How to protect your Wi-Fi from neighbors. How to protect your home router from hackers and neighbors

30.09.2019 Interesting

Today, every third user of the world wide web is widely using entangle the whole house, offering high-speed Internet access for all devices. And rightly so, why not use this opportunity when sitting in an armchair, lying on a sofa or in bed before going to bed, there is Internet access from a smartphone or.

There is one big “BUT” in the whole, so practically beneficial, situation - users very rarely follow the security rules that directly relate to access to Wi-Fi. As time passes, we begin to notice that the speed of the Internet connection has decreased, and the printer suddenly began to be interested in “nude photos”, occasionally printing them out! The actions of a “joker” who has connected to your network are not limited to simply accessing the Internet or a printer, with a little dexterity, more confidential information becomes available to a third-party user, such as your funds in electronic wallets. Therefore, securing the wireless network and yourself is the number one task, especially for users living in an apartment building.

How to secure access to Wi-Fi from external intrusion

Usually, the user, having noticed the incorrect operation of the computer associated with the network, is in a hurry to apply a reset. This is apparently, by analogy with the system unit, which suddenly freezes. And here, we are looking for a thin object to get to the hidden "Reset" button on the body of the network equipment. Often, such actions save for a short time, and the situation is in a hurry to repeat itself ...

Ways to protect Wi-Fi access:

The main step to security will be a simple change in the access password to. Indeed, after configuration by a specialist (or self-configuration), the equipment continues to store factory credentials. And here, you don’t have to be a “computer genius” to enter the settings panel through the web interface!
Note! The ability to configure the router control panel is not available in all models of equipment, so the following advice is more practical in execution.
The next wish concerns the password for accessing the network. Users frivolously approach the choice of this cipher. Sometimes we refer to our weak memory, but at the same time we reset it with enviable constancy!
Therefore, it is better to set up the WPA2 encryption algorithm once, and come up with a 10-digit password that you will change at least occasionally. For it, select a random set of letters and numbers, and simply write down the invented combination on a piece of paper or on the box from the router.

Note! Do not create readable passwords. Surnames and names in the English layout - it's hard to come up with, but easy to pick up!
Next, it's a good idea to opt out of the WPS feature that creates a numeric PIN for new devices. The feature is enabled by default on most access point models. If you do not have to constantly connect various smartphones or tablets, then there will be no difficulties.
Note! Even if there is a need to regularly connect new gadgets, it is enough to enter the access password every time! A small price to pay for home network security.
The next recommendation is more about attentiveness. Make it a habit to properly leave the web interface of the router, that is, not just by closing the browser tab, but rather by “exiting the control panel”.
Such a precaution is associated with some features of Internet browsers. When visiting pages, browsers save cache and cookies, which are responsible for storing temporary files and resource information. You may have previously noticed that after leaving the site, re-authorization is not required. So this is another loophole for a random attacker!
Note! It would be nice to get into the habit of clearing the cache and cookies of the browser that you actively use (read how to do this in the article:,).
The next steps are rather addressed to advanced users, as they carry some risk. So, first we will change the subnet of the router, since it is set by default and is known to many. Usually, it is an address:
- 192.168.0.0
- 192.168.1.0
- 192.168.1.1
Moreover, the address is indicated on the body of the device, nothing prevents us from changing the IP address through the web interface and giving the local subnet a new name that is different from the factory one.

Is the most important electronic device in their lives. It connects most other devices to the outside world and that is why it is of maximum interest to hackers.

Unfortunately, many home and small business routers come with an insecure default configuration, undocumented management accounts, outdated services, and old firmware versions that are easy to hack with well-known tricks. Alas, users themselves will not be able to fix some of these problems, but nevertheless, a number of actions can be taken to protect these devices from at least large-scale automated attacks.

Basic actions

Avoid using routers provided by ISPs. First, they are often more expensive. But that's not the biggest problem. Such routers are usually less secure than those models sold by manufacturers in stores. Very often, they contain hard-coded remote support credentials that users cannot change. Updates for modified firmware versions often lag behind releases for commercial routers.

Change the default administrator password. Many routers come with typical administrator (admin/admin) passwords, and attackers are constantly trying to log in to devices using these well-known credentials. After connecting to the router's management interface through a browser for the first time - its IP address is usually found on a sticker on the bottom or in the user's manual - the first thing you need to do is change the password.

Also, the web interface of the management router must not be accessible from the Internet. For most users, managing the router from outside the local network is simply not necessary. However, if you still have a need for remote management, consider using a VPN to create a secure connection to the local network and only then access the router interface.

Even inside the local network, it is worth limiting the range of IP addresses from which you can control the router. If this option is available on your model, it's best to allow access from a single IP address that is not in the pool of IP addresses assigned by the router via DHCP (Dynamic Host Configuration Protocol). For example, you can configure the router's DHCP server to assign IP addresses from 192.168.0.1 to 192.168.0.50, and then configure the web interface to only accept an administrator from 192.168.0.53. The computer must be manually configured to use this address only when it is necessary to administer the router.

Enable access to the router interface via the https protocol if there is support for a secure connection, and always log out, closing the session when the configuration is complete. Use your browser in incognito mode or private mode to prevent cookies from being automatically saved, and never let your browser save your router interface username and password.

If possible, change the router's IP address. Most often, routers are assigned the first address in a predefined range, such as 192.168.0.1. If such an option is available, change it to 192.168.0.99 or some other address that is easy to remember and is not part of the DHCP pool. By the way, the entire range of addresses used by the router can also be changed. This helps protect against spoofed cross-site requests (CSRF) when the attack occurs through users' browsers and using a generic IP address typically assigned to such devices.

Create a complex Wi-Fi password and choose strong protocol security. WPA2 (Wi-Fi Protected Access 2) is better than the older WPA and WEP, which are more vulnerable to attacks. If the router provides this option, create a guest wireless network, also securing it with WPA2 and a complex password. Have visitors or friends use this isolated segment of the guest network, not your main network. They may not have malicious intent, but their devices may have been hacked or infected with malicious software.

Disable the WPS function. This rarely used feature is designed to help users set up Wi-Fi using the PIN printed on the label on the router. However, in many implementations of WPS versions provided by various vendors, a serious vulnerability was found several years ago that allows hackers to break into networks. And since it will be difficult to determine which specific router models and firmware versions are vulnerable, it is better to simply disable this feature on the router if it allows it. Instead, you can connect to the router through a wired connection and through the web management interface, for example, configure Wi-Fi with WPA2 and a custom password (no WPS at all).

The fewer services on your router that are exposed to the Internet, the better. This is especially true in cases where you did not turn them on, and perhaps you do not even know what they do. Services such as Telnet, UPnP (Universal Plug and Play), SSH (Secure Shell), and HNAP (Home Network Administration Protocol) should not be enabled for the external network at all, as they potentially pose security risks. However, they should also be turned off on the local network if you are not using them. Online services like Shields UP from Gibson Research Corporation (GRC) can simply scan your router's public IP address for open ports. By the way, Shields Up is able to conduct separate scanning specifically for UPnP.

Make sure your router firmware is up to date. Some routers allow you to check for firmware updates right from the interface, while others even have an automatic update feature. But sometimes these checks may not work correctly due to changes on the manufacturer's servers, for example, after several years. Therefore, you should regularly check the manufacturer's website manually to find out if there is a firmware update for your router model.

More complex actions

You can use network segmentation to isolate it from a risky device. Some consumer routers provide the ability to create VLANs (virtual local area networks) within a large private network. Such virtual networks can be used to isolate devices from the Internet of Things (IoT) category, which can be full of vulnerabilities, as researchers have repeatedly proven (Bird Kiwi addressed this problem in the previous issue of PC World - ed.). Many IoT devices can be controlled with a smartphone through external cloud services. And since they have access to the Internet, such devices, after the initial setup, should not interact with smartphones directly over the local network. IoT devices often use insecure administrative protocols for the local network, so that an attacker can easily hack into such a device using an infected computer if they are both on the same network.

With MAC address filtering, you can keep dangerous devices out of your Wi-Fi network. Many routers allow you to limit the list of devices eligible to join a Wi-Fi network by their MAC address - a unique identifier for a physical network card. Enabling this feature will prevent an attacker from connecting to a Wi-Fi network, even if he manages to steal or guess the password. The disadvantage of this approach is that manually managing the list of allowed devices can quickly become an administrative burden for large networks.

Port forwarding should only be used in conjunction with IP filtering. Services running on a computer behind a router will not be accessible from the Internet unless port forwarding rules are defined on the router. Many programs try to open router ports automatically via UPnP, which is not always safe. If you disable UPnP, these rules can be added manually. Moreover, some routers even allow you to specify an IP address or a whole block of addresses that can connect to a specific port in order to access a particular service within the network. For example, if you want to access an FTP server on your home computer while at work, you can create a port 21 forwarding (FTP) rule on your router, but only allow connections from your company's block of IP addresses.

Custom firmware can be more secure than factory firmware. There are several Linux based and community supported firmware projects for a wide variety of home routers. They tend to offer advanced features and customizations compared to the factory firmware, and the community fixes their shortcomings faster than the router manufacturers themselves. Since these firmware are marketed for enthusiasts, the number of devices that use them is much smaller than devices with firmware from the manufacturer. This greatly reduces the likelihood of extensive attacks on custom firmware. However, it is very important to keep in mind that uploading firmware to a router requires good technical knowledge. It is likely that you will void the warranty, and in the event of an error, the device may fail. Take this into account, because you have been warned!

How to protect yourself

Check if the remote access feature is enabled on your router. It is often found in devices that are given by communication providers. Providers need remote access for business: it's easier for them to help users with network settings. However, providers may leave the default password in the web interface, which makes you easy prey for hackers.

If you can log in to the web interface with the standard username and password admin / admin, be sure to change the password and write it down. When the provider sets up your router remotely, just say that you changed the password for security reasons and dictate it to the operator.

Instructions for protecting the router

Set a strong password for Wi-Fi.
Change the default administrator password.
If the router is not from the provider, disable remote access.
If you don't know how to do it all, call a computer wizard you trust.

They ask how to secure a WiFi network. In this article, we will look at several techniques that will greatly complicate access to your network by unwanted users.

But when you create a Wi-Fi network, there is a threat to the security of your data. Everything that is transmitted over a wireless network is broadcast over a fairly tangible distance and attackers can gain access to this data. In order to protect a WiFi network from such an attack, you need to take a few simple steps.

Use a strong password to access your router settings

When configuring, be sure to change the default password. This does not follow the password path to access the router with a password (key) to connect to the network.

Use strong security mode.

Wireless -> Wireless Security (Wireless -> Wireless Security).
In field Version (version) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

Disable WPS

Was the information helpful?

General articles: General articles

When you connect to public Wi-Fi, such as in a cafe, the data is transferred unencrypted. This means that your passwords, logins, correspondence and other confidential information become available to intruders. Email addresses may be used to send spam and your social media page data may be changed.

Your home Wi-Fi network can also be at risk if:

The network is protected with a light password.
The network has a common name.
Disabled encryption.

Open router settings

Enter the IP address of the router in the address bar of the browser, you will be taken to the authorization page for the router settings. The IP address of the router is located on the back of the device and in the user manual.
On the login page, enter your username and password. They are listed on the back of the router.

Create a strong password to access your router

As a rule, standard login and password are used to access the router settings. An attacker can find out the username and password from your router by downloading the user manual for the device from the manufacturer's website.

To prevent this from happening, change the password to the router. Use best practices for creating strong passwords.

Come up with a unique name (SSID) for the Wi-Fi network

Often rainbow tables are used to crack passwords. Pre-built rainbow tables for popular SSIDs store millions of possible passwords. If your SSID and password are in such a table, then an attacker will be able to instantly recover the network password using special programs.

To increase the security of your home wireless network, create a non-common SSID.

Router interfaces vary depending on the manufacturer, specific model and firmware version. To navigate the router settings, use the user manual for your model. As a rule, it is attached to the router, or you can download it from the website of the device manufacturer.

Enter the IP address of the router in the address bar of the browser, you will be taken to the authorization page for the router settings. The IP address of the router is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, select Wireless Mode -> Wireless Settings (Wireless -> Wireless Settings).
In field Network name (Wireless Network Name) think up and enter the name of the Wi-Fi network.
Click Save (Save).

Create a strong password for your Wi-Fi network

Without a password, your Wi-Fi network will be accessible to everyone. A strong password will not allow unauthorized people to connect to it. Use best practices for creating strong passwords.

For example, we show the configuration of the TP-Link TL-WR841N router. To change your password:

Enter the IP address of the router in the address bar of the browser, you will be taken to the authorization page for the router settings. The IP address of the router is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, select Wireless -> Wireless Security (Wireless -> Wireless Security).
In field PSK password (PSK Password) think up and enter a password for the Wi-Fi network.
Click Save (Save).

Make your Wi-Fi network invisible

Hide the network name in the router settings. As a result, your Wi-Fi network will not appear in the list of available wireless networks. It will be impossible to detect it without special software.

Turn on encryption

When you work on a network with weak encryption, your data can be intercepted by intruders. If you're connecting to your home network and you're getting a weak encryption message, change the encryption type to a stronger one. Common types of wireless network encryption:

The main difference between them is the level of protection. WEP is inferior to others in terms of reliability, but is supported by older hardware. WPA2 is the most secure.

For example, we show the configuration of the TP-Link TL-WR841N router.

To change the wireless encryption type:

Enter the IP address of the router in the address bar of the browser, you will be taken to the authorization page for the router settings. The IP address of the router is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, select Wireless -> Wireless Security (Wireless -> Wireless Security).
In field Version (version) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

As practice shows, most users forget or neglect the protection of their home network immediately after setting a password on Wi-Fi.

Protecting a wireless network is not the easiest, but very important task.

Having gained access to your network, an attacker can place illegal content with impunity or take over your channel and significantly reduce the connection speed, for which you, by the way, pay. It can also access not only your computer, but all the devices on your network.

Instead of tempting fate, let's go through simple and obvious activities that users often neglect.

Hiding the SSID

The name of the network or SSID (Service Set Identifier), which we see when scanning the space around, looking for Wi-Fi. Knowing this network name, you can connect to a particular Wi-Fi network. By default, routers and access points show the SSID of your network to everyone. However, it can be disabled in the section of your router or access point. This section has an option “enable SSID” (Enable SSID) or “disable SSID” (Disable SSID). Set or uncheck the box, depending on the name of the option in the corresponding router setting.

Turn on encryption

The next point is channel encryption. This option is also under “Wireless Settings” and called “encryption type” (Encryption settings). Expand the drop-down list and see pieces of 5 options to choose from ( depending on router model). How do some types of encryption differ from others?

WEP (WIRED EQUIVALENT PRIVACY).
It came out back in the late 90s and is one of the weakest types of encryption. In many modern routers, this type of encryption is completely excluded from the list of possible encryption options. The main problem with WEP is an error in its design. WEP actually transmits a few bytes of the encryption key(password) along with each data packet. Thus, regardless of the complexity of the password, it is possible to crack any access point encrypted with WEP by capturing enough packets to crack the password.

WPS/QSS
WPS, aka QSS - allows you to forget about the password and connect to the network by simply pressing a button on the router. WPS allows a client to connect to an access point using an 8-character code consisting of numbers. But not everything is so rosy. By using only numbers, WPS is much less secure than WEP and get access to your network is not difficult.

WPA and WPA2 (WI-FI PROTECTED ACCESS)
Some of the most modern types of encryption at the moment and new ones have not yet been invented. WPA/WPA2 support two different modes of initial authentication (password verification for client access to the network) - PSK and Enterprise.

WPA PSK or WPA Personal- This is the most common encryption option for home Wi-Fi networks. Connection to the network is carried out using a single password, which is entered on the device when connecting.

WPA Enterprise differs from WPA Personal in that it requires a separate server - RADIUS (Remote Authentication Dial In User Service). Essentially, a RADIUS server is a remote user authentication service that verifies the user's credentials for authentication.

Setting up a MAC address filter

The most radical way to secure your home Wi-Fi network is to configure device filtering by MAC address. A MAC address is a unique identifier for your device on a network. It can be used to filter devices that are allowed access to your network or vice versa.

We go to the router settings section, which is called “MAC filtering” (MAC Filtering). In it, add the MAC addresses that can log in to your network. The MAC address of your device can be viewed either in the properties of the wireless connection, in the section "additionally", if it is a computer, or in the settings of a smartphone or tablet, in the section “About Device”. The MAC address consists of 6 blocks of 2 digits in hexadecimal, separated by hyphens. For example: A0-23-1D-14-8C-C9 .

Enable guest access

By restricting network access by MAC address, you will significantly increase the security level of your network. But what about friends and acquaintances who want to access the Internet through your connection, from their smartphones or tablets? Adding the MAC address of each device is clearly longer than just giving the Wi-Fi password. In this case, most modern routers provide guest access. Guest access means that the router creates a separate network with its own password, unrelated to your home. You can enable guest access (if available) in the section “home network settings” (Home Network) or in “Wireless Network Settings”.

After all the settings, you can already use the Wi-Fi network at home. But in order to achieve maximum security of such an Internet connection (excluding unauthorized users from entering the Wi-Fi network), you need to make additional settings for your router.

MAC address filtering

The first way to protect your network is through MAC address filtering. Each device has a Mac address, and it is different for each such device. For example, for a computer, its MAC address can be found here: Start ⇒ Control Panel ⇒ Internet ⇒ Network and Sharing Center ⇒ Change adapter settings and find the wireless connection you created for the router.

Double-click on the icon of this connection and in the window that opens, click on "details". And there you will see the entry "physical address" and this is the mac address.

It is this address that must be entered in the router to configure security. To do this, go to the admin part of the router, select the "wireless network" section. And in this section you are looking for the item "MAC Address Filter".

Enter your Mac address here and select the "accept" filtering mode.

This way you can add the addresses of all computer devices that you think should be able to access your Wi-Fi network. After that, click "apply" and wait for the router to reboot with the new parameters.

Hiding the network name

Each Wi-Fi device can see which networks are currently available on that hotspot. So that no one sees your network, you need to hide its name (SSID) and it will not be visible in the list of available networks, but you will remember this name, so you can always connect to this network.

In the "Wireless networks" section on the "general" tab, you can make changes to your SSID. There is an item "hide SSID", select "Yes" and click apply to save the settings.

After that, the settings page may become unavailable. To return to the settings, you need to connect to a Wi-Fi network with the new security settings.

Your network will now appear as "Other networks" on Wi-Fi devices. You select this particular network when you want to connect to Wi-Fi, and you will be prompted to enter the network name, because you have hidden it in the router settings. This name is known only to you and to whom you told it, so you enter the name of the network. Next, you will be required to enter the security key (password), which you also set in the router settings.

After that, the computer connects to Wi-Fi and you need to refresh the page with the settings for re-logging in the browser.

Firewall settings

By selecting the menu item "Firewall" you will be taken to the settings window for this firewall. This is where you turn it on first. In another way, it is also called Firewall and serves to protect against unwanted connections to the Internet. After that click apply.

Working hours

Also in the settings for greater security, you can configure the allowed operating time of the router. This can be done if you know for sure that at some time you will not go online. For example, you will be at work or sleeping, etc. This can be done in the "Wireless network" section in the "professional" tab. There you can choose the days of work and time.

Filtering by IP addresses

By default, the router settings are set to automatically distribute IP addresses to everyone who will connect to the Wi-Fi network. To configure the permission to work only for certain IP addresses, you need to go to the "LAN" section. There you select the item “DHCP server”.

If the DHCP server is enabled, it means that the router automatically distributes IP addresses. For this, a range of possible IP addresses is also indicated. From this range (by the difference of the last of the four groups of numbers in the IP address), you can find out how many devices can be connected. For example, if the start address ends with "2" and the end address ends with "254", then 253 devices can be connected at the same time.

To enable filtering by IP addresses, you need to disable the DNS server, which will mean that there will be no automatic distribution of IP addresses to connected devices. After that, you need to manually assign IP addresses to each device. You need to enter a MAC address from each device and assign it your own IP address of this kind “192.168.1.*” and instead of the “*” sign, any number from 1 to 254. After each input of a new device, click “add”.

After you add all your devices like this, you need to register its IP address in the settings for each device.

You write down the IP address assigned in the router, the subnet mask is standard “255.255.255.0”, and the default gateway is the IP address of the router. In order to view it, go to the router settings window in the "Network Map" section.

When all the data is entered in the device settings, click "OK".

In the "LAN" section of the router, also click "apply" and it will reboot with new settings for filtering IP addresses. With these settings, each device will have only one IP address. Then no other device will connect until you assign an IP address to it in the router settings or until you turn on the DNS server service again to automatically distribute addresses. But then, in each device, you need to return the settings to automatically receive your address.

Computer settings

The rest of the Wi-Fi network security settings concern the computer. Find, as before, the item "Wireless network connection" in the settings and double-click on it. In the window that opens, select "Wireless Network Properties".

There will be three settings:

Connect automatically if the network is in range
Connect to a more suitable network, if available
Connect even if the network is not broadcasting its name (SSID)

For greater security, it is better to uncheck all the boxes and then to connect to Wi Fi you need to enter the network name each time, which only you know. Then no one without you can connect to the network from this computer. But you can leave the first item checked if you do not want to enter data every time. But never leave the second item checked, because then it is possible to connect to someone else's network if it is not protected in any way. And you can collect viruses from someone else's computer.

Conclusion

All security settings are optional and everyone uses them at their own discretion. The main thing is that Wi Fi works and often it is enough to set up a login and password. In devices with Wi Fi, you can see several networks, there will be especially many of them in apartment buildings, but you connect to your own, whose name you specified in the router settings. In order to connect or disconnect from a network, you just need to click on its name in the list of networks. This list is available at the bottom right on the desktop (next to the clock) of the computer under this icon.

article

article on the Kaspersky Lab blog.
VPN Kaspersky Secure Connection
Microsoft support site.

(System Tools → Password).
article.
Click Save (Save).

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section ( Wireless → Basic Settings).
In field Wireless network name (Wireless Network Name
Click Save (Save).

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless mode → Basic settings (Wireless → Basic Settings).
Uncheck Enable SSID Broadcast (Enable SSID Broadcast).
Click Save (Save).

Disable WPS

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the router settings page, go to the section Wireless → WPS (Wireless → WPS).
Click Disable (Disable).

Turn on encryption

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section ( Wireless → Wireless Security).
Select WPA/WPA2-Personal.
In field Version (Authentication Type) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

article.

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2-Personal.
In field Wireless network password (Wireless Password
Click Save (Save).

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section ().
Click Add (Add New).

Included (Enabled).
Click Save (Save).

Click Turn on (enable).
Select ().

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.

In the window Network connections press twice.
In the window State click Wireless network properties.
In the window Wireless network properties go to tab Safety.
Select security type WPA2-Personal article.
Click OK.
Close the window State.

Windows 10, Windows 7, 8, 8.1, 10.

For all products: Software compatible

For all products: Purchase and license

For all products: Before installation

For all products: Getting Started

For all products: Program settings

For all products: Uninstall programs

For all products: Bugs

For all products: Safe Money

For all products: Diagnostics and reports

For all products: My Kaspersky articles

For all products: Articles on Windows

When you connect to a public Wi-Fi network, such as in a coffee shop, the data is transmitted unencrypted. This means that your passwords, logins, correspondence and other confidential information become available to intruders. Email addresses may be used to send spam and your social media page data may be changed.

Home Wi-Fi networks are also at risk. Even the highest level of protection for wireless networks, WPA2 encryption, can be "hacked" by a key re-key attack (KRACK). For more details, see the article on the Kaspersky Lab blog.

When connecting to any Wi-Fi network, always follow these guidelines:

Make sure you have Firewall installed and enabled. This protection component scans network traffic and protects the computer from network attacks.
Firewall is part of the Kaspersky Lab applications: Kaspersky Internet Security, Kaspersky Anti‑Virus, Kaspersky Total Security, Kaspersky Security Cloud, and Kaspersky Small Office Security.
Use a secure HTTPS connection. Make sure your browser has a green or gray padlock icon in the address bar. For more details, see the article on the Kaspersky Lab blog.
Secure your connection with a VPN by adding another layer of encryption. To do this, install Kaspersky Secure Connection on your device and enable secure connection every time you connect to the Internet.
If you are using the Windows operating system, turn off File and Printer Sharing for all public networks that you connect to. Instructions on the Microsoft support site.
Use mobile internet instead of public Wi-Fi whenever possible.

Create a strong password to access your router

For example, we show the configuration of the TP-Link TL-WR841N router. To change the password for accessing the router:

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section System Tools → Password (System Tools → Password).
Enter the username, old and new password to access the router. Recommendations for creating a strong password in the article.
Click Save (Save).

The password for accessing the router will be changed.

Come up with a unique name (SSID) for the Wi-Fi network

Often, rainbow tables are used to crack passwords. Pre-built rainbow tables for popular SSIDs store millions of possible passwords. If your SSID and password are in such a table, an attacker will be able to instantly recover the network password using special programs.

To increase the security of your home wireless network, consider a non-common SSID.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the Wi-Fi network name:

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless mode → Basic settings (Wireless → Basic Settings).
In field Wireless network name (Wireless Network Name) think up and enter the name of the Wi-Fi network.
Click Save (Save).

The name for the Wi-Fi network will be changed.

Make your Wi-Fi network invisible

Hide the network name in the router settings. Your Wi-Fi network will not appear in the list of available wireless networks. It will be impossible to detect it without special software.

For example, we show the configuration of the TP-Link TL-WR841N router. To make a Wi-Fi network invisible to other devices:

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless mode → Basic settings (Wireless → Basic Settings).
Uncheck Enable SSID Broadcast (Enable SSID Broadcast).
Click Save (Save).

Your Wi-Fi network will be invisible to other devices.

Disable WPS

WPS is designed to make it easy to connect devices to Wi-Fi networks. Using WPS, you can connect to the router without a password. We recommend disabling WPS in the router settings.

For example, we show the configuration of the TP-Link TL-WR841N router. To disable WPS:

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless → WPS (Wireless → WPS).
Click Disable (Disable).

WPS technology will be disabled.

Turn on encryption

The main difference between them is the level of protection. We recommend WPA2 as it is the most secure available.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the wireless encryption type:

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2-Personal.
In field Version (Authentication Type) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

Wi-Fi network encryption will be enabled.

Create a strong Wi-Fi password

Without a password, your Wi-Fi network will be available to everyone. A strong password will not allow unauthorized people to connect to it. Recommendations for creating a strong password in the article.

For example, we show the configuration of the TP-Link TL-WR841N router. To create a password:

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2-Personal.
In field Wireless network password (Wireless Password) think up and enter a password for the Wi-Fi network.
Click Save (Save).

A password for the Wi-Fi network will be generated.

Turn on MAC address filtering

Each device that has a network card or network interface has its own MAC address. Create a list of MAC addresses of trusted devices or deny connections to devices with specific MAC addresses.

For example, we show the configuration of the TP-Link TL-WR841N router. To configure MAC address filtering for trusted devices:

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.
On the login page, enter your username and password. If you have not changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless → MAC Filtering (Wireless → Wireless MAC Filtering).
Click Add (Add New).

Enter MAC address, device description and select status Included (Enabled).
Click Save (Save).

Click Turn on (enable).
Select Allow access to stations specified in enabled rules from the list (Allow the stations specified by any enabled entries in the list to access).

Only those devices whose MAC addresses you have added to the list will have access to the router.

Reduce Wi-Fi signal range

In the router settings, reduce the transmission power to the value when the network signal will be received only within your premises. The reduced range of the Wi-Fi signal will not allow strangers to connect to it.

For example, we show the configuration of the TP-Link TL-WR841N router. To reduce the range of the Wi-Fi signal:

Enter the router's IP address in the browser's address bar. You will be taken to the authorization page for the router settings. The router's IP address is located on the back of the device and in the user manual.

In the window Network connections double click Wireless network connection.
In the window State click Wireless network properties.
In the window Wireless network properties go to tab Safety.
Select security type WPA2-Personal and change the network security key. Recommendations for creating a strong password in the article.
Click OK.
Close the window State.

The Wi-Fi network security key and type will be changed.

After changing your home Wi-Fi network settings, devices will not be able to automatically connect to this network, so you need to reconnect to the wireless network. See the Microsoft support site for Windows 10, Windows 7, 8, 8.1, 10 for detailed instructions.

How to protect your Wi-Fi from neighbors. How to protect your home router from hackers and neighbors

How to secure access to Wi-Fi from external intrusion

Ways to protect Wi-Fi access:

How to protect yourself

Instructions for protecting the router

Disable WPS

General articles: General articles

Open router settings

Create a strong password to access your router

Come up with a unique name (SSID) for the Wi-Fi network

Create a strong password for your Wi-Fi network

Make your Wi-Fi network invisible

Turn on encryption

Hiding the SSID

Turn on encryption

Setting up a MAC address filter

Enable guest access

MAC address filtering

Hiding the network name

Firewall settings

Working hours

Filtering by IP addresses

Computer settings

Conclusion

Disable WPS

Turn on encryption

For all products: Software compatible

For all products: Purchase and license

For all products: Before installation

For all products: Getting Started

For all products: Program settings

For all products: Uninstall programs

For all products: Bugs

For all products: Safe Money

For all products: Diagnostics and reports

For all products: My Kaspersky articles

For all products: Articles on Windows

Create a strong password to access your router

Come up with a unique name (SSID) for the Wi-Fi network

Make your Wi-Fi network invisible

Disable WPS

Turn on encryption

Create a strong Wi-Fi password

Turn on MAC address filtering

Reduce Wi-Fi signal range

Top Related Articles