker can gain access to their personal data, photos, and passwords. It is very important to understand that hacking a router is a prior step to hacking a computer. Having penetrated the router, a hacker can:

carry out a man-in-the-middle attack, which is aimed at intercepting passwords and other data that you transmit over the network;
perform a man-in-the-middle attack aimed at infecting user computer backdoor or Trojan;
carry out phishing attacks aimed at obtaining logins and passwords from websites, extorting money, infecting a computer with a backdoor or Trojan;
keep an eye on network activity users;
block the Internet connection completely or to individual sites;
use the Internet connection for criminal activities ( law enforcement agencies will see your IP as the address of a cybercriminal);
access webcams and more peripheral equipment connected to your router
make changes to the router firmware.

Hacking a router is a serious threat that can lead to serious consequences for the user.

How to get into the router settings

In the vast majority of cases, a web interface is used to manage routers, i.e. You can make all settings directly from the browser. Your computer and your router are on the same local network (it doesn't matter whether you use Wi-Fi or a wire). To get “inside” your router, type in your browser

If this address does not work, then sometimes it can be

You will be greeted with a form to enter your username and password. They can be viewed in the device passport, on the box, on the case. Or just look for the default (factory) credentials for your router on the Internet.

Each model has its own interface design and grouping of settings, but usually the “Wireless network”, “Local network” and “Internet” items are always present. Menu items and settings may be named a little differently, but once you understand the meaning of the setting, you can easily find it in your home.

Recommendations for protecting your router and Wi-Fi access point from hacking

Use a password to access your network

Do not leave your wireless network “Open”, select the encryption (authentication method) WPA or WPA2.

Stop using the WEP algorithm

WEP is an outdated, practically unused security algorithm Wi-Fi security. It can be hacked in minutes. However, there are still access points that use WEP, so check yours and if it uses WEP for encryption, switch to WPA or WPA2.

Disable WPS

WPS (Wi-Fi Protected Setup) provides light, but not safe way creating a wireless network. Depending on the degree of vulnerability, WPS, and then Wi-Fi password, can be hacked in a day or even in a matter of minutes.

Set a strong password

Since by its very nature a Wi-Fi network is accessible to anyone within its range, anyone can try to connect to it by trying different passwords(called online search). Another technique is also popular, which is based not on connection attempts, but on capturing certain data that the legitimate user and the access point exchange at the time of connection and their subsequent hacking (offline brute force). The use of the latter allows you to brute force passwords at a speed of tens and hundreds of thousands per second. You can protect yourself from such an attack only by setting a long and complex password.

The following rules will allow you to be virtually guaranteed to protect yourself from any brute force hacking:

use a long password. The Wi-Fi password cannot be less than eight characters. If possible, try to use passwords of 10 or more characters;
the password should not be a meaningful phrase or consist of several combined meaningful words, since such a password option can be hacked using a dictionary;
use four classes of characters in your password: numbers, capital and small letters, punctuation marks;
From time to time, for example, once every few months, change your password to a new one.

The screenshot above shows that routers often use generated passwords consisting of eight characters and including three classes of characters (capital and small letters, numbers): L95atyz7, 6rQTeRBb, YssvPT4m, WJ5btEX3, dn8MVX7T. To crack such passwords on a typical home computer it will take 1-3 years of continuous searching. BUT by assembling a computer on several top-end video cards (by making something like a “farm” for mining), a complete search of such a password can be reduced to one or several months. In my opinion, such passwords cannot be considered reliable. As already mentioned, add a fourth character class (syntax marks) and increase the number of characters - this will guarantee that your Wi-Fi network will not be hacked even with the use of very powerful equipment.

Check your 5 GHz network settings

Many users do not know that their router operates in two frequency ranges: 2.4 GHz and 5 GHz. If you secure one range but forget about another, the attacker can take advantage of this. Set a strong password for the 5 GHz network, disable WPS for it. If you do not use the 5 GHz band, you can simply turn it off.

Set a strong password to log into the router admin area

As already mentioned, your router is connected to the local and global networks, where anyone can try to connect to it. To prevent an attacker from guessing your password, set a long password using different classes characters.

Change the admin name

Change the username from Admin/admin to another, less predictable one - this will further complicate the task of guessing the password.

Disable access to the router control panel from the Internet

In the vast majority of cases, you only need access to the router’s administration panel from the local network. If you do not need access to the router settings from external network(from the Internet), then disable it, this will prevent an attacker from trying to guess the login password. This setting may be called "Enable Web Access from WAN".

Update your router's firmware

Even with strong password, an attacker can gain access to the router or obtain this password in open form if the router contains a vulnerability. New firmware from manufacturers should eliminate vulnerabilities and other errors, improve stability and functionality, so regularly (every few months) check for new firmware and update it on your router.

Search for vulnerabilities in the router

Unfortunately, sometimes vulnerabilities are found after the manufacturer has stopped supporting the router. This can lead to a situation where hackers are aware of a vulnerability in your router, but there are no firmware updates.

You can check your router for vulnerabilities using Router Scan by Stas’M. It is a fairly easy to use GUI program.

If you are familiar with Linux then you can use similar program RouterSploit, it may contain exploits that are not in Router Scan. Instructions for use:

If your router turns out to be vulnerable without the ability to update the firmware, it is recommended that you stop using it and replace it with a new one.

Disable unused network services

The more complex the device, the more potential points for a hacker to apply his efforts. Many of network services And additional functions are not used by most users, and some of them also contain known vulnerabilities. Therefore, disable SSH, FTP, Telnet, Internet file sharing (for example, AiDisk), file/media server (for example, UPnP), SMB (Samba), TFTP, IPv6 and others that you do not need.

Enable HTTPS for administrative connections

On most routers it is disabled by default. This setting will allow you to prevent the interception of your router admin password if you connect to it from the Internet, or during man-in-the-middle attacks if the attacker has already penetrated your local network.

Log out (log out) when you are done using the router

Simply closing the page can leave the login session open on the router.

Enable logging

This good habit Check the logs for suspicious activity from time to time. Correctly set the clock and time zone to make the logs more accurate.

Check logs, control connected devices

This already applies to identifying router hacking - this question will be discussed in more detail below.

Set up a "Guest" network

Many modern routers can create separate guest networks.

Make sure that it only has access to the Internet and not to the local network. Naturally, use WPA2 and, of course, the password should be different, not the same as for your main Wi-Fi.

Additional steps to protect your router

If the previous one is not enough for you, then here are some more tips for you.

Change the default range of IP addresses for your local network

All user routers I've seen have the same local address range. This is 192.168.1.x or 192.168.0.x. This makes it easier for an automated attack using a script.

Available ranges:

Any 10.x.x.x
Any 192.168.x.x
172.16.x.x to 172.31.x.x

Change the router's default local address

If someone breaks into your network, they know for sure that your router address is x.x.x.1 or x.x.x.254, making it difficult for them.

Limit administrative access over the wireless network

It's not for everyone. For example, it may be that absolutely all computers are connected only via a wireless network. But if this can be done, it will greatly complicate the attacker's task.

Using a MAC filter

Few effective method defense, since the attacker can easily recognize missed MAC addresses and fake them. There is no need to rely on this protection.

Hiding the network

Ineffective from a safety point of view. Does not worsen security, but does not increase it either, since an attacker can easily find out the name of the network.

Signs of a Wi-Fi router being hacked

Changing router settings without your knowledge

If illegitimate users have changed any settings, especially the password for logging into the administration panel, DNS settings, VPN, then this is a sign that a hacker has gained access to your router.

Control devices connected to your local network

For this, programs such as NetworkConnectLog and Wireless Network Watcher () can be used.

Unauthorized connection means your network is compromised.

View the router log

If your router supports logging that records device administrator logins, review it regularly to identify suspicious activity.

Detecting man-in-the-middle attacks and strange network disruptions

Advanced users, in addition to detecting new devices on the network, can also take actions to identify attacks that have begun against them ")".

Strange network disturbances may also indicate changes to the settings network equipment and interception/modification of traffic by attackers.

19.10.16 62 705 0

How to protect home router from hackers and neighbors

Why being big can cost you money

Evgeniy did not set a password for Wi-Fi in his apartment. Why bother? You can forget your password. And the fact that neighbors can use it is not a pity, the Internet is still unlimited. That’s what Evgeniy thinks, and he’s seriously mistaken.

Nikolay Kruglikov

young hacker

Let's figure out why open internet at home - a bad idea and what it can mean for you.

Listening

Access points without a password are also called open, and it’s not just about the password. At such points, data via Wi-Fi is transmitted without encryption, in clear text. Since Wi-Fi is the same as radio waves, it is very easy to intercept traffic: just set the antenna to the desired frequency and you will hear everything that is transmitted between the router and the computer. Without a password on the router, you simply broadcast to the entire neighborhood what you are currently doing on the Internet.

If you are on a porn site, any of your neighbors will be able to find out which video you are watching. If you send a letter, there is a high probability that it can be intercepted at the moment of sending. If you have VKontakte without encryption, then any neighbor can read your private messages.

Wifi without a password is easy to listen to

How to protect yourself

You need to set a password for Wi-Fi. Of course, connections to some sites are encrypted using HTTPS, and you can also enable a VPN, but it is still much more reliable to protect the entire communication channel at once.

Exercise: set a password for Wi-Fi

Open your browser and enter the numbers 192.168.0.1 into the address bar. If nothing happens, try 192.168.1.1 and 10.0.0.1. A window will appear with fields for login and password.
Enter login admin and password admin. If you don't like it, take a look standard password in the instructions for the router. Most likely it's something simple. Sometimes the login and password are written directly on the router body.
Find the link on the page that says Wi-Fi or Wireless. A screen will open where you can change your password.

If all else fails, call a professional. The master’s task is to password protect your Wi-Fi.

Set a Wi-Fi password that is at least ten characters long and consists of numbers and letters. Password 12345678 is the same as no password.

All instructions are designed for a home router. They are unlikely to work at work or in a cafe, because network administrators disable access to router settings for outsiders

There may be several encryption options in the settings. Each router has a different set of options, so choose the option that is most similar to WPA2-PSK (AES). This is the most secure encryption protocol available today. In combination with good password it will give you the greatest possible protection.

A strong encryption protocol is important. Bad protocol, just like bad password, makes it easier to hack. For example, outdated WEP protocol can be hacked in a few hours.

Selecting an encryption algorithm in the router settings. WPA2-PSK - the best option from this set

Make sure you have WPS turned off. This technology allows you to connect to the router using an eight-digit pin. Unfortunately, after mass implementation WPS has been shown to be extremely insecure: it takes only 10 hours to hack a connection even with the most secure protocol. WPS Settings somewhere in the same place as the Wi-Fi settings.

Manipulating router settings

When hackers connect to your Wi-Fi, they gain access to the router's control panel and can reconfigure it in their own way. To get into your router, you just need to connect to Wi-Fi - you don’t need to be in the apartment. Some nasty schoolboy might be tinkering with your router’s settings right now.

Usually getting into the router settings is not so easy: you need to enter your username and password. But most people have a standard login and password on their router - admin / admin. If you did not change this setting on purpose, there is a high probability that any hacker will be able to break into the router.

Having gained access to the control panel, hackers can easily carry out a man-in-the-middle attack: they will make sure that between you and the site there is a malicious service that steals passwords. For example, the address tinkoff.ru will open not a real, but a fake site that will send them everything you enter. You won’t even know that you have accessed a malicious service: it will look exactly like a real online bank and will even let you in using your username and password. But in this case, the login and password will be in the hands of hackers.

Router with standard settings easy to redirect to a fake site

How to protect yourself

Change the default administrator password to your own in the router settings. It should be no less secure than the Wi-Fi password, and at the same time it should be different.

Remote access

Hackers are rarely interested in you specifically unless you are a top manager large company. More often ordinary people fall under automated attacks when a hacker program searches for potential victims and tries to apply a standard hacking algorithm.

Some routers have the ability to connect to the web interface from an external network - that is, you can go into the router settings from anywhere where there is Internet, and not just from home.

This means that your router can be attacked not only by mischievous schoolchildren. The attack may not be targeted: just some hacker in Peru scanning a certain range of addresses for open routers. His program sees your router. Connects. The hacker doesn't even know who you are or where you are - he just sets up a redirect and goes back to his business. And in his hacker program Your Facebook login, for example, crashes.