Neighbors steal Wi-Fi. How to protect your wi-fi router
Security in Wi-Fi networks has been constantly improved since the advent of this wireless technology. Recently, it has developed so much that almost all modern routers are protected from possible attacks by strong passwords, complex encryption methods, built-in firewalls and many other means of protection against intrusions by intruders. But what happens if the encryption algorithms that have so far made Wi-Fi one of the most secure protocols are broken?
This is exactly what happened in the fall of 2017, when Belgian researchers from the University of Leuven found several critical vulnerabilities in the WPA2 protocol and published a detailed report about it. The WPA2 protocol is used to secure most Wi-Fi networks in the world and is considered the most reliable security tool available for mass use.
Content
How to protect your data if Wi-Fi no longer guarantees security?
The fact that WPA has been hacked is alarming news that affects many electronic devices, but there is no cause for alarm.
Essentially, researchers have found a vulnerability in the Wi-Fi protocol that makes wireless traffic potentially eavesdropping on attackers. In other words, anyone can use this flaw in network security to spy on other people’s actions on the Internet, steal credit card numbers, passwords, intercept messages in instant messengers, etc.
Fortunately, manufacturers of many gadgets have already managed to improve and finalize their devices, eliminating the found vulnerability. And besides, WPA2 is far from the only wall of protection between a hacker and users’ personal data.
To hack someone else's Wi-Fi, an attacker, firstly, needs to position his receiving antenna within range of the radio channel, and secondly, most of the information on the Internet is transmitted in encrypted form, and the hacker will not be able to read it in any case. 
The https protocol, which most web servers run on, adds an extra layer of security to your connection, just like using a VPN service.
That's why you should always remember the padlock icon in your browser's address bar. If the small padlock is not displayed there, it means that the site does not use the https protocol, and all information entered into forms, including passwords, may be accessible to third parties.
That's why before you send your home address or payment details anywhere, you should always make sure there is a padlock in the address bar.
Almost immediately after the news of the Wi-Fi protocol vulnerability, all leading software developers released corresponding patches for their products. For example, Microsoft released an update for Windows in October 2017. Apple also patched its macOS and iOS operating systems around the same time.
Google released an update to Android in November, so anyone with a device running the platform should check the About section of their phone or tablet's settings to see when the latest security update was available. If it was performed before November, and the phone has Android 6 or an earlier version of the OS, then an update must be made.
Which wireless security standard should you prefer?
Wireless routers can use a wide range of different protocols to encrypt data. Here are the three main standards that most home and office routers work with:
1.Wired Equivalent Privacy (WEP): This protocol was introduced in 1997 immediately after the development of the 802.11 Wi-Fi standard; Currently, WEP is considered insecure and since 2003 it has been replaced by WPA information security technology with the TKIP encryption method.
2. Temporal Key Integrity Protocol (TKIP). This standard is also obsolete and is gradually falling out of use. But unlike WEP, it can still be found in the firmware of many models of modern equipment.
3.Advanced Encryption Standard (AES). This standard was introduced immediately after TKIP in 2004, along with the updated and improved WPA2 connection certification system. Routers that work specifically with this technology should be given preference when choosing new network equipment. Gadgets connected to a wireless network must also support AES in order to interact properly with such routers. Despite the vulnerability mentioned above, WPA2 is still considered the best Wi-Fi security method. Currently, router manufacturers and ISPs typically use WPA2 as a standard; some of them use a combination of WPA2 and WPA to make it possible to work with the widest range of wireless gadgets.
In the technical documentation for routers you can also sometimes find the letters PSK, which stand for Pre-Shared-Key or Personal Shared Key. When given a choice, it is always better to give preference to models with WPA2-PSK (AES) instead of WPA2-PSK (TKIP), but if some older gadgets cannot connect to the router, then you can go for WPA2-PSK (TKIP). TKIP technology uses the modern WPA2 encryption method, leaving older devices that depend on TKIP the ability to connect to wireless routers.
How to secure your Wi-Fi
Disabling WPS
WPS stands for Wi-Fi Protected Setup and is a standard and protocol that was created to make setting up wireless connections easier. Despite its practicality and functionality, this solution contains a serious flaw: the eight-digit PIN code, consisting only of numbers, is easily broken by primitive guessing methods, and this creates a convenient starting point for hackers who want to take over someone else's Wi-Fi.
To find out whether or not a wireless router uses the WPS protocol, you need to take a closer look at the box in which it comes: WPS support is indicated by the presence of a special logo on the packaging and a separate physical button on the device body. From the point of view of protection against hacking, it is better to disable this protocol and never use it.
Securing your private WiFi network is the most important aspect when creating a HomeGroup. The fact is that the access point has a fairly large range of action, which can be taken advantage of by attackers. What to do to prevent this? How to protect a private wireless network from attacks by unscrupulous people? This is exactly what this article will discuss.
How to protect your home WiFi networks
Before moving on to the question of how to secure your private home WiFi network, you should understand how it works. So, to organize a home wireless network, as a rule, a router is used, which acts as an access point. In order to become a member of the group you need to connect to it.
This suggests that to protect confidential information, it is necessary to deny access to the router to unauthorized people. How is this done? There are several points here:
- A long and complex password to enter the router settings menu.
- A strong password for connecting to a Wi-Fi network.
- Selecting a secure encryption type.
- Using a MAC filter.
- Access settings in the operating system.
As you can see, there are quite a lot of security settings. This is necessary, since protecting the confidentiality of the Wi-Fi network depends on it. However, most of them are in the router settings.
So, let's look at all these points in order.
WiFi network protection: Video
Key to enter the router settings menu
Since almost all security settings are set in the router, we need to come up with a complex password to enter the settings system. In addition, a login is used here, which must also be original and complex. How to do this?
First of all, it is worth noting that each router has a different interface, but the principle of operation is almost the same for all. We will look at how to change the router login password using the D-LinkDIR-615 model as an example.
First, connect to the router wirelessly or via cable. After that, open a browser and enter the address of your router in the address bar. It is indicated on the bottom cover of the device, as well as in the instructions.
How to easily find out the IP address of a WiFi router: Video
In the overwhelming majority, this is the following address - 192.168.0.1 (the following addresses can also be used - 192.168.1.1 or 192.168.2.1).
After entering the address, the system will prompt you to enter your login and password. Initially specified as admin, admin respectively. It is these values that will now need to be changed, since the manufacturer uses an insecure login and key so that the user can easily enter the settings and change the data at his discretion.
After entering, press “Enter”. Here we are in the router settings menu. At the bottom of the screen you need to click “Advanced settings”. Several additional sections will appear, among which you need to find “System” and select “Administrator Password” in it. This is the very key that we need to change.
In the window that appears, you just need to enter a new password and confirm it. Next, just click “Apply”. This completes the process of changing the key, and now the security of your home wireless WiFi network has become higher.
How to find out the password for your WiFi connection in the router settings: Video
Please note that this router model does not allow you to change the administrator login. However, devices from other manufacturers or even just other models allow you to set any login to log into the system.
Wi-Fi network key
A very important parameter on which the protection of information in Wi-Fi networks depends is the network password. It prevents unauthorized attackers from connecting to the router via wireless communication. That is why the network key must be long and complex.
It is worth noting that initially the router does not have Wi-Fi connection protection at all. In other words, anyone within the coverage area can connect to the device without entering passwords.
To fix this, we need to go back to the router settings menu. Now we are interested in the “WiFi” section, in which we need to find and open the security settings. In the window that opens, we will need to select the encryption type (type of authentication). This is also an important parameter that affects network security.
So, select the encryption type WPA-PSKWPA2-PSKmixed. This is the recommended secure authentication type and provides the most security. A line will appear below in which you must enter the network key. Enter the invented values. It is recommended to use a mixture of Latin letters and numbers. Moreover, the number of characters must be at least 8-12.
Router MAC filter
Each device equipped with a network adapter, computer, laptop, smartphone, tablet, etc., has a unique MAC address. In order to increase network security, it is recommended to install a filter for such addresses. In other words, in the router settings you can allow connections only to trusted devices by specifying their addresses.
To do this, go to the router settings menu again. In the “WiFi” section we find the MAC filter and open it. The window that appears has two tabs:
- Filter mode.
- MAC addresses.
The first is the regime. Here you can choose one of three options:
- Allow – the specified MAC addresses will be allowed access to the network. Everyone else will not be able to connect to the group.
- Deny – denies network access to the specified addresses.
- Disable – filter mode is disabled.
In the first tab, select the appropriate mode. And in the second we enter the required MAC addresses. If you select the “Allow” mode, you must enter the addresses of only trusted computers. If the “Deny” mode is set, then you only need to enter the addresses of third-party PCs.
How to set up a MAC filter in a router: Video
Setting up access in the OS
The operating system also has built-in data protection features. In order to increase security, we need to enter the Network and Sharing Center. This is done by right-clicking on the connection icon in the tray.
In the window that opens, you need to open the “Change sharing settings” item. A menu will open in which you can configure access, enable or disable PC detection on the network, and much more. First of all, you need to enable password protected access. In this case, the system will independently generate a complex password. Write it down, because if you later want to provide access to any files, you will need it.
In order to configure maximum system protection, you should disable access in all points. There is nothing complicated here, carefully read the prompts on the screen.
So, now you know how to protect your private WiFi network from intruders. Now no one else will be able to connect to your group and harm information or steal important data.
How to determine who is connected to the network
We've sorted out the security settings. Now we can move on to the question of how to determine who will connect to my home WiFi network. It's very simple. The router registers the MAC address of each group member. Therefore, we just have to go into the router settings and look at the statistics. We are again interested in the “WiFi” section, only now we select the “Station List” item. If you are using a TP-LINK router, then you need the “Statistics” section.
The station list displays the MAC addresses of everyone currently connected to the network. Here you can disconnect one or another connection. As we already know, every computer has a unique MAC address. Now you know how to check who is connected to my private WiFi network.
To find out the value that your computer is using, just go to the Network and Sharing Center. You will see your connection in the center of the screen that appears. In the right half you will see the “Connect or disconnect” section, and a little lower - the type of access and connection. Click on the connection type and select “Details” in the menu that appears. Here you will find the "Physical Address" line. This is the MAC address of your network adapter.
How to find out who is using my WiFi: Video
I have more than 10 years of experience in the IT field. I am engaged in designing and setting up commissioning works. We also have extensive experience in building networks, system administration and working with access control and video surveillance systems.
I work as a specialist at the Techno-Master company.
Password and MAC address filtering should protect you from hacking. In fact, safety largely depends on your caution. Inappropriate security methods, uncomplicated passwords, and a careless attitude toward strangers on your home network provide attackers with additional attack opportunities. In this article, you will learn how to crack a WEP password, why you should abandon filters, and how to secure your wireless network from all sides.
Protection from uninvited guests
Your network is not secure, therefore, sooner or later, an outsider will connect to your wireless network - perhaps not even on purpose, since smartphones and tablets can automatically connect to unsecured networks. If he just opens several sites, then, most likely, nothing bad will happen except for the consumption of traffic. The situation will become more complicated if a guest starts downloading illegal content through your Internet connection.
If you have not yet taken any security measures, then go to the router interface through a browser and change your network access data. The router address usually looks like: http://192.168.1.1. If this is not the case, then you can find out the IP address of your network device through the command line. In the Windows 7 operating system, click on the “Start” button and enter the “cmd” command in the search bar. Call up the network settings with the “ipconfig” command and find the “Default gateway” line. The specified IP is the address of your router, which must be entered in the address bar of the browser. The location of your router security settings varies by manufacturer. As a rule, they are located in a section with the name “WLAN | Safety".
If your wireless network uses an unsecured connection, you should be especially careful with content that is located in shared folders, since if it is not protected, it will be available to other users. At the same time, in the Windows XP Home operating system, the situation with shared access is simply catastrophic: by default, passwords cannot be set here at all - this function is present only in the professional version. Instead, all network requests are made through an unsecured guest account. You can secure your network in Windows XP using a small manipulation: launch the command line, enter “net user guest YourNewPassword” and confirm the operation by pressing the “Enter” key. After restarting Windows, you will be able to access network resources only if you have a password; however, finer tuning in this version of the OS, unfortunately, is not possible. Managing sharing settings is much more convenient in Windows 7. Here, to limit the number of users, just go to the “Network and Sharing Center” in the Control Panel and create a password-protected home group.
The lack of proper protection in a wireless network is a source of other dangers, since hackers can use special programs (sniffers) to identify all unprotected connections. This way, it will be easy for hackers to intercept your identification data from various services.
Hackers
As before, the two most popular security methods today are MAC address filtering and hiding the SSID (network name): these security measures will not keep you safe. In order to identify the name of the network, an attacker only needs a WLAN adapter, which switches to monitoring mode using a modified driver, and a sniffer - for example, Kismet. The attacker monitors the network until a user (client) connects to it. It then manipulates the data packets and thereby kicks the client off the network. When the user reconnects, the attacker sees the network name. It seems complicated, but in fact the whole process only takes a few minutes. Bypassing the MAC filter is also easy: the attacker determines the MAC address and assigns it to his device. Thus, the connection of an outsider remains unnoticed by the network owner.
If your device only supports WEP encryption, take immediate action - such a password can be cracked even by non-professionals in a few minutes.
Particularly popular among cyber fraudsters is the Aircrack-ng software package, which, in addition to the sniffer, includes an application for downloading and modifying WLAN adapter drivers, and also allows you to recover the WEP key. Well-known hacking methods are PTW and FMS/KoreK attacks, in which traffic is intercepted and a WEP key is calculated based on its analysis. In this situation, you have only two options: first, you should look for the latest firmware for your device, which will support the latest encryption methods. If the manufacturer does not provide updates, it is better to refuse to use such a device, because in doing so you are jeopardizing the security of your home network.
The popular advice to reduce Wi-Fi range only gives the appearance of protection. Neighbors will still be able to connect to your network, but attackers often use Wi-Fi adapters with a longer range.
Public hotspots
Places with free Wi-Fi attract cyber fraudsters because huge amounts of information pass through them, and anyone can use hacking tools. Public hotspots can be found in cafes, hotels and other public places. But other users of the same networks can intercept your data and, for example, take control of your accounts on various web services.
Cookie Protection. Some attack methods are truly so simple that anyone can use them. The Firesheep extension for the Firefox browser automatically reads and lists the accounts of other users, including Amazon, Google, Facebook and Twitter. If a hacker clicks on one of the entries in the list, he will immediately have full access to the account and will be able to change the user's data at his discretion. Firesheep does not crack passwords, but only copies active, unencrypted cookies. To protect yourself from such interceptions, you should use the special HTTPS Everywhere add-on for Firefox. This extension forces online services to always use an encrypted connection via HTTPS if supported by the service provider's server.
Android protection. In the recent past, widespread attention has been drawn to a flaw in the Android operating system, due to which scammers could gain access to your accounts in services such as Picasa and Google Calendar, as well as read your contacts. Google fixed this vulnerability in Android 2.3.4, but most devices previously purchased by users have older versions of the system installed. To protect them, you can use the SyncGuard application.
WPA 2
The best protection is provided by WPA2 technology, which has been used by computer equipment manufacturers since 2004. Most devices support this type of encryption. But, like other technologies, WPA2 also has its weak point: using a dictionary attack or the bruteforce method, hackers can crack passwords - however, only if they are unreliable. Dictionaries simply go through the keys stored in their databases - as a rule, all possible combinations of numbers and names. Passwords like “1234” or “Ivanov” are guessed so quickly that the hacker’s computer doesn’t even have time to warm up.
The bruteforce method does not involve using a ready-made database, but, on the contrary, selecting a password by listing all possible combinations of characters. In this way, an attacker can calculate any key - the only question is how long it will take him. NASA, in its security guidelines, recommends a password of at least eight characters, and preferably sixteen. First of all, it is important that it consists of lowercase and uppercase letters, numbers and special characters. It would take a hacker decades to crack such a password.
Your network is not yet fully protected, since all users within it have access to your router and can make changes to its settings. Some devices provide additional security features that you should also take advantage of.
First of all, disable the ability to manipulate the router via Wi-Fi. Unfortunately, this feature is only available on certain devices, such as Linksys routers. All modern router models also have the ability to set a password for the management interface, which allows you to restrict access to settings.
Like any program, the router firmware is imperfect - small flaws or critical holes in the security system are not excluded. Usually information about this instantly spreads across the Internet. Check regularly for new firmware for your router (some models even have an automatic update feature). Another advantage of flashing firmware is that it can add new functions to the device.
Periodic analysis of network traffic helps to recognize the presence of uninvited guests. In the router management interface you can find information about which devices connected to your network and when. It is more difficult to find out how much data a particular user has downloaded.
Guest access - a means of protecting your home network
If you protect your router with a strong password using WPA2 encryption, you will no longer be in any danger. But only until you share your password with other users. Friends and acquaintances who, with their smartphones, tablets or laptops, want to access the Internet through your connection are a risk factor. For example, the possibility that their devices are infected with malware cannot be ruled out. However, you won't have to refuse your friends because of this, since top-end router models, such as the Belkin N or Netgear WNDR3700, provide guest access specifically for such cases. The advantage of this mode is that the router creates a separate network with its own password, and the home one is not used.
Security Key Reliability
WEP (WIRED EQUIVALENT PRIVACY). Uses a pseudo-random number generator (RC4 algorithm) to obtain the key, as well as initialization vectors. Since the latter component is not encrypted, it is possible for third parties to intervene and recreate the WEP key.
WPA (WI-FI PROTECTED ACCESS) Based on the WEP mechanism, but offers a dynamic key for enhanced security. Keys generated using the TKIP algorithm can be cracked using the Bek-Tevs or Ohigashi-Moriya attack. To do this, individual packets are decrypted, manipulated, and sent back to the network.
WPA2 (WI-FI PROTECTED ACCESS 2) Uses the reliable AES (Advanced Encryption Standard) algorithm for encryption. Along with TKIP, the CCMP protocol (Counter-Mode/CBC-MAC Protocol) has been added, which is also based on the AES algorithm. Until now, a network protected by this technology could not be hacked. The only option for hackers is a dictionary attack or “brute force method”, where the key is guessed by guessing, but with a complex password it is impossible to guess it.
Today, every third user of the World Wide Web is widely used to connect the entire home, offering high-speed Internet access to all devices. And that’s right, why not use this opportunity when, sitting in a chair, lying on the sofa or in bed before going to bed, you have access to the Internet from a smartphone or.
In this whole practically beneficial situation, there is one big “BUT” - users very rarely follow the security rules that directly relate to access to Wi-Fi. As time passes, we begin to notice that the speed of the Internet connection has decreased, and the printer suddenly began to be interested in “nude photos”, occasionally printing them! The actions of a “prankster” who has connected to your network are not limited to simple access to the Internet or to a printer; with a little skill, more confidential information becomes available to a third-party user, for example, your funds in electronic wallets. Therefore, protecting the wireless network and yourself personally is task number one, especially for users living in an apartment building.
How to secure Wi-Fi access from external intrusion
Typically, a user, noticing incorrect computer operation related to the network, rushes to apply a reset. This is apparently similar to a system unit that suddenly froze. And here, we are looking for a thin object to get to the hidden “Reset” button on the network equipment case. Often, such actions save for a short time, and the situation is in a hurry to repeat itself...
Ways to protect Wi-Fi access:
- The main step towards security will be to simply change your access password. After all, after configuration by a specialist (or self-configuration), the equipment continues to store factory credentials. And here, you don’t have to be a “computer genius” to enter the settings panel via the web interface!
Note! Not all equipment models have the ability to configure the router control panel, so the following advice is more practical to implement. - The next request concerns the network access password. Users are careless when choosing this cipher. Sometimes we refer to our weak memory, but at the same time we reset it with enviable consistency!
Therefore, it is better to configure the WPA2 encryption algorithm once and come up with a 10-digit password that you will change at least occasionally. For it, select a random set of letters and numbers, and simply write down the combination you came up with on a piece of paper or on the box from the router.
Note! Don't create readable passwords. Last names and first names in the English layout are difficult to come up with, but easy to find! - Next, it would be a good idea to abandon the WPS function, which creates a digital PIN code for new devices. The function is active by default on most access point models. If you don’t have to constantly connect different smartphones or tablets, then there won’t be any difficulties.
Note! Even if there is a need to regularly connect new gadgets, it is enough to enter the access password every time! Low cost for home network security. - The next recommendation is more about attentiveness. Get into the habit of correctly leaving the router’s web interface, that is, not just closing the browser tab, but rather “exiting the control panel.”
This precaution is associated with some features of Internet browsers. When visiting pages, browsers save cache and cookies, which are responsible for storing temporary files and resource information. You may have previously noticed that after leaving the site, re-authorization is not required. So this is another loophole for a random attacker!
Note! It would be a good idea to get into the habit of clearing the cache and cookie of the browser you actively use (read how to do this in the article:,). - The following steps are more likely to be addressed to experienced users, as they carry some risk. So, first we’ll change the router’s subnet, since it is set by default and is known to many. Typically, it is an address:
- 192.168.0.0
- 192.168.1.0
- 192.168.1.1
Moreover, the address is indicated on the device body; nothing prevents us from changing the IP address via the web interface and giving the local subnet a new name, different from the factory one.
