Menu
homeConnection

How to protect your phone from WiFi. Neighbors steal Wi-Fi. How to protect your wi-fi router. Set a password to access the Wi-Fi router settings

Is the most important electronic device in their lives. It connects most other devices with outside world and that is why it is of maximum interest to hackers.

Unfortunately, many home and small business routers come with insecure default configurations, have undocumented management accounts, use outdated services, and run on old firmware versions that are easy to hack using well-known tricks. Unfortunately, users themselves will not be able to fix some of the problems listed above, but they can nevertheless be taken whole line actions to protect these devices from at least large-scale automated attacks.

Basic steps

Avoid using routers provided by ISPs. Firstly, they are often more expensive. But this is not the most a big problem. Such routers, as a rule, are less secure than those models that manufacturers sell in stores. Very often they contain hard-coded remote support credentials that users cannot change. Updates for modified firmware versions often lag behind releases for commercial routers.

Change the default administrator password. Many routers come with generic admin passwords (admin/admin), and attackers constantly try to log into devices using these well-known credentials. After connecting to your router's management interface via a browser for the first time - its IP address is usually found on a sticker on the underside or in the user manual - the first thing you need to do is change the password.

In addition, the management router's web interface should not be accessible from the Internet. For most users, there is simply no need to manage the router from outside the local network. However, if you still have a need for remote control, consider using a VPN to create a secure connection channel to local network and only then access the router interface.

Even within a local network, it is worth limiting the range of IP addresses from which you can control the router. If this option is available on your model, it is better to allow access from a single IP address that is not part of the pool of IP addresses assigned by the router via DHCP. dynamic configuration hosts). For example, you can configure the router's DHCP server to assign IP addresses from 192.168.0.1 to 192.168.0.50, and then configure the web interface to only accept the administrator from 192.168.0.53. The computer must be manually configured to use this address only when it is necessary to administer the router.

Enable access to the router interface via https protocol, if there is support for a secure connection, and always log out, closing the session when the setup is complete. Use your browser in incognito mode or private mode so that Cookies are not stored in automatic mode, and never allow the browser to save the username and password of the router interface.

If possible, change the router's IP address. Most often, routers are assigned the first address in a predefined range, for example, 192.168.0.1. If this option is available, change it to 192.168.0.99 or some other address that is easy to remember and that is not part of the DHCP pool. By the way, the entire range of addresses used by the router can also be changed. This helps protect against cross-site request forgery (CSRF), where an attack occurs through users' browsers and using the generic IP address typically assigned to such devices.

Create complex password to Wi-Fi and choose reliable protection protocol. WPA2 (Wi-Fi Protected Access 2) is an improvement over older WPA and WEP, which are more vulnerable to attacks. If your router provides this option, create a guest wireless network, also protecting it with WPA2 and a complex password. Let visitors or friends use this isolated segment of the guest network rather than your main network. They may not have malicious intent, but their devices may be hacked or infected with malicious software.

Disable the WPS function. This rarely used feature is designed to help users set up Wi-Fi using the PIN code printed on the router's sticker. However, several years ago, a serious vulnerability was found in many implementations of WPS versions provided by various vendors that allows hackers to break into networks. And since it will be difficult to determine which specific router models and firmware versions are vulnerable, it is better to simply disable this function on the router, if it allows you to do this. Instead, you can connect to your router via wired connection and through the web management interface, for example, configure Wi-Fi with WPA2 and user password(no WPS at all).

The fewer services on your router that are exposed to the Internet, the better. This is especially true in cases where you didn't enable them and perhaps don't even know what they do. Services such as Telnet, UPnP (Universal Plug and Play), SSH (Secure Shell) and HNAP (Home Network Administration Protocol) should not be enabled at all for external network, as they potentially pose security risks. However, they should also be turned off on the local network if you are not using them. Online services like Shields UP from Gibson Research Corporation (GRC) can simply scan your router's public IP address for open ports. By the way, Shields Up is capable of conducting separate scanning specifically for UPnP.

Make sure your router firmware is up to date. Some routers allow you to check firmware updates directly from the interface, while others even have a function automatic update. But sometimes these checks may not occur correctly due to changes in the manufacturer's servers, for example, after several years. Therefore, it is worth regularly checking the manufacturer’s website manually to see if there is a firmware update available for your router model.

More complex actions

You can use network segmentation to isolate it from the risky device. Some consumer routers provide the ability to create VLANs(virtual local networks) within a large private network. Such virtual networks can be used to isolate devices from the Internet of Things (IoT) category, which can be full of vulnerabilities, as researchers have repeatedly proven (Bird Kiwi reviewed this problem in the previous issue of PC World - editor's note). Many IoT devices can be controlled using a smartphone through external cloud services. And since they have access to the Internet, such devices after initial setup should not interact with smartphones directly over the local network. IoT devices often use insecure administrative protocols for the local network, so an attacker could easily hack such a device using an infected computer if they are both on the same network.

Thanks to MAC address filtering, you can prevent dangerous devices to your Wi-Fi network. Many routers allow you to limit the list of devices that have the right to enter the Wi-Fi network by their MAC address - unique identifier physical network card. Enabling this feature will not allow an attacker to connect to the Wi-Fi network, even if he manages to steal or guess the password. The downside to this approach is that manually managing the list of allowed devices can quickly become an unnecessary administrative burden for large networks.

Port forwarding should only be used in combination with IP filtering. Services running on a computer behind the router will not be accessible from the Internet unless port forwarding rules are defined on the router. Many programs try to open router ports automatically via UPnP, which is not always safe. If you disable UPnP, these rules can be added manually. Moreover, some routers even allow you to specify an IP address or a whole block of addresses that can connect to specific port to gain access to a particular service within the network. For example, if you want to access an FTP server on your home computer while at work, you can create a port 21 forwarding (FTP) rule in your router, but only allow connections from your company's block of IP addresses.

Custom firmware can be more secure than factory firmware. There are several Linux-based, community-supported firmware projects for a wide range of home routers. They tend to offer advanced features and settings over those found in stock firmware, and the community is quicker to fix their shortcomings than the router manufacturers themselves. Because these firmwares are marketed to enthusiasts, the number of devices that use them is much smaller than devices running OEM firmware. This significantly reduces the likelihood of extensive attacks on custom firmware. However, it is very important to keep in mind that downloading firmware to a router requires good technical knowledge. It is likely that you will void your warranty, and if there is an error, the device may be damaged. Keep this in mind, you were warned!

How to protect yourself

Check if the remote access feature is enabled on your router. It is often included in devices provided by communication providers. For providers remote access needed for business: this makes it easier for them to help users set up the network. However, providers may leave the default password in the web interface, making you an easy target hacker programs.

If you can log into the web interface with a standard login and password admin/admin, be sure to change the password and write it down. When your provider configures your router remotely, simply say that you changed the password for security reasons and dictate it to the operator.

Instructions for protecting your router

  1. Put it on Wi-Fi strong password.
  2. Change standard password administrator.
  3. If the router is not from your ISP, disable remote access.
  4. If you don't know how to do this, call computer technician, whom you trust.

Do you think if your home WiFi protected by a strong password, this will save you from freeloaders. I hasten to disappoint you. This is not entirely true. No matter how cool your password is, the risk of third parties connecting is very high.

I don’t need to explain to you how they love freebies in Russia). It is she who gives birth to so many brilliant ideas. While this idea is good for some, it can be a real headache for others.

What could happen if your wireless connection is not secure?

Here everything depends on the imagination of the “freeloader”. In one case, this is a harmless use of traffic, in the other - access to your data, both the computer itself and Internet resources (mail, social networks etc.)

How to secure your home WiFi from third party connections?

In fact, you can hack anything, but following basic security standards can discourage such a desire for a very long time and certainly not become a victim of an amateur. Let's consider two simple ways. The first and most obvious one, which I highly recommend, is correct setting router, the second is use special programs.

Setting up the router
home wifi vulnerability- this is the protocol wps. If it is not involved, then there is practically nothing to worry about. On the other hand, if it cannot be turned off, then everything else is half measures for your complacency.

A) Use WPA2 encryption algorithm. Of course, you can hack and wpa2, but the resources and time spent on this are not commensurate with the goal. Therefore, if you are not an intelligence agent, who needs it. If your device does not support this technology, then think twice, because the security of your home network is at risk.

b) Use a strong password. I wrote a whole book about the importance of a strong password, which you can pick up; in addition, I recommend reading the article. As a rule, you can access the router settings by entering in the browser address bar 192.168.1.1 , where username/password → admin and 1234 respectively. Such passwords can be cracked in a matter of seconds. Use a combination of at least 8 characters (numbers, letters, signs).

c) Hiding the network name(Hide SSID). This point is not mandatory, as it is considered ineffective, but it will not be superfluous. In the router settings, select “Hide SSID”. This is the "name" of your network that we see when scanning the space in searching for WiFi networks. Knowing the name, you can connect to one or another WiFi networks. In properties wireless network("connection" tab) select the following settings.

Well, and finally - for paranoid fans of total security: you can configure the network so that only certain devices, and the rest, even having passed the previous 2 levels, were still not allowed into the network. For this purpose, there are filters based on device MAC addresses.

The names of sections and options are different for different routers and access points, but the meaning remains the same.

The second method → ​​is to use special programs, such as the utility. The program was created to help owners of home WiFi hotspots who want to control the connection third party devices. The program runs on Windows, Mac OS X and Linux.

The program displays a list of participating devices. Green color→ allowed/familiar devices, red → unfamiliar.

General recommendations. Try not to use " shared access» to folders, files and printers, and if you open it, close it as soon as it is no longer needed. By the way, you can check this like this: control panel → network and sharing center.

Hello! I decided to prepare an article in which to collect all the main and most important effective tips and answer your question, how to protect Wi-Fi network . Who will we protect from? From neighbors, of course, but if you need to protect your Wi-Fi network in the office, then from colleagues from a neighboring company :). But seriously, the issue of protecting wireless networks is very relevant now, I drew conclusions from the article in which I described it. The article quickly became popular and received many comments.

Set a password to access the Wi-Fi router settings

This is the first thing you need to do when setting up protection wireless wifi networks. In the router settings, look for the “System Tools” tab, then go to the “Password” tab.

Enter old login and password, then enter a new access name in the form below and twice New Password. Create a good and complex password. Consisting of letters and numbers. And most importantly, remember it yourself :). To save, click “Save”. We continue to configure Wi-Fi network protection.

Set a password for the Wi-Fi network and set the encryption type

IN mandatory, you need to specify the type of encryption you will use for the network and set a strong password. Well, unless you have some kind of cafe and you want to do open access to Wi-Fi for visitors.

Go to the tab “Wireless”, and “Wireless Security”. Next to the WPA/WPA2 – Personal protocol, put a check mark, set the settings as in the screenshot below and in the line opposite “PSK Password:” we come up with good password. This password will be used to connect to Wi-Fi. To save, click “Save”.

The router will offer to reboot it, but if you are still making settings, you don’t have to reboot for now. But the new settings will only work after a reboot.

Another great way protection. We hide Wi-Fi name network, and you can connect to it only if you know what it’s called. Your network will not appear in the list available networks.

We search and go to the “Wireless” tab. And in order to hide the SSID, simply uncheck the “Enable SSID Broadcast” item. That's it, it's simple. Click the “Save” button to save the changes.

Enable device filtering by MAC address

Enabling this function will allow you to connect to the router only those devices that MAC address and which are specified in the settings and are allowed. This is very effective protection, but if you often connect new devices, it will not be very convenient to go into the router settings and enter the MAC address of the device every time.

First you need to find out the MAC addresses of the devices that you want to allow to connect to the Wi-Fi network. They can be viewed in the settings, read more. If this is a phone or tablet, then you can see the address in the settings, in the “About phone” section. And if the device is already connected to the router, then the entire necessary information can be found on the “DHCP” tab – “DHCP Clients List”.

So, go to the “Wireless” tab, and go to “Wireless MAC Filtering”. First, enable this service by clicking on the “Enable” button. Then check the box next to the item “Allow the stations specified by any enabled entries in the list to access.”. This means that only devices that are on the list will be able to connect to Wi-Fi.

And click the “Add New...” button in order to add the MAC addresses of devices that need to be allowed access. Enter the MAC address, description (optional), leave the status Enable (allow) and click the “Save” button.

In this way we add all the devices that you want to allow to connect to your router.

Disable QSS (WPS) service

I wrote in detail about this service and how to use it in the article. But if you do not connect new devices very often and it is not difficult for you to enter the password for the Wi-Fi network, then it is better to disable this service.

To disable, go to the “QSS” tab; for you it may also be called “WPS”, or something like that. And click the “Disabled QSS” button.

This was the last point that I advise you to do for complete Wi-Fi protection networks on your router. All that remains is to reboot the router by clicking on the “click here” link, or do it with a button on the router itself.

That's it friends, that's all I wanted to advise you to protect your wireless network. I hope that the information I have prepared for you will be useful to you. Good luck!

Also on the site:

How to protect a Wi-Fi network? Basic and effective tips updated: February 7, 2018 by: admin

Most of us have been using a Wi-Fi router for a long time. wireless access to the Internet. But such a connection must be protected, otherwise strangers will be able to use it, which will lead to signal deterioration, and in the worst case, to its loss.

Almost all of us know that you must set a password on Wi-Fi, but there are several more ways to secure your network. We will look at how to install a good key to protect your network and use all available security measures for your router.

Since most routers have a standard IP address, anyone can enter it into their device and gain access to the settings. Therefore, before changing them, you need to close the login to the router settings by changing your login and password.

Often, in all models, regardless of manufacturer, the word Admin is used to fill out both of these lines. We should set a new name and key to prevent other people from changing the hardware configuration.

To do this, do the following:

  • Go to System section Tools.
  • Select the Password tab, enter standard and new login information into the settings - come up with an original login and password that will be impossible for others to guess, but easy for you to remember.

Setting a Wi-Fi password

The password is basic remedy wireless network protection. To protect her with good and complex combination as a key, you need to go to the router settings. We will look at how this happens on TP-Link models. So, enter your IP address in the browser, select the Wireless section. Here we select the Wireless Settings item, where a password menu will appear.

Enter the old code, new login information and repeat them on the bottom line. Don't forget to save your changes!

How to create a good key?

  • Use numbers and letters, combine uppercase and lowercase characters.
  • Make the code long - from eight to twelve characters.
  • Most reliable type encryption - WPA-PSK.

Changing the router name

The SSID refers to the name of the Wi-Fi point; it appears to us in the list of enabled networks. Thanks to the name, we know which access point we should connect to, choosing it from the list among other equipment.

But the connection name is available not only to us, but also to everyone who is within the router’s coverage area. Therefore, in addition to creating good key, it is worth hiding the SSID so that it is invisible in the list of connections when searching for a network via Wi-Fi.

To hide the router name, do the following:

  • Go to its settings via address bar browser.
  • Go to the Wireless section and uncheck the box next to Enable SSID Broadcast.

One question remains: how to connect to the network if it is not shown in the list? To do this, select the option below to create a new connection in the list of searches for available networks, and manually enter your username and password. If all data is entered correctly, you will be connected to the Internet.

MAC Address Filtering

A Wi-Fi point can be made visible to a specific number of devices by adding them to the list in the router settings. This is done using the MAC address - every computer, laptop, or smartphone has one.

To find out its coordinates on your PC, go to the Network and Control Center through the Control Panel, select your Internet connection and view the properties. After clicking "Details" you will see the Physical Address - this is the MAC ID.

On other devices, you will find the relevant information in the “About the device” section.

To restrict access by MAC address, follow these steps:

  • Go to the router settings and select the Wireless section, then stop at the Wireless MAC Filtering menu.
  • Here select the line Allow the stations specified by any enabled entries in the list to access. After saving the settings Wi-Fi hotspot will become open only to those devices that are on the list.

How to add your address to settings? In the same menu there is a button Add new..., with its help you enter all the MAC addresses to which you will allow access to the Internet.

This protection option has only one drawback: if new devices are often connected to Wi-Fi, it will be inconvenient to add them to the list each time. Filtering by MAC address is not absolutely reliable, but it should be used in conjunction with other measures to protect your network from foreign equipment.

Setting individual IP addresses

This method of protection is more advanced than the previous one. You create a separate IP using the MAC ID of each individual user, and everyone else will not be able to use Wi-Fi.

To set the address, first of all, go to the DHCP section in the router settings and disable the server of the same name so that the connection coordinates are not determined automatically.

Below on the page you will see a list for entering the equipment to which you will allow connection. First of all, add your computer to it. To do this, you will need its MAC address, and then, at your discretion, come up with a separate IP code for it. And so with everyone next device. Don't forget to change the IP address in your computer's settings to the one you assigned to it in this list.

How to check who is using my Wi-Fi?

Check who is using your Wi-Fi from time to time to make sure your router's security mechanisms are working.

Use the settings, select the Statistics section. Here you will see the MAC addresses of all equipment that uses your Internet connection. Knowing the MAC address of your computer and other devices that you have allowed access to, you can filter them out and see if they are on the list third party addresses other users.

It’s not necessarily the neighbors who steal Wi-Fi, but someone does it unscrupulously. And it seems that the connection speed allows you to share with neighbors, but sometimes it drops. What needs to be done to load the network like this? At the very least, lose your conscience and use someone else’s Internet without permission. But let's get to the point.

Situation - you are surfing the Internet through your wi-fi router. And suddenly the speed drops sharply so that pages are difficult to open. And this is not the first time. It is a completely reasonable idea that someone is stealing Wi-Fi. How to find out if someone is connected to my wifi and how to turn off strangers.

Important! All router descriptions are not universal - we're talking about about specific model TP-LINK may vary for other devices. If you are not confident in your actions, you should not continue.

Find out if anyone is connected to Wi-Fi

Method one. Program. SoftPerfect WiFi Guard

This method is for those who do not want to bother too much and who will carry out diagnostics through Personal Computer. To determine who connected to the router you will need SoftPerfect program WiFi Guard. We find it, for example, through Google and install it. The program is in Russian and installs quickly. Minimum settings required.

In the “main” tab of the “settings” item of the program we find the column - “ network adapter" We select the item, in my case it is Qualcomm Atheros. Click "OK". Then click “scan” in the program window.

The program will show all devices that are connected to our Wi-Fi. If only you are connected, you will see two devices (the “Info” column), which will be designated as “This computer” and “Internet gateway”. That is, your computer and the router itself.

If there are strangers, the program will show them - neighbors’ devices will be displayed in red circles. This is either your neighbors or your other devices.

Method two. Router admin panel

This method does not require additional software. We go to the admin panel of the router. After connecting to the WiFi network, enter the IP address of the router. Typically this is 192.168.1.1. On different models The address may be different - you can check it on the device body. Then enter your username/password. As a rule, this is admin/admin (you can check on the device body).

This is where the difficulties begin. The menu may be different on different router models. On my device, in the “Status” tab we find the “Wireless” item. There is a sign with the MAC addresses of connected devices. If you are connected alone, then there is only one MAC in this table. There are other addresses - neighbors steal Wi-Fi. But it’s important - at this point you can get information about the devices that are connected right now.

More information can be seen in the “Interface Setup” tab, “DHCP” item.

How to disconnect neighbors from Wi-Fi

We offer the simplest and effective way to protect your internet. Namely, we set a password. The neighbors connected to our Internet either because they hacked your password, or because you didn’t set it at all.

The algorithm can be different devices different. On mine it’s like this - in the admin panel of the router, go to the “Interface Setup” tab, “Wireless” item. In the “WPS Settings” column we find the item “Authenticatio n Ty pe". If it is “Disabled”, then change it to “WPA-PSK”. Then the “WPA-PSK” column below appears in the same tab. In the “Pre-Shared Key” field we enter a password - at least 8 characters. All that remains is to click “save”. We reconnect to our Wi-Fi, now we are required to enter a password.

As a rule, you only need to enter the password once on each device (laptop, tablet, smartphone). The device will remember it and enter it automatically.

If you forgot your wi-fi password

If you forgot your Wi-Fi password, it is impossible to recover it - it is stored in the device itself. It can only be reset. To do this, press the “reset” button for a few seconds. The router settings will be deleted and you will need to configure it again.