Creating a secure wi-fi network

At first glance, creating a reliably protected Wi-Fi network is very difficult. It is necessary to purchase the “correct” equipment, set up an authentication server, take care of accounting for Internet traffic and protection from external attacks through a firewall.

All this can take a lot of time and money. In this article I will talk about one of the cheapest and easiest ways to create a secure wireless network with a shared Internet connection.

Part 1. A little about security

The reason for the vulnerability of wireless networks lies in the principle of their operation: it is much easier to intercept data transmitted over a radio channel than with a conventional cable connection. This does not require expensive equipment and can be done with a regular laptop, a couple of hacking tools (such as airodump and aircrack) and a good wi-fi hacking guide (like here). Therefore, the wireless network must be maximally protected from various types of attacks: unauthorized connections, interception and eavesdropping of traffic, theft of important information, “false” access points, etc.

Today, the WPA (Wi-Fi Protected Access) security standard is recognized as the most reliable for wireless networks. Initial protection of a wi-fi network can be ensured using the WPA-PSK (Pre-Shared Key) mode, when a communication session key - Pre-Shared Key, reminiscent of a regular password, is manually entered on the access point and on the user's computer. The potential vulnerability of WPA-PSK arises from the fact that in real networks the passphrase rarely changes and is the same for all users on the network. If you have time and a powerful computer, choosing such a password will not be difficult.

More reliable network security is achieved when using WPA Enterprise mode, when an authentication server (RADIUS server) is installed on the network, which checks user access rights. In this case, the wireless access point will block all connections to the wireless network until the username and password entered by the user are verified by the authentication server. If the user is not in the RADIUS server database, then he will not be able to connect to the Wi-Fi network.

Maximum wireless network security is ensured by the use of digital certificates and the EAP-TLS (Extensible Authentication Protocol - Transport Level Security) authentication method. In this case, the user’s computer and the RADIUS server verify each other using pre-generated digital certificates, which is guaranteed to protect your network from unauthorized connections, and users from “false” access points introduced by hackers.

For even more reliable protection of transmitted data, you can create an external protective shell of a wireless network using VPN (Virtual Private Network) technology over WPA, which will add a second level of traffic encryption.

And finally, you can protect yourself from unauthorized access points that your employees secretly install using special network equipment that can detect such devices and generate appropriate reports.

Few people can build such a wireless network security system: you need, at a minimum, to correctly configure a wireless access point and a RADIUS authorization server, create a User Database, develop a management system for this database and digital certificates, and most importantly, combine all these components into a single network .

But, despite the apparent complexity, creating the most secure Wi-Fi network is quite easy. To do this, you don’t have to be a guru in information security and wireless standards. Everything can be done in an hour and a half, having:

• separate computer;
• a wireless access point that supports WPA, WPA2 and authorization on a RADIUS server (these characteristics of the access point can be found in its documentation or from consultants at a computer store);
• Esomo program, which will play the role of a RADIUS server, as well as a public Internet access server. Official website of the program developer: www.esomoline.com. To protect the wireless network, Esomo uses the EAP-TLS protocol, which provides user authentication on the built-in RADIUS server and mutual authentication between the Esomo RADIUS server and user computers using digital certificates.

Part 2. An example of creating a secure wireless network

Now let's look at an example of organizing a local Wi-Fi network based on Esomo. The network includes 11 computers, a Linksys wireless access point and is connected to the Internet via an ADSL modem.

First of all, download Esomo from the developer’s website (distribution size 135 MB) and install the server part of the program on a separate computer with two network cards. This will be our RADIUS server, as well as a VPN server and an Internet access server, which will allow you to limit user traffic, view access statistics and traffic costs. Esomo does not require an operating system to operate, because... The program already includes the freely distributed FreeBSD OS. Step-by-step instructions for installing Esomo can be found here.

After installing the program, connect the computer with Esomo and the wireless access point to the network switch. Through the second network interface we connect the Esomo server to the ADSL modem (or to the cable if you have a dedicated line). On any Windows computer on the local network (also connected to a network switch), launch Esomo Workstation and connect to the Esomo server.

You can create a secure wireless network based on Esomo in 4 simple steps. First, we'll set up Esomo to work with a wireless network. Then we will configure the wireless access point and user computers. And finally, let's connect to the Wi-Fi network and establish a VPN connection with the Esomo server to create a second level of protection for wireless traffic. After this, you can safely work on Wi-Fi networks and the Internet. So let's get started.

Step 1: Setting up the Esomo server

First of all, we will issue a permanent IP address to the wireless access point to work in our network. To do this, add the access point to the static DHCP list (the MAC address of the access point is usually indicated on the sticker on it). Let's apply the settings.

Now let’s add a wireless access point to the list of access points on the Esomo server and specify a secret key (password) for it. This is necessary to establish a secure connection between the access point and Esomo. Let's apply the settings.

In order for network users to access the Internet, and for Esomo to take into account their traffic, it is necessary to create a tariff that determines the cost of 1 MB of traffic or 1 minute of Internet connection. To do this, in the “Tariffs” section, we will add a new tariff, determining the cost of 1 MB of incoming traffic, for example, 1 ruble.

Since at the time of writing Esomo allows Internet access only to users who have a tariff and funds on an individual account, let’s go to the “Users” section and double-click on the testuser user, assign him the previously created tariff and add 500 rubles to his account.

This completes the Esomo server setup. We leave the Esomo Workstation window open and proceed to setting up a wireless access point.

Step 2: Setting up a wireless access point

You can access the wireless network only after successful authorization on the Esomo server, so you must first configure the wireless access point to work with the RADIUS server. To do this, connect to the access point through a web browser using the IP address that we previously assigned to it through Esomo Workstation on the “DHCP” tab. We will specify WPA-Enterprise as the operating mode of the access point, TKIP as the encryption protocol, and the IP address of the computer with Esomo as the RADIUS server. We will also check that the secret key specified in the settings of the access point (Shared Secret) matches the key specified for the access point in Esomo Workstation (section "Wi-Fi", tab "Access Points").

Below is a screenshot of the Linksys access point settings.

Step 3: Setting up the user's computer

For two-way authentication between the user's computer and the Esomo server, it is necessary to install digital certificates on the user's PC and configure his wireless adapter to work using the EAP-TLS protocol.

User authorization on the Esomo server occurs with the participation of two digital certificates: root and user. These certificates must be obtained through Esomo AWS and installed on your computer. To do this, go to the “Wi-Fi” section on the “Certificates” tab and save the root certificate and the testuser user certificate to our computer.

Now let's install the received digital certificates. To do this, just double-click on the certificate and follow the instructions of the Certificate Import Wizard.

There shouldn't be any difficulties installing the root certificate: leave all the default settings and just click the "Next" and "Finish" buttons. But during the installation of a certificate for the testuser user, you will need to enter the testuser password that protects this certificate.

The Esomo server already contains ready-made certificates, so there is no need to install anything there.

Next, we’ll configure our PC’s wireless network adapter to work with the Esomo RADIUS server using the EAP-TLS protocol. To do this, in the settings of the wireless adapter, we will specify to use TKIP encryption and WPA authentication using digital certificates.

From the list of trusted root certification authorities, select the root certificate previously installed on our computer.

So, all settings are completed and the wireless network is ready to work. We disconnect our computer from the network switch and try to connect to the wi-fi network. After searching for available networks, the wireless adapter will detect our secure network. After successful authentication using digital certificates and verification on the RADIUS server, our computer will connect to the wi-fi network. It remains to take the last step towards super-protection of our wireless network.

Step 4. Creating a second level of protection - establishing a VPN connection with traffic encryption

Maximum protection for wireless traffic on a network with Esomo is achieved by using VPN technology over an already established wireless connection using the WPA protocol, which adds a second level of traffic encryption. The VPN connection between the user's computer and the Esomo server is created automatically. You just need to open a web browser and type the address of any existing site, for example, www.google.ru. On the Esomo login page, enter testuser in both fields of the form and click the “Connect” button.

After successfully checking the login and password, a VPN connection will be established between our PC and the Esomo server. Now you can surf the Internet safely. All transmitted traffic will be encrypted not only by WPA, but also by VPN. And through Esomo AWS, you can view the statistics of “pumped up” traffic at any time and import it into MS Excel in a couple of clicks.

After checking that everything works, we will connect the remaining computers to the wireless network and provide users with Internet access. To do this, we will create new users through Esomo AWS and assign them the previously added tariff. Then we will create digital certificates for these users and install a root certificate and their own user certificate on each user’s computer. Also, do not forget to configure the wireless adapter on each user’s computer to work with the RADIUS server using the EAP-TLS protocol.

This completes the setup of a wireless network with shared Internet access. It took me less than two hours to do everything. Agree that using other means it would be problematic to organize a well-protected Wi-Fi network with such a minimal investment of time and effort. At the same time, Esomo works perfectly as a RADIUS server and Internet access server not only in wi-fi networks, but also in wired and mixed LANs, when some network segments are connected via cable, and others via wi-fi.

This article is devoted to the issue of security when using wireless WiFi networks.

Introduction - WiFi Vulnerabilities

The main reason why user data is vulnerable when this data is transmitted over WiFi networks is that the exchange occurs over radio waves. And this makes it possible to intercept messages at any point where a WiFi signal is physically available. Simply put, if the signal of an access point can be detected at a distance of 50 meters, then interception of all network traffic of this WiFi network is possible within a radius of 50 meters from the access point. In the next room, on another floor of the building, on the street.

Imagine this picture. In the office, the local network is built via WiFi. The signal from this office's access point is picked up outside the building, for example in a parking lot. An attacker outside the building can gain access to the office network, that is, unnoticed by the owners of this network. WiFi networks can be accessed easily and discreetly. Technically much easier than wired networks.

Yes. To date, means of protecting WiFi networks have been developed and implemented. This protection is based on encrypting all traffic between the access point and the end device that is connected to it. That is, an attacker can intercept a radio signal, but for him it will be just digital “garbage”.

How does WiFi protection work?

The access point includes in its WiFi network only the device that sends the correct password (specified in the access point settings). In this case, the password is also sent encrypted, in the form of a hash. The hash is the result of irreversible encryption. That is, data that has been hashed cannot be decrypted. If an attacker intercepts the password hash, he will not be able to obtain the password.

But how does the access point know whether the password is correct or not? What if she also receives a hash, but cannot decrypt it? It's simple - in the access point settings the password is specified in its pure form. The authorization program takes a blank password, creates a hash from it, and then compares this hash with the one received from the client. If the hashes match, then the client’s password is correct. The second feature of hashes is used here - they are unique. The same hash cannot be obtained from two different sets of data (passwords). If two hashes match, then they were both created from the same set of data.

By the way. Thanks to this feature, hashes are used to control data integrity. If two hashes (created over a period of time) match, then the original data (during that period of time) has not been changed.

However, despite the fact that the most modern method of securing a WiFi network (WPA2) is reliable, this network can be hacked. How?

There are two methods for accessing a network protected by WPA2:

1. Selection of a password using a password database (so-called dictionary search).
2. Exploitation of a vulnerability in the WPS function.

In the first case, the attacker intercepts the password hash for the access point. The hashes are then compared against a database of thousands or millions of words. A word is taken from the dictionary, a hash is generated for this word and then this hash is compared with the hash that was intercepted. If a primitive password is used on an access point, then cracking the password of this access point is a matter of time. For example, an 8-digit password (8 characters long is the minimum password length for WPA2) is one million combinations. On a modern computer, you can sort through one million values ​​in a few days or even hours.

In the second case, a vulnerability in the first versions of the WPS function is exploited. This feature allows you to connect a device that does not have a password, such as a printer, to the access point. When using this feature, the device and access point exchange a digital code and if the device sends the correct code, the access point authorizes the client. There was a vulnerability in this function - the code had 8 digits, but only four of them were checked for uniqueness! That is, to hack WPS you need to search through all the values ​​that give 4 digits. As a result, hacking an access point via WPS can be done in just a few hours, on any weakest device.

Setting up WiFi network security

The security of the WiFi network is determined by the settings of the access point. Several of these settings directly affect network security.

WiFi network access mode

The access point can operate in one of two modes - open or protected. In case of open access, any device can connect to the access point. In the case of protected access, only the device that transmits the correct access password is connected.

There are three types (standards) of WiFi network protection:

• WEP (Wired Equivalent Privacy). The very first standard of protection. Today it actually does not provide protection, since it can be hacked very easily due to the weakness of the protection mechanisms.
• WPA (Wi-Fi Protected Access). Chronologically the second standard of protection. At the time of creation and commissioning, it provided effective protection for WiFi networks. But at the end of the 2000s, opportunities were found to hack WPA protection through vulnerabilities in the security mechanisms.
• WPA2 (Wi-Fi Protected Access). The latest protection standard. Provides reliable protection when certain rules are followed. To date, there are only two known ways to break WPA2 security. Dictionary password brute force and a workaround using the WPS service.

Thus, to ensure the security of your WiFi network, you must select the WPA2 security type. However, not all client devices can support it. For example, Windows XP SP2 only supports WPA.

In addition to choosing the WPA2 standard, additional conditions are required:

Use AES encryption method.

The password to access the WiFi network must be composed as follows:

1. Use letters and numbers in the password. A random set of letters and numbers. Or a very rare word or phrase that is meaningful only to you.
2. Not use simple passwords like name + date of birth, or some word + a few numbers, for example lena1991 or dom12345.
3. If you need to use only a digital password, then its length must be at least 10 characters. Because an eight-character digital password is selected using a brute force method in real time (from several hours to several days, depending on the power of the computer).

If you use complex passwords in accordance with these rules, then your WiFi network cannot be hacked by guessing a password using a dictionary. For example, for a password like 5Fb9pE2a(random alphanumeric), maximum possible 218340105584896 combinations. Today it is almost impossible to select. Even if a computer were to compare 1,000,000 (million) words per second, it would take almost 7 years to iterate over all the values.

WPS (Wi-Fi Protected Setup)

If the access point has the WPS (Wi-Fi Protected Setup) function, you need to disable it. If this feature is required, you must ensure that its version is updated to the following capabilities:

1. Using all 8 PIN code characters instead of 4, as was the case in the beginning.
2. Enable a delay after several attempts to send an incorrect PIN code from the client.

An additional option to improve WPS security is to use an alphanumeric PIN code.

Public WiFi Security

Today it is fashionable to use the Internet via WiFi networks in public places - in cafes, restaurants, shopping centers, etc. It is important to understand that using such networks may lead to theft of your personal data. If you access the Internet through such a network and then log in to a website, your data (username and password) may be intercepted by another person who is connected to the same WiFi network. After all, on any device that has passed authorization and is connected to the access point, you can intercept network traffic from all other devices on this network. And the peculiarity of public WiFi networks is that anyone can connect to it, including an attacker, and not only to an open network, but also to a protected one.

What can you do to protect your data when connecting to the Internet via a public WiFi network? There is only one option - to use the HTTPS protocol. This protocol establishes an encrypted connection between the client (browser) and the site. But not all sites support the HTTPS protocol. Addresses on a site that supports the HTTPS protocol begin with the https:// prefix. If the addresses on a site have the http:// prefix, this means that the site does not support HTTPS or does not use it.

Some sites do not use HTTPS by default, but have this protocol and can be used if you explicitly (manually) specify the https:// prefix.

As for other cases of using the Internet - chats, Skype, etc., you can use free or paid VPN servers to protect this data. That is, first connect to the VPN server, and only then use the chat or open website.

WiFi Password Protection

In the second and third parts of this article, I wrote that when using the WPA2 security standard, one of the ways to hack a WiFi network is to guess the password using a dictionary. But there is another opportunity for an attacker to obtain the password to your WiFi network. If you store your password on a sticky note glued to the monitor, this makes it possible for a stranger to see this password. And your password can be stolen from a computer connected to your WiFi network. This can be done by an outsider if your computers are not protected from access by outsiders. This can be done using malware. In addition, the password can be stolen from a device that is taken outside the office (house, apartment) - from a smartphone, tablet.

Thus, if you need reliable protection for your WiFi network, you need to take steps to securely store your password. Protect it from access by unauthorized persons.

If you found this article useful or simply liked it, then do not hesitate to financially support the author. This is easy to do by throwing money at Yandex Wallet No. 410011416229354. Or on the phone +7 918-16-26-331 .

Even a small amount can help write new articles :)

Hello! I decided to prepare an article in which to collect all the basic and most importantly effective tips and answer your question, how to protect a Wi-Fi network. Who will we protect from? From neighbors, of course, but if you need to protect your Wi-Fi network in the office, then from colleagues from a neighboring company :). But seriously, the issue of protecting wireless networks is very relevant now, I drew conclusions from the article in which I described it. The article quickly became popular and received many comments.

Set a password to access the Wi-Fi router settings

This is the first thing you need to do when setting up security for your wireless Wi-Fi network. In the router settings, look for the “System Tools” tab, then go to the “Password” tab.

Enter the old login and password, then in the form below enter the new access name and the new password twice. Create a good and complex password. Consisting of letters and numbers. And most importantly, remember it yourself :). To save, click “Save”. We continue to configure Wi-Fi network protection.

Set a password for the Wi-Fi network and set the encryption type

It is imperative that you specify the type of encryption you will use for the network and set a strong password. Well, unless you have some kind of cafe and you want to provide open access to Wi-Fi for visitors.

Go to the “Wireless” tab, and “Wireless Security”. Next to the WPA/WPA2 – Personal protocol, put a check mark, set the settings as in the screenshot below and in the line opposite “PSK Password:” we come up with a good password. This password will be used to connect to Wi-Fi. To save, click “Save”.

The router will offer to reboot it, but if you are still making settings, you don’t have to reboot for now. But the new settings will only work after a reboot.

Another great way to protect yourself. We hide the name of the Wi-Fi network, and you can connect to it only if you know what it is called. Your network will not appear in the list of available networks.

We search and go to the “Wireless” tab. And in order to hide the SSID, simply uncheck the “Enable SSID Broadcast” item. That's it, it's simple. Click the “Save” button to save the changes.

Enable device filtering by MAC address

Enabling this function will allow you to connect to the router only those devices whose MAC addresses are specified in the settings and are allowed. This is very effective protection, but if you often connect new devices, it will not be very convenient to go into the router settings and enter the MAC address of the device every time.

First, you need to find out the MAC addresses of the devices that you want to allow to connect to the Wi-Fi network. They can be viewed in the settings, read more. If this is a phone or tablet, then you can see the address in the settings, in the “About phone” section. And if the device is already connected to the router, then all the necessary information can be found on the “DHCP” - “DHCP Clients List” tab.

So, go to the “Wireless” tab, and go to “Wireless MAC Filtering”. First, enable this service by clicking on the “Enable” button. Then check the box next to the item “Allow the stations specified by any enabled entries in the list to access.”. This means that only devices that are on the list will be able to connect to Wi-Fi.

And click the “Add New...” button in order to add the MAC addresses of devices that need to be allowed access. Enter the MAC address, description (optional), leave the status Enable (allow) and click the “Save” button.

In this way we add all the devices that you want to allow to connect to your router.

Disable QSS (WPS) service

I wrote in detail about this service and how to use it in the article. But if you do not connect new devices very often and it is not difficult for you to enter the password for the Wi-Fi network, then it is better to disable this service.

To disable, go to the “QSS” tab; for you it may also be called “WPS”, or something like that. And click the “Disabled QSS” button.

This was the last point that I advise you to do to completely protect the Wi-Fi network on your router. All that remains is to reboot the router by clicking on the “click here” link, or do it with a button on the router itself.

That's it friends, that's all I wanted to advise you to protect your wireless network. I hope that the information I have prepared for you will be useful to you. Good luck!

Also on the site:

How to protect a Wi-Fi network? Basic and effective tips updated: February 7, 2018 by: admin

What could be more important in our time than protecting your home Wi-Fi network :) This is a very popular topic, on which more than one article has been written on this site alone. I decided to collect all the necessary information on this topic on one page. Now we will look in detail at the issue of protecting a Wi-Fi network. I’ll tell you and show you how to protect Wi-Fi with a password, how to do it correctly on routers from different manufacturers, which encryption method to choose, how to choose a password, and what you need to know if you are planning to change your wireless network password.

In this article we will talk exactly about protecting your home wireless network. And about password protection only. If we consider the security of some large networks in offices, then it is better to approach security there a little differently (at least a different authentication mode). If you think that one password is not enough to protect your Wi-Fi network, then I would advise you not to bother. Set a good, complex password using these instructions and don't worry. It is unlikely that anyone will spend time and effort to hack your network. Yes, you can, for example, hide the network name (SSID) and set filtering by MAC addresses, but these are unnecessary hassles that in reality will only cause inconvenience when connecting and using a wireless network.

If you are thinking about protecting your Wi-Fi, or leaving the network open, then there can only be one solution - protect it. Yes, the Internet is unlimited, and almost everyone at home has their own router, but eventually someone will connect to your network. Why do we need this, because extra clients are an extra load on the router. And if it’s not expensive, then it simply won’t withstand this load. Also, if someone connects to your network, they will be able to access your files (if local network is configured), and access to your router settings (after all, you most likely did not change the standard admin password that protects the control panel).

Be sure to protect your Wi-Fi network with a good password with the correct (modern) encryption method. I recommend installing protection immediately when setting up the router. Also, it would be a good idea to change your password from time to time.

If you are worried that someone will hack your network, or has already done so, then simply change your password and live in peace. By the way, since you will still be logging into the control panel of your router, I would also recommend , which is used to enter the router settings.

Proper protection of your home Wi-Fi network: which encryption method to choose?

During the password setting process, you will need to select a Wi-Fi network encryption method (authentication method). I recommend installing only WPA2 - Personal, with encryption algorithm AES. For a home network, this is the best solution, currently the newest and most reliable. This is the kind of protection that router manufacturers recommend installing.

Only under one condition that you do not have old devices that you want to connect to Wi-Fi. If, after setting up, some of your old devices refuse to connect to the wireless network, you can install a protocol WPA (with TKIP encryption algorithm). I do not recommend installing the WEP protocol, as it is already outdated, not secure and can be easily hacked. Yes, and there may be problems connecting new devices.

Protocol combination WPA2 - Personal with AES encryption, this is the best option for a home network. The key itself (password) must be at least 8 characters. The password must consist of English letters, numbers and symbols. The password is case sensitive. That is, “111AA111” and “111aa111” are different passwords.

I don’t know what router you have, so I’ll prepare short instructions for the most popular manufacturers.

If after changing or setting a password you have problems connecting devices to the wireless network, then see the recommendations at the end of this article.

I advise you to immediately write down the password that you will set. If you forget it, you will have to install a new one, or .

Protecting Wi-Fi with a password on Tp-Link routers

Connecting to the router (via cable or Wi-Fi), launch any browser and open the address 192.168.1.1, or 192.168.0.1 (the address for your router, as well as the standard username and password are indicated on the sticker at the bottom of the device itself). Provide your username and password. By default, these are admin and admin. In , I described entering the settings in more detail.

In settings go to the tab Wireless(Wireless mode) - Wireless Security(Wireless Security). Check the box next to the protection method WPA/WPA2 - Personal(Recommended). In the drop down menu Version(version) select WPA2-PSK. On the menu Encryption(encryption) install AES. In field Wireless Password(PSK Password) Enter a password to protect your network.

Setting a password on Asus routers

In the settings we need to open the tab Wireless network, and make the following settings:

• In the "Authentication Method" drop-down menu, select WPA2 - Personal.
• "WPA encryption" - install AES.
• In the "WPA Pre-Shared Key" field, write down the password for our network.

To save the settings, click the button Apply.

Connect your devices to the network with a new password.

Protecting your D-Link router's wireless network

Go to the settings of your D-Link router at 192.168.0.1. You can see detailed instructions. In settings, open the tab WiFi - Security Settings. Set the security type and password as in the screenshot below.

Setting a password on other routers

We also have detailed instructions for ZyXEL and Tenda routers. See the links:

If you haven’t found instructions for your router, then you can set up Wi-Fi network protection in the control panel of your router, in the settings section called: security settings, wireless network, Wi-Fi, Wireless, etc. I think I can find it it won't be difficult. And I think you already know what settings to set: WPA2 - Personal and AES encryption. Well, that's the key.

If you can't figure it out, ask in the comments.

What to do if devices do not connect after installation or password change?

Very often, after installation, and especially after changing the password, devices that were previously connected to your network do not want to connect to it. On computers, these are usually errors “The network settings saved on this computer do not meet the requirements of this network” and “Windows could not connect to...”. On tablets and smartphones (Android, iOS), errors such as “Could not connect to the network”, “Connected, protected”, etc. may also appear.

These problems can be solved by simply deleting the wireless network and reconnecting with a new password. I wrote how to delete a network in Windows 7. If you have Windows 10, then you need to “forget the network” using . On mobile devices, press and hold your network and select "Delete".

If connection problems occur on older devices, then set the WPA security protocol and TKIP encryption in the router settings.

Today, wireless networks play an important role in the lives of users. If 10 years ago it was considered common to carry an Internet cable behind a laptop, today every phone connects to the Internet via wi-fi. Computers, laptops, netbooks, tablets, smartphones, printers - all this equipment can be connected to the network and interconnected simply over the air. And naturally, not only you, but also those around you have such equipment. Therefore, it is extremely important to be able to protect your wireless network.

1. Protection of the Wi-Fi network itself.

It is necessary to select a reliable security type and install a difficult-to-guess security key. We recommend choosing WPA2-PSK and a security key of 8-10 characters.

Often it is also a good idea to hide the wi-fi network. To do this, check the box Enable hidden Wireless(see picture above)

In some cases, it makes sense to adjust the transmitter power so that the access point covers your apartment, but does not reach your neighbors.

2. Protect your access point (or router)

Using the D-Link DIR-300 as an example:

Go to the section MAINTENANCE, select subsection Device Administration, in setting Admin Password Enter the new password twice:

And in the setting Administration uncheck the box Enable Remote Management which will make it impossible to log into the device’s web interface from the Internet.