What if you can't connect to a Wi-Fi network and knocks out "WPA, WPA2 protection preserved"? WiFi security. WEP, WPA, WPA2 encryption

Today we will dig a little deeper into the topic of wireless security. Let's figure out what it is - it is also called "authentication" - and which one is better to choose. Surely when you came across such abbreviations as WEP, WPA, WPA2, WPA2 / PSK. And also some of their varieties - Personal or Enterprice and TKIP or AES. Well, let's take a closer look at all of them and figure out which type of encryption to choose to ensure maximum speed without loss of speed.

Note that it is imperative to protect your WiFi with a password, no matter what type of encryption you choose. Even the simplest authentication will avoid serious problems in the future.

Why do I say that? It's not even that the connection of many left-handed clients will slow down your network - these are just flowers. The main reason is that if your network is not password protected, then an intruder can stick to it, who will perform illegal actions from under your router, and then you will have to answer for his actions, so take the protection of wifi with all seriousness.

WiFi data encryption and authentication types

So, we were convinced of the need to encrypt the wifi network, now let's see what types there are:

What is WEP wifi protection?

WEP(Wired Equivalent Privacy) is the very first standard that has appeared, which no longer meets modern requirements in terms of reliability. All programs configured to hack a wifi network by enumerating characters are aimed primarily at selecting a WEP encryption key.

What is WPA Key or Password?

WPA(Wi-Fi Protected Access) is a more modern authentication standard that allows you to reliably protect the local network and the Internet from illegal penetration.

What is WPA2-PSK - Personal or Enterprise?

WPA2- an improved version of the previous type. Hacking WPA2 is almost impossible, it provides the maximum degree of security, so in my articles I always say without explanation that you need to install it - now you know why.

There are two more flavors of WiFi security standards WPA2 and WPA:

• Personal is referred to as WPA / PSK or WPA2 / PSK. This type is the most widely used and optimal for use in most cases - both at home and in the office. In WPA2 / PSK, we set a password of at least 8 characters, which is stored in the memory of the device that we connect to the router.
• Enterprise- a more complex configuration that requires the RADIUS function on the router to be enabled. It works according to the principle, that is, a separate password is assigned for each separate connected gadget.

WPA Encryption Types - TKIP or AES?

So, we decided that WPA2 / PSK (Personal) would be the best choice for network security, but it has two more types of data encryption for authentication.

• TKIP- today it is already an obsolete type, but it is still widely used, since many devices for a certain number of years of release support only it. Does not work with WPA2 / PSK technology and does not support 802.11n WiFi.
• AES- the latest and most reliable type of WiFi encryption at the moment.

How to choose the type of encryption and put the WPA key on the WiFi router?

With the theory sorted out - let's move on to practice. Since the WiFi 802.11 "B" and "G" standards, which have a maximum speed of up to 54 Mbps, have not been used for a long time - today the norm is 802.11 "N" or "AC", which support speeds up to 300 Mbps and higher , then it makes no sense to consider the option of using WPA / PSK protection with the TKIP encryption type. Therefore, when you configure a wireless network, then set the default

WPA2 / PSK - AES

Or, as a last resort, specify "Auto" as the encryption type in order to provide for the connection of devices with an outdated WiFi module.

In this case, the WPA key, or simply put, the password for connecting to the network, must have from 8 to 32 characters, including English lowercase and uppercase letters, as well as various special characters.

Wireless Security on TP-Link Router

The screenshots above show the control panel of a modern TP-Link router in the new firmware version. The network encryption setting is located here in the "Advanced settings - Wireless mode" section.

In the old "green" version, the WiFi network configurations of interest to us are located in the " Wireless Mode - Security". Do everything as in the picture - it will be super!

If you noticed, there is still such an item as "WPA Group Key Renewal Period". The point is that the real WPA digital key for encrypting the connection is dynamically changed to provide more protection. Here you set the value in seconds after which the change occurs. I recommend not touching it and leaving it at its default - the update interval differs from model to model.

ASUS Router Authentication Method

On ASUS routers, all WiFi parameters are located on one page "Wireless network"

Network protection through Zyxel Keenetic router

Similarly, for Zyxel Keenetic - section "WiFi Network - Access Point"

In Keenetic routers without the "Zyxel" prefix, the encryption type is changed in the "Home network" section.

Configuring the security of the D-Link router

On D-Link we are looking for the section " Wi-Fi - Security»

Well, today we figured out the types of WiFi encryption and terms like WEP, WPA, WPA2-PSK, TKIP and AES and found out which one is better to choose. You can also read about other network security options in one of the previous articles, in which I talk about MAC and IP addresses and other methods of protection.

Video on configuring the type of encryption on the router

Security is a major concern for all wireless LANs (and, for that matter, all wired LANs). Security is as important here as it is for any Internet user. Safety is a complex issue and requires constant attention. Huge harm can be inflicted on the user due to the fact that he uses random hotspots (hot-spots) or open WI-FI access points at home or in the office and does not use encryption or VPN (Virtual Private Network). This is dangerous because the user enters his personal or professional data, and the network is not protected from intrusion.

WEP

It was initially difficult to provide adequate security for wireless LANs.

Hackers could easily connect to almost any WiFi network, breaking early versions of security systems such as Wired Equivalent Privacy (WEP). These events have left their mark, and for a long time some companies were reluctant to implement or not implement wireless networks at all, fearing that data transmitted between wireless WiFi devices and Wi-Fi access points could be intercepted and decrypted. Thus, this security model slowed down the process of integrating wireless networks into the business and made users nervous when using WiFi networks at home. The IEEE then created an 802.11i working group that worked to create a comprehensive security model to provide 128-bit AES encryption and authentication to protect data. The Wi-Fi Alliance has released its own interim version of this 802.11i security specification: Wi-Fi Protected Access (WPA). The WPA module combines several technologies to address the vulnerability of 802.11 WEP systems. Thus, WPA provides strong user authentication using the 802.1x standard (mutual authentication and encapsulation of data transmitted between wireless client devices, access points and a server) and Extensible Authentication Protocol (EAP).

The principle of operation of security systems is schematically shown in Fig. 1

Also, WPA is equipped with a temporary module for encrypting the WEP engine using 128 - bit key encryption and uses the Temporary Key Integrity Protocol (TKIP). And the message checksum (MIC) prevents data packets from being altered or formatted. This combination of technologies protects the confidentiality and integrity of data transmission and ensures security by controlling access so that only authorized users can access the network.

WPA

Further enhancing WPA security and access control is to create a new, unique key master for communication between each user wireless equipment and access points and provide an authentication session. And also, in the creation of a random key generator and in the process of generating a key for each package.

The IEEE ratified the 802.11i standard in June 2004, greatly expanding many of its capabilities thanks to WPA technology. The Wi-Fi Alliance has strengthened its security module in the WPA2 program. Thus, the level of security of data transmission WiFi of the 802.11 standard has reached the necessary level for the implementation of wireless solutions and technologies in enterprises. One of the significant changes in 802.11i (WPA2) over WPA is the use of 128-bit Advanced Encryption Standard (AES). WPA2 AES uses anti-CBC-MAC mode (a mode of operation for a cipher block that allows a single key to be used for both encryption and authentication) to ensure data confidentiality, authentication, integrity, and playback protection. 802.11i also offers key caching and pre-authentication for ordering users by access point.

WPA2

With the 802.11i standard, the entire chain of the security module (login, authorization, authentication and data encryption) becomes more reliable and effective protection against non-targeted and targeted attacks. WPA2 allows the Wi-Fi network administrator to switch from security issues to operations and device management.

The 802.11r standard is a modification of the 802.11i standard. This standard was ratified in July 2008. The technology of the standard transfers key hierarchies more quickly and reliably, based on the Handoff technology, as the user moves between access points. The 802.11r standard is fully compliant with the 802.11a / b / g / n WiFi standards.

There is also the 802.11w standard, which is designed to enhance the security mechanism based on the 802.11i standard. This standard is designed to protect control packages.

802.11i and 802.11w standards are mechanisms for protecting WiFi networks of the 802.11n standard.

Encrypting files and folders in Windows 7

The encryption function allows you to encrypt files and folders that will later be impossible to read on another device without a special key. This feature is present in such versions of Windows 7 as Professional, Enterprise or Ultimate. Next, we will highlight how to enable encryption of files and folders.

Enabling file encryption:

Start -> Computer (select a file for encryption) -> right mouse button on the file-> Properties-> Advanced (General tab) -> Additional attributes-> Put a marker in the item encrypt content to protect data-> Ok-> Apply-> Ok (Select apply to file only) ->

Enabling folder encryption:

Start -> Computer (select a folder for encryption) -> right mouse button on the folder-> Properties-> Advanced (General tab) -> Additional attributes-> Put a marker in the item encrypt content to protect data-> Ok-> Apply-> Ok (Select apply to file only) -> Close Properties dialog (Click Ok or Close).

With the proliferation of wireless networks, the WPA and WPA2 encryption protocols have become known to almost all owners of devices connecting to Wi-Fi. They are indicated in the properties of the connections, and the attention of most users who are not system administrators attracts a minimum. There is enough information that WPA2 is a product of the evolution of WPA, and therefore WPA2 is newer and more suitable for today's networks.

Definition

WPA Is an encryption protocol designed to protect wireless networks of the IEEE 802.11 standard, developed by the Wi-Fi Alliance in 2003 as a replacement for the outdated and insecure WEP protocol.

WPA2 Is an encryption protocol that is an improved development of WPA, introduced in 2004 by the Wi-Fi Alliance.

Comparison

Finding the difference between WPA and WPA2 for most users does not have relevance, since all the protection of a wireless network comes down to choosing a more or less complex password for access. Today the situation is such that all devices operating in Wi-Fi networks are required to support WPA2, so the choice of WPA can only be due to non-standard situations. For example, operating systems older than Windows XP SP3 do not support WPA2 without patches, so machines and devices controlled by such systems require the attention of a network administrator. Even some modern smartphones may not support the new encryption protocol, mainly for off-brand Asian gadgets. On the other hand, some versions of Windows older than XP do not support WPA2 at the GPO level, and therefore require more fine-tuning of network connections in this case.

The technical difference between WPA and WPA2 lies in the encryption technology, in particular, in the protocols used. WPA uses the TKIP protocol, WPA2 uses the AES protocol. In practice, this means that the more modern WPA2 provides a higher degree of network security. For example, the TKIP protocol allows you to create an authentication key up to 128 bits, AES - up to 256 bits.

Conclusions site

1. WPA2 is an enhanced WPA.
2. WPA2 uses the AES protocol, WPA uses the TKIP protocol.
3. WPA2 is supported by all modern wireless devices.
4. WPA2 may not be supported by legacy operating systems.
5. WPA2 is more secure than WPA.

The network security key is a password that you can use to connect to a working Wi-Fi network. The safe functioning of the wireless network directly depends on it. Its main task is to protect the Wi-Fi user (owner) from unauthorized connections to it. It may seem to some that such a connection, in general, will not greatly interfere with the work on the Internet. In fact, it is fraught with a significant decrease in Internet speed. Therefore, the utmost care must be taken when creating a password.

In addition to the complexity of the created password, the type of data encryption greatly affects the security level of a Wi-Fi wireless network. The importance of the type of encryption is explained by the fact that all data transmitted within a particular network is encrypted. Such a system allows you to protect yourself from unauthorized connections, since without knowing the password, a third-party user using his device simply will not be able to decrypt the data transmitted within the wireless network.

Types of network encryption

Wi-Fi routers currently use three different types of encryption.

They differ from each other not only in the number of characters available to create a password, but also in other equally important features.

The most unreliable and less popular type of encryption today is WEP. In general, this type of encryption was used in the past and is rarely used now. And the point here is not only the moral old age of this type of encryption. He's really quite unreliable. Users using WEP-encrypted devices have a fairly high chance that their own network security key will be compromised by a third party. This type of encryption is not supported by many modern Wi-Fi routers.

The last two types of encryption are much more secure and more commonly used. In this case, users have the opportunity to choose the level of network security. For example, WPA and WPA2 support two types of security checks.

One of them is designed for regular users and contains one unique password for all connected devices.

The other is used for businesses and greatly improves the reliability of a Wi-Fi network. Its essence lies in the fact that for each individual device its own unique security key is created.

Thus, it becomes almost impossible to connect to someone else's network without permission.

Nevertheless, when choosing your future router, you should opt for exactly the model that supports WPA2 encryption. It is explained by its greater reliability in comparison with WPA. Although, of course, WPA encryption is quite good quality. Most routers support both of these encryptions.

How to find your Wi-Fi security key

There are several ways to find out your wireless security key.

Today you cannot call it something out of the ordinary. However, many users (especially owners of mobile devices) face the problem of which security system to use: WEP, WPA or WPA2-PSK. What kind of technology it is, we'll see now. However, the greatest attention will be paid to WPA2-PSK, since it is this protection that is most in demand today.

WPA2-PSK: what is it?

Let's say right away: this is a system for protecting any local connection to a wireless network based on WI-Fi. This has nothing to do with wired systems based on network cards using direct Ethernet connections.

With the use of WPA2-PSK technology, it is the most "advanced" today. Even the somewhat outdated methods that require a login and password request, as well as those involving encryption of confidential data during transmission and reception, look, to put it mildly, childish. And that's why.

Varieties of protection

So, let's start with the fact that until recently, the WEP structure was considered the most secure technology for securing a connection. It used a key integrity check when connecting any device wirelessly and was the IEEE 802.11i standard.

WPA2-PSK WiFi network protection works, in principle, in much the same way, but it checks the access key at the 802.1X level. In other words, the system checks all possible options.

However, there is also a newer technology called WPA2 Enterprise. Unlike WPA, it not only requires a personal access key, but also a Radius server providing access. At the same time, such an authentication algorithm can work simultaneously in several modes (for example, Enterprise and PSK, using AES CCMP level encryption).

Basic security and safety protocols

As well as receding into the past, modern security methods use the same protocol. This is TKIP (WEP security system based on software update and RC4 algorithm). All this involves entering a temporary key to access the network.

As practical use has shown, such an algorithm by itself did not provide special security for a connection in a wireless network. That is why new technologies were developed: first WPA and then WPA2, supplemented by PSK (Personal Access Key) and TKIP (Temporary Key). In addition, it also included the transmit and receive data, today known as the AES standard.

Outdated technology

The WPA2-PSK security type is relatively new. Before that, as mentioned above, the WEP system was used in combination with TKIP. TKIP protection is nothing more than a means of increasing the bit width of the access key. At the moment, it is believed that the basic mode allows you to increase the key from 40 to 128 bits. With all this, you can also change one single WEP key to several different ones, generated and sent automatically by the server itself, which authenticates the user upon login.

In addition, the system itself provides for the use of a strict hierarchy of key distribution, as well as a technique that allows you to get rid of the so-called predictability problem. In other words, when, for example, for a wireless network using WPA2-PSK security, the password is set in the form of a sequence like "123456789", it is easy to guess that the same key and password generator programs, usually called KeyGen or something like that, when you enter the first four characters, the next four can be automatically generated. Here, as they say, you don't have to be unique to guess the type of sequence used. But this, as it is probably already understood, is the simplest example.

As for the user's date of birth in the password, this is not discussed at all. You can easily be calculated using the same registration data in social networks. Themselves digital passwords of this type are completely unreliable. It is better to use together numbers, letters, as well as symbols (you can even non-printable if you specify a combination of "hot" keys) and a space. However, even with this approach, WPA2-PSK cracking is still possible. Here it is necessary to explain the methodology of the system itself.

Typical access algorithm

Now a few more words about the WPA2-PSK system. What is it in terms of practical application? This is a combination of several algorithms, so to speak, in an operating mode. Let us explain the situation with an example.

Ideally, the sequence of execution of the connection protection procedure and encryption of transmitted or received information boils down to the following:

WPA2-PSK (WPA-PSK) + TKIP + AES.

In this case, the main role is played by a shared key (PSK) with a length of 8 to 63 characters. In which sequence the algorithms will be used (whether encryption occurs first, or after transmission, or in the process using random intermediate keys, etc.) is not important.

But even with the presence of protection and an encryption system at the AES 256 level (meaning the bit width of the cipher key), breaking WPA2-PSK for hackers who are knowledgeable in this matter will be a difficult task, but possible.

Vulnerability

Back in 2008, at the PacSec conference, a technique was presented that allows you to hack a wireless connection and read the transmitted data from the router to the client terminal. All this took about 12-15 minutes. However, it was not possible to crack the postback (client-router).

The fact is that when the QoS router mode is enabled, you can not only read the transmitted information, but also replace it with a fake one. In 2009, Japanese experts presented a technology that reduced the time of cracking to one minute. And in 2010, information appeared on the Web that the easiest way to hack the Hole 196 module, which is present in WPA2, using your own private key.

We are not talking about any tampering with the generated keys. First, a so-called dictionary attack is used in combination with brute-force, and then the wireless connection space is scanned in order to intercept the transmitted packets and then record them. It is enough for the user to make a connection, and immediately de-authorization occurs, interception of the transmission of initial packets (handshake). After that, even being in the vicinity of the main access point is not required. You can safely work offline. True, to perform all these actions, you will need special software.

How to Hack WPA2-PSK?

For obvious reasons, the full algorithm for cracking the connection will not be given here, since it can be used as some kind of instruction for action. Let us dwell only on the main points, and then - only in general terms.

As a rule, with direct access to the router, it can be switched to the so-called Airmon-NG mode to monitor traffic (airmon-ng start wlan0 - renaming the wireless adapter). After that, the traffic is captured and fixed using the airdump-ng mon0 command (tracking channel data, beacon speed, encryption speed and method, amount of data transferred, etc.).

Next, the command to fix the selected channel is activated, after which the Aireplay-NG Deauth command is entered with the accompanying values ​​(they are not given for reasons of the legality of using such methods).

After that (when the user has already passed authorization upon connection), the user can simply be disconnected from the network. In this case, upon re-entry from the hacking side, the system will re-authorize the entry, after which it will be possible to intercept all access passwords. Next, a handshake window will appear. Then you can use the launch of a special WPAcrack file that will allow you to crack any password. Naturally, how exactly it is launched, no one will tell anyone. Let's just note that with certain knowledge, the whole process takes from several minutes to several days. For example, an Intel-class processor running at a nominal 2.8 GHz clock speed can process no more than 500 passwords per second, or 1.8 million per hour. In general, as is already clear, do not flatter yourself.

Instead of an afterword

That's it for WPA2-PSK. What it is, perhaps, from the first reading it will not be clear. Nevertheless, it seems that any user will understand the basics of data protection and the encryption systems used. Moreover, today almost all owners of mobile gadgets are faced with this. Ever notice that when creating a new connection on the same smartphone, the system offers to use a certain type of security (WPA2-PSK)? Many simply do not pay attention to it, but in vain. In advanced settings, you can use a fairly large number of additional parameters in order to improve the security system.

Many people today have a Wi-Fi router at home. After all, it is much easier to wirelessly connect to the Internet a laptop, a tablet, and a smartphone, of which there are more than people in every family. And he (the router) is essentially a gateway to the information universe. Read the front door. And it depends on this door whether an uninvited guest comes to you without your permission. Therefore, it is very important to pay attention to the correct configuration of the router so that your wireless network is not vulnerable.

I don't need to be reminded that hiding the SSID of an access point does not protect you. Restricting access by MAC address is not effective. Therefore, only modern encryption methods and a complex password.

Why encrypt? Who needs me? I have nothing to hide

It's not so scary if they steal the PIN code from the credit card and withdraw all the money from it. Moreover, if someone will use the Internet at your expense, knowing the Wi-Fi password. And it's not so scary if they publish your photos from corporate parties where you are in an unsightly state. It is much more offensive when intruders break into your computer and delete photos of how you took your son from the hospital, how he took his first steps and went to first grade. Backups are a separate topic, they certainly need to be done ... But your reputation can be restored over time, money can be earned, but the photographs that are dear to you are gone. I think everyone has something that he does not want to lose.
Your router is the border device between private and public, so set it up to the fullest. Moreover, it is not so difficult.

Encryption technologies and algorithms

I omit the theory. It doesn't matter how it works, the main thing is to be able to use it.
Wireless security technologies have evolved in the following chronological order: WEP, WPA, WPA2. The encryption methods RC4, TKIP, AES have also evolved.
The best in terms of security today is the WPA2-AES bundle. This is how you should try to configure Wi-Fi. It should look something like this:

WPA2 has been required since March 16, 2006. But sometimes you can still find equipment that does not support it. In particular, if you have Windows XP installed on your computer without Service Pack 3, WPA2 will not work. Therefore, for compatibility reasons, on routers you can find WPA2-PSK -> AES + TKIP settings and another menagerie.
But if you have a modern fleet of devices, then it is better to use WPA2 (WPA2-PSK) -> AES, as the most secure option today.

What is the difference between WPA (WPA2) and WPA-PSK (WPA2-PSK)

The WPA standard provides Extensible Authentication Protocol (EAP) as the basis for the user authentication mechanism. An indispensable condition for authentication is the presentation by the user of a certificate (otherwise called a mandate) confirming his right to access the network. For this right, the user is checked against a special database of registered users. Without authentication, the user will be prohibited from browsing the network. The database of registered users and the verification system in large networks are usually located on a special server (most often RADIUS).
The simplified Pre-Shared Key (WPA-PSK, WPA2-PSK) mode allows you to use a single password that is stored directly in the router. On the one hand, everything is simplified, there is no need to create and maintain a user base, on the other hand, everyone logs in under the same password.
At home, it is more advisable to use WPA2-PSK, that is, the simplified mode of the WPA standard. Wi-Fi security does not suffer from this simplification.

Wi-Fi access (encryption) password

Everything is simple here. The password for your wireless access point (router) must be more than 8 characters long and contain letters in different case, numbers, punctuation marks. And he should not be associated with you in any way. This means that you cannot use dates of birth, your names, car numbers, phone numbers, etc. as a password.
Since it is practically impossible to break WPA2-AES head-on (there were only a couple of cases simulated in laboratory conditions), the main methods of WPA2 cracking are dictionary attacks and brute-force (sequential search of all password options). Therefore, the more complex the password, the less chances attackers have.

... in the USSR, automatic lockers became widespread at railway stations. One letter and three numbers were used as a combination of the lock. However, few people know that the first version of the lockers used 4 digits as a code combination. What is the difference, it would seem? After all, the number of code combinations is the same - 10,000 (ten thousand). But as practice has shown (especially the Moscow Criminal Investigation Department), when a person was asked to use a 4-digit combination as a password for a locker, a lot of people used their year of birth (so as not to forget). What the cybercriminals did not unsuccessfully use. After all, the first two digits in the date of birth of the absolute majority of the country's population were known - 19. It remains by eye to determine the approximate age of the baggage handler, and any of us can do this with an accuracy of +/- 3 years, and in the remainder we get (more precisely, attackers) less 10 combinations for selecting an access code to an automatic storage locker ...

Most popular password

Human laziness and irresponsibility take their toll. Here is a list of the most popular passwords:

1. 123456
2. qwerty
3. 111111
4. 123123
5. 1a2b3c
6. Date of Birth
7. Cell phone number

Password security rules

1. To each his own. That is, the router password should not be the same as any of your other passwords. From mail for example. Make it a rule that all accounts have their own passwords and they are all different.
2. Use strong passwords that cannot be guessed. For example: 2Rk7-kw8Q11vlOp0

The Wi-Fi password has one huge plus. You don't need to memorize it. It can be written on a piece of paper and glued to the bottom of the router.

Guest Wi-Fi zone

If your router allows you to organize a guest area. Be sure to do it. Naturally protecting it with WPA2 and a strong password. And now, when friends come to your home and ask for the Internet, you do not have to tell them the main password. Moreover, the guest area in routers is isolated from the main network. And any problems with your guests' devices won't affect your home network.

What can be more important nowadays than protecting your home Wi-Fi network 🙂 This is a very popular topic, on which more than one article has already been written on this site. I decided to collect all the necessary information on this topic on one page. Now we will take a closer look at the issue of protecting a Wi-Fi network. I will tell and show you how to protect Wi-Fi with a password, how to do it correctly on routers from different manufacturers, which encryption method to choose, how to guess the password, and what you need to know if you are thinking of changing the wireless network password.

In this article we will talk exactly about securing your home wireless network... And about password protection only. If we consider the security of some large networks in offices, then it is better to approach security there a little differently. (at least another authentication mode)... If you think that one password is not enough to protect a Wi-Fi network, then I would advise you not to bother. Set a good, strong password according to this instruction, and don't worry. It is unlikely that someone will spend time and effort to hack your network. Yes, you can, for example, hide the network name (SSID) and set filtering by MAC addresses, but these are unnecessary troubles that in reality will only bring inconvenience when connecting and using a wireless network.

If you are thinking about how to protect your Wi-Fi, or leave the network open, then the solution here can only be one - to protect. Yes, the Internet is unlimited, but almost every house has its own router, but over time, someone will connect to your network. And why do we need this, after all, extra clients, this is an extra load on the router. And if it is not expensive for you, then it simply will not withstand this load. And also, if someone connects to your network, then they can access your files. (if local network is configured), and access to the settings of your router.

Be sure to protect your Wi-Fi network with a good password with correct (modern) encryption method. I advise you to install protection immediately when setting up the router. Also, it would be nice to change your password from time to time.

If you are worried that someone will hack your network, or have already done so, then just change the password and live in peace. By the way, since you will all be entering the control panel of your router, I would also advise which one is used to enter the router settings.

Properly securing your home Wi-Fi network: which encryption method should you choose?

In the process of setting the password, you will need to select the encryption method for the Wi-Fi network (authentication method)... I recommend installing only WPA2 - Personal, encrypted by the algorithm AES... For a home network, this is the best solution, currently the newest and most reliable. This is exactly the kind of protection that router manufacturers recommend.

Only on one condition that you do not have old devices that you want to connect to Wi-Fi. If, after setting up, some old devices refuse to connect to the wireless network, then you can set the protocol WPA (with TKIP encryption algorithm)... I do not recommend installing the WEP protocol, as it is already outdated, not secure and can be easily hacked. And there may be problems with connecting new devices.

Combination protocol WPA2 - Personal with AES encryption, this is the best option for a home network. The key (password) itself must be at least 8 characters long. The password must be composed of English letters, numbers and symbols. The password is case sensitive. That is, "111AA111" and "111aa111" are different passwords.

I do not know what kind of router you have, therefore, I will prepare small instructions for the most popular manufacturers.

If after changing or setting the password you have problems connecting devices to the wireless network, then see the recommendations at the end of this article.

I advise you to immediately write down the password that you will be setting. If you forget it, you will have to install a new one, or.

Protecting Wi-Fi with a password on Tp-Link routers

We connect to the router (via cable, or via Wi-Fi), launch any browser and open the address 192.168.1.1, or 192.168.0.1 (the address for your router, as well as the standard username and password are indicated on the sticker on the bottom of the device itself)... Provide your username and password. By default, these are admin and admin. In, I described in more detail the entrance to the settings.

In the settings go to the tab Wireless(Wireless) - Wireless security(Wireless Security). Place a check mark next to the protection method WPA / WPA2 - Personal (Recommended)... In the dropdown menu Version(version) select WPA2-PSK... On the menu Encryption(encryption) set AES... In field Wireless password(PSK Password) provide a password to protect your network.

Setting a password on Asus routers

In the settings, we need to open the tab Wireless network, and make the following settings:

• In the drop-down menu "Authentication Method" select WPA2 - Personal.
• "WPA encryption" - install AES.
• In the "Pre-Shared WPA Key" field, write down the password for our network.

Press the button to save the settings. Apply.

Connect your devices to the network with a new password.

Protecting the wireless network of the D-Link router

Go to the settings of your D-Link router at 192.168.0.1. You can watch detailed instructions. In the settings, open the tab Wi-Fi - Security Settings... Set the security type and password as in the screenshot below.

Setting a password on other routers

We also have for ZyXEL and Tenda routers. See the links:

If you did not find instructions for your router, then you can configure the protection of the Wi-Fi network in the control panel of your router, in the settings section, which is called: security settings, wireless network, Wi-Fi, Wireless, etc. Find I think it won't be difficult. And what settings to set, I think you already know: WPA2 - Personal and AES encryption. Well, the key.

If you can't figure it out, ask in the comments.

What if the devices do not connect after installation, password change?

Very often, after installation, and especially after changing the password, devices that were previously connected to your network do not want to connect to it. On computers, these are usually errors "The network settings saved on this computer do not meet the requirements of this network" and "Windows could not connect to ...". On tablets and smartphones (Android, iOS), errors like "Failed to connect to the network", "Connected, protected", etc. may also appear.

These problems are solved by simply removing the wireless network, and reconnecting, this time with a new password. How to remove the network in Windows 7, I wrote. If you have Windows 10, then you need to "forget the network" by. On mobile devices, tap your network, hold, and select "Delete".

If connection problems are observed on old devices, then set the WPA security protocol and TKIP encryption in the router settings.

Password and MAC filtering should protect you from hacking. In fact, safety depends to a large extent on your discretion. Inappropriate security methods, an uncomplicated password, and a frivolous attitude towards strangers on the home network give attackers additional opportunities to attack. In this article, you will learn how you can crack a WEP password, why you should abandon filters, and how to secure your wireless network from all sides.

Protection from intruders

Your network is not secure, therefore, sooner or later an unauthorized user will connect to your wireless network - perhaps not even on purpose, because smartphones and tablets are able to automatically connect to unsecured networks. If he just opens several sites, then, most likely, nothing terrible will happen except for the consumption of traffic. The situation will become more complicated if a guest starts downloading illegal content through your Internet connection.

If you have not yet taken any security measures, then go to the router interface through a browser and change the network access data. A router's address is usually of the form: http://192.168.1.1... If this is not the case, then you can find out the IP address of your network device through the command line. In the Windows 7 operating system, click on the "Start" button and enter the "cmd" command in the search bar. Call the network settings with the "ipconfig" command and find the line "Default gateway". The specified IP is the address of your router, which must be entered in the address bar of the browser. The location of the router security settings varies by manufacturer. As a rule, they are located in the section with the type name “WLAN | Safety".

If your wireless network uses an unsecured connection, you should be especially careful with content that is located in shared folders, since without protection it is at the complete disposal of other users. At the same time, in the Windows XP Home operating system, the situation with shared access is simply catastrophic: by default, you cannot set passwords here at all - this function is present only in the professional version. Instead, all network requests are made through an unsecured guest account. You can secure the network in Windows XP with a little manipulation: start the command line, enter "net user guest YourNewPassword" and confirm the operation by pressing the "Enter" key. After restarting Windows, it will be possible to access network resources only if a password is available, however, more fine-tuning in this version of the OS, unfortunately, is not possible. It is much more convenient to manage the sharing settings in Windows 7. Here, to limit the range of users, just go to the "Network and Sharing Center" in the Control Panel and create a password-protected homegroup.

Lack of proper protection in a wireless network is a source of other dangers, as hackers can use special programs (sniffers) to identify all unsecured connections. Thus, it will be easy for attackers to intercept your identification data from various services.

Hackers

As before, there are two types of security that are most popular today: filtering by MAC address and hiding the SSID (network name): these security measures will not keep you safe. In order to identify the name of the network, the cracker needs a WLAN adapter, which, using a modified driver, switches to monitoring mode, and a sniffer - for example, Kismet. An attacker monitors the network until a user (client) connects to it. Then he manipulates the data packets and thereby "throws" the client from the network. When the user reconnects, the attacker sees the network name. It sounds complicated, but in reality the whole process only takes a few minutes. It is also easy to bypass the MAC filter: the cracker determines the MAC address and assigns it to his device. Thus, the connection of an outsider remains unnoticed by the owner of the network.

If your device only supports WEP encryption, take urgent action - even non-professionals can crack such a password in a few minutes.

Especially popular among cyber fraudsters is the Aircrack-ng software package, which, in addition to a sniffer, includes an application for downloading and modifying WLAN adapter drivers, and also allows you to recover a WEP key. Known hacking methods are PTW and FMS / KoreK attacks, in which traffic is intercepted and a WEP key is calculated based on its analysis. In this situation, you have only two options: first, you should look for the latest firmware for your device that will support the latest encryption methods. If the manufacturer does not provide updates, it is better to refuse to use such a device, because in doing so you endanger the security of your home network.

The popular advice to reduce the range of Wi-Fi only gives a semblance of protection. Neighbors will still be able to connect to your network, and attackers often use long-range Wi-Fi adapters.

Public hotspots

Places with free Wi-Fi attract cyber fraudsters, as huge amounts of information pass through them, and anyone can use hacking tools. Public hotspots can be found in cafes, hotels and other public places. But other users of the same networks can intercept your data and, for example, take control of your accounts on various web services.

Cookies protection. Some attack methods are really so simple that anyone can use them. The Firesheep Firefox extension automatically reads and lists the accounts of other users, including Amazon, Google, Facebook and Twitter. If a hacker clicks on one of the entries in the list, he will immediately have full access to the account and will be able to change the user's data at his own discretion. Firesheep does not crack passwords, it only copies active unencrypted cookies. To protect against such interceptions, you should use the special HTTPS Everywhere add-on for Firefox. This extension forces online services to always use an encrypted connection over the HTTPS protocol if supported by the service provider's server.

Android protection. In the recent past, a flaw in the Android operating system has attracted widespread attention, due to which fraudsters could access your accounts in services such as Picasa and Google Calendar, as well as read contacts. Google patched this vulnerability in Android 2.3.4, but most of the devices previously purchased by users have older versions of the system. You can use the SyncGuard application to protect them.

WPA 2

The best protection is provided by WPA2 technology, which has been used by computer manufacturers since 2004. Most devices support this type of encryption. But like other technologies, WPA2 also has its weak point: using a dictionary attack or bruteforce ("brute force") hackers can crack passwords - albeit only if they are not reliable. Dictionaries simply iterate over the keys stored in their databases - as a rule, all possible combinations of numbers and names. Passwords like "1234" or "Ivanov" are guessed so quickly that the cracker's computer does not even have time to heat up.

The bruteforce method does not imply the use of a ready-made database, but, on the contrary, brute force a password by listing all possible combinations of characters. In this way, an attacker can calculate any key - the only question is how long it will take him. NASA recommends a password of at least eight characters in its safety instructions, and preferably of sixteen. First of all, it is important that it consists of lowercase and uppercase letters, numbers and special characters. It would take a hacker decades to crack such a password.

Your network is not yet fully secured, since all users inside it have access to your router and can make changes to its settings. Some devices provide additional security features that you should also take advantage of.

First of all, disable the ability to manipulate the router via Wi-Fi. Unfortunately, this feature is only available on select devices such as Linksys routers. All modern models of routers also have the ability to set a password for the management interface, which allows you to restrict access to settings.

Like any program, the firmware of the router is imperfect - minor flaws or critical holes in the security system are not excluded. Usually information about this spreads instantly over the Internet. Check regularly for new firmware for your router (some models even have an automatic update function). Another plus of flashing is that they can add new functions to the device.

Periodic analysis of network traffic helps to recognize the presence of intruders. In the management interface of the router, you can find information about which devices and when were connected to your network. It is more difficult to find out how much data a particular user has uploaded.

Guest access - home network security

If you protect your router with a strong password while using WPA2 encryption, you are no longer in any danger. But only until you share your password with other users. Friends and acquaintances who with their smartphones, tablets or laptops want to access the Internet through your connection are a risk factor. For example, the possibility cannot be ruled out that their devices are infected with malware. However, because of this, you will not have to refuse your friends, since the top models of routers, such as the Belkin N or Netgear WNDR3700, provide guest access especially for such cases. The advantage of this mode is that the router creates a separate network with its own password, and the home network is not used.

Reliability of security keys

WEP (WIRED EQUIVALENT PRIVACY). Uses a pseudo-random number generator (RC4 algorithm) to obtain the key, as well as initialization vectors. Since the last component is not encrypted, it is possible for third parties to intervene and recreate the WEP key.

WPA (WI-FI PROTECTED ACCESS) It is based on the WEP mechanism, but offers a dynamic key for extended security. Keys generated using the TKIP algorithm can be cracked through a Beka-Tevs or Ohigashi-Moriya attack. To do this, individual packets are decrypted, manipulated and sent back to the network.

WPA2 (WI-FI PROTECTED ACCESS 2) It uses the strong AES (Advanced Encryption Standard) algorithm for encryption. Along with TKIP, the CCMP (Counter-Mode / CBC-MAC Protocol) protocol was added, which is also based on the AES algorithm. Until now, it has not been possible to hack a network protected by this technology. The only possibility for hackers is a dictionary attack or brute force method, when the key is guessed by guessing, but with a complex password it is impossible to guess it.

Let's briefly explain what WEP, WPA and WPA2 are and what the difference is between them.

WEP

Decoding: Wired Equivalent Privacy. Translated as Wired Equivalent Security... Apparently, the inventors overestimated the reliability of this type of protection when they gave the name.

WEP is a legacy wireless security mode. Provides a low level of protection. In Windows, WEP security is often referred to as Open. open type.

WPA

Decoding: Wi-Fi Protected Access

It is divided into 2 subspecies:

• WPA-Personal (-Personal Key or -PSK)
• WPA-Enterprise.

WPA-PSK

This option is suitable for home use. For authorization on the network, you only need a security key.

WPA-Enterprise

This is a more advanced and confusing option for corporate networks to provide a higher level of security. A Radius server is required for authorization.

WPA2

WPA2 is a more modern and improved version of WPA security. Likewise, it can work in both modes: PSK and Enterprise. It differs in that it supports the AES CCMP encryption type.

What's better? WEP, WPA or WPA2?

On modern equipment, in most cases, the best option would be to use the mode WPA2-PSK with encryption type AES:

What if I don't know what type of security a wifi network uses?

If you do not know what encryption is used on the access point (router), disconnect from the network and. Then reconnect. You only need to enter the security key. In this case, the security mode will be selected automatically.