How to secure your network connection. How to restrict other users from accessing your home Wi-Fi

Wi-Fi has become so popular that having a router is the rule rather than the exception. But, despite all the conveniences, it should be taken into account that it is visible to others. See for yourself how much is displayed in your home available connections. It is unlikely that one or two, usually their number reaches a dozen or more. Similarly, neighbors can see your network among others available.

Few people want strangers to access their personal wireless network

But if certain precautions are not followed, outsiders will be able to connect to your connection. What is the risk? At least the loss of Internet speed. You will not receive the full speed of your communication channel if someone connects to it at your expense. But the situation is much more dangerous if an attacker connects to your Wi-Fi, who can use the transmitted data to his advantage.

In order not to be exposed to such a risk, you need to limit access to your Wi-Fi. Read below for tips on how to do this.

Internet access for a specific list of devices

What is a mac address and how to find it

To each network device even during manufacture at the factory, a special mac-address is assigned - a kind of unique digital fingerprint. It looks like "A4-DB-30-01-D9-43". For further settings, you need to know the mac-address of a single device to which you are going to provide access to Wi-Fi. How to find it?

Windows

Option 1. Through the "Network Control Center"

• Between the battery and sound icons is the internet connection icon. Right-click - select "Network and Sharing Center".
• " View active networks" - "Connections" line, click on the connection name - "Details".
• In the line "Physical address" and the mac-address of the laptop will be presented.

Option 2. Through "Settings" (for Windows 10)

• Click "Start" - "Settings" - "Network and Internet" - "Wi-Fi" - "Advanced options" - "Properties".
• "Physical address" is the mac address of the laptop.

Option 3. Through the command line

• Hold Win + R - type cmd (or Win + X - Command Prompt (Admin) on Windows 8.1 and 10).
• Type the ipconfig /all command.
• Under "Wireless LAN Adapter. Wireless network" in the line "Physical address" contains the required information.

Android

• "Settings" - "Wireless networks" - "Wi-Fi" - menu button - "Additional functions".
• The required data is in the MAC address line.

iOS

"Settings" - "General" - "About this device" - "Wi-Fi address".

Once you have located the device ID, write it down or just remember it. Now let's proceed to the next stage - we will establish access to the required equipment through the router.

Router setup

Log in to the settings web interface first. Using a browser, go to 192.168.0.1 or 192.168.1.1. Enter your login and password - admin/admin or admin/parol. These combinations work on most devices. If there is no access, check the information on the bottom surface of the router or in the instructions for it.

The location of the menu items may differ depending on the manufacturer, but the basic principles apply to all devices.

1. In the "Wi-Fi network settings" section, enable filtering by mac-address, because it is initially disabled.
2. In the "MAC Address Filtering" tab, add the addresses of the devices that you are going to provide access to Wi-Fi.

Now you can use Wi-Fi only through those devices with which you have booked addresses. Attackers will not get access to your data.

Other options for restricting access

Replacing the network and router password

If you haven't changed your Wi-Fi password, change it. And it is advisable to do this regularly. Create a new password in the network security settings. It is equally important to replace both the factory password and the login login when installing the router. The standard combination is the easiest way to access a connection.

Correct encryption protocol

Initially, connection encryption is disabled. In the settings on the router, change the security protocol. We strongly recommend WPA2-PSK - it is the most secure.

Invisible network

In the "Wireless Network Settings" section, replace the default name. After connecting the required devices, disable SSID broadcast. Actually, no one else will simply see your network and will not be able to access it.

Conclusion

We have listed various options on how to restrict access to your Wi-Fi network to third-party users. The best option there will be filtering by mac-address. But it is best to apply several actions in a complex.

Now in most apartments and houses there is more than one device that is connected to the Internet. This led to the popularity of routers and wireless access points, which almost completely replaced the connection of the ISP cable directly to a single computer. Now the wire of the Internet connection service provider is included in a special device that allows you to use the same connection for several computers at once, as well as connect mobile devices, laptops and regular computers via Wi-Fi, combining them into a local network.

The routers are at home, warm and cozy, and this gives rise to a false feeling that the routers are safe. This is not at all the case, each router stands on seven winds - in a very aggressive environment: anyone (literally ANY) within the reach of a wireless signal can interact with your router, record the transmitted traffic; you also need to remember that routers have access to the Internet, where numerous automated scanners can scan ports, running services dozens of times a day, sort out passwords, and perform exploits against your router.

Your router needs protection - without your help, it can become a victim of hackers, this article will tell you how to how to protect and configure a Wi-Fi router so that it cannot be hacked.

What can hackers gain by hacking into a Wi-Fi router?

Many users take router security lightly because they do not understand the dangers of hacking a router. Curiously, most users understand the danger of hacking their computer, since an attacker can gain access to their personal data, photos, passwords. It is very important to understand that hacking a router is a preliminary step to hacking a computer. By infiltrating the router, a hacker can:

• perform a man-in-the-middle attack, which aims to intercept passwords and other data that you transmit over the network;
• perform a man-in-the-middle attack aimed at infecting the user's computer with a backdoor or trojan;
• perform phishing attacks aimed at obtaining logins and passwords from websites, extorting money, infecting a computer with a backdoor or a trojan;
• monitor the network activity of users;
• block the Internet connection completely or to individual sites;
• use your Internet connection for criminal activities (law enforcement will see your IP as the address of a cybercriminal);
• access webcams and other peripherals connected to your router
• make changes to the firmware of the router.

Hacking a router is a serious threat that can lead to serious consequences for the user.

How to get into the router settings

To manage routers, in the vast majority of cases, a web interface is used, i.e. All settings can be made directly from the browser. Your computer and your router are on the same local network (whether you use Wi-Fi or wired). To get "inside" your router, type in the browser line

If this address does not work, then sometimes it can be

You will be greeted with a form to enter a username and password. They can be found in the device passport, on the box, on the case. Or just look for the default (factory) credentials for your router on the Internet.

Each model has its own interface design features and grouping of settings, but usually there are always “Wireless Network”, “Local Network” and “Internet” items. The menu items and settings may be called a little differently, but once you understand the meaning of the setting, you can easily find it on your own.

Recommendations for protecting the router and Wi-Fi access point from hacking

Use a password to access your network

Do not leave your wireless network open ("Open"), select encryption (authentication method) WPA or WPA2.

Stop using the WEP algorithm

WEP is an obsolete, virtually unused security algorithm. wifi security. It can be hacked in minutes. However, there are still access points with WEP, so check yours and if it uses WEP for encryption, then switch to WPA or WPA2.

Disable WPS

WPS (Wi-Fi Protected Setup) provides an easy, but not secure, way to set up a wireless network. Depending on the degree of vulnerability, the WPS, and then the Wi-Fi password, can be cracked in a day or even minutes.

Set a strong password

Since, by its very nature, a Wi-Fi network is available to anyone within its range, anyone can try to connect to it by trying different passwords (called online brute force). Another technique is also popular, which is based not on connection attempts, but on capturing certain data that a legitimate user and access point exchange at the time of connection and then hacking them (offline enumeration). The use of the latter allows you to enumerate at a speed of tens and hundreds of thousands of passwords per second. You can protect yourself from such an attack only by setting a long and complex password.

The following rules will allow you to almost guaranteed to protect yourself from any brute-force attacks:

• use a long password. Wi-Fi password cannot be less than eight characters. If possible, try to use passwords of 10 or more characters;
• the password should not be a meaningful phrase, consist of several combined meaningful words, since such a password option can be cracked using a dictionary;
• use four classes of characters in your password: numbers, uppercase and lowercase letters, punctuation marks;
• from time to time, for example every few months, change your password to a new one.

The screenshot above shows that routers often use generated passwords that consist of eight characters and include three character classes (large and small letters, numbers): L95atyz7, 6rQTeRBb, YssvPT4m, WJ5btEX3, dn8MVX7T. To crack such passwords on a typical home computer, it will take 1-3 years of continuous enumeration. BUT by assembling a computer on several top-end video cards (by making something like a "farm" for mining), a complete enumeration of such a password can be reduced to one to several months. In my opinion, such passwords cannot be considered strong. As already mentioned, add a fourth character class (syntax marks) and increase the number of characters - this will ensure that your Wi-Fi network will not be hacked even with very powerful equipment.

Check network settings for 5 GHz

Many users do not know that their router operates in two frequency bands: 2.4 GHz and 5 GHz. If you secure one range but forget the other, then the attacker can take advantage of it. Set a strong password for the 5GHz network, disable WPS for it. If you are not using the 5 GHz band, you can simply turn it off.

Set a strong password to log into the router's admin panel

As already mentioned, your router is connected to local and global networks, where anyone can try to connect to it. To prevent an attacker from guessing the password, set a long password using different character classes.

Change admin name

Change the username from Admin/admin to another, less predictable one - this will make the task of guessing the password even more difficult.

Disable access to the router control panel from the Internet

In the vast majority of cases, access to the router's administration panel from the local network is enough for you. If you do not need access to the router settings from an external network (from the Internet), then disable it, this will prevent an attacker from trying to guess the login password. This setting may be called "Enable Web Access from WAN".

Update your router firmware

Even with a strong password, an attacker can gain access to the router or get this password in plain text if the router contains a vulnerability. New firmware from manufacturers should fix vulnerabilities and other bugs, improve stability and functionality, so regularly (once every few months) check for new firmware and update them on your router.

Search for vulnerabilities in the router

Unfortunately, sometimes vulnerabilities are found after the manufacturer stops supporting the router. This can lead to a situation where hackers are aware of a vulnerability in your router, but no firmware updates are available.

You can check your router for vulnerabilities with the Router Scan by Stas'M program. This is a fairly easy to use program with a graphical interface.

If you are familiar with Linux, then you can use a similar program RouterSploit , it may have exploits that are not in Router Scan. Instructions for use:

If your router turns out to be vulnerable without the ability to update the firmware, then it is recommended that you stop using it and replace it with a new one.

Disable unused network services

The more complex the device, the more potential points for the efforts of a hacker. Many of the network services and advanced features are not used by most users, and some of them contain known vulnerabilities. So disable SSH, FTP, Telnet, Internet File Sharing (such as AiDisk), File/Media Server (such as UPnP), SMB (Samba), TFTP, IPv6, and others you don't need.

Enable HTTPS for administrative connections

On most routers, it is disabled by default. This setting will allow you to prevent interception of your password from the router's admin panel if you connect to it from the Internet, or during man-in-the-middle attacks if the attacker has already penetrated your local network.

Log out (log out) when you finish working in the router

Simply closing the page can leave the router login session open.

Turn on logging

It's a good habit to check the logs for suspicious activity from time to time. Set the clock and time zone correctly so that the logs are more accurate.

Check logs, control connected devices

This already applies to detecting a hacked router - this question will be discussed in more detail below.

Set up a "guest" network

Many modern routers can create separate guest networks.

Make sure she only has access to the Internet and not to the local network. Naturally, use WPA2 and of course the password must be different than the one from your main Wi-Fi.

Additional steps to secure your router

If the previous one is not enough for you, then here are some more tips for you.

Change the default IP address range for your local network

All user routers I've seen have the same local address range. This is 192.168.1.x or 192.168.0.x. This facilitates an automated attack using a script.

Available ranges:

• Any 10.x.x.x
• Any 192.168.x.x
• 172.16.x.x to 172.31.x.x

Change the default local address of the router

If someone breaks into your network, they know for sure that your router address is x.x.x.1 or x.x.x.254, making it difficult for them.

Restrict administrative access over the wireless network

This is not for everyone. For example, it may be that absolutely all computers are connected only via a wireless network. But if it can be done, it will greatly complicate the task of the attacker.

Using a MAC filter

Few effective method protection, since an attacker can easily find out the missed MAC addresses and forge them. Do not rely on this protection.

Network hiding

Ineffective from a security point of view. It does not worsen security, but it does not increase it either, since an attacker can easily find out the name of the network.

Signs of a hacked Wi-Fi router

Changing router settings without your knowledge

If any settings have been changed by illegitimate users, and especially the password for entering the administration panel, DNS settings, VPN settings, then this is a sign that a hacker has gained access to your router.

Control devices connected to your local network

Programs such as NetworkConnectLog and Wireless Network Watcher () can be used for this.

An unauthorized connection means that your network has been compromised.

View router log

If your router supports logging that logs device administrator login, then review it regularly for suspicious activity.

Detect man-in-the-middle attacks and strange network disruptions

Advanced users, in addition to discovering new devices on the network, can also take actions to detect attacks that have begun against them ")".

Strange network disturbances may also indicate changes to network equipment settings and traffic interception/modification by attackers.

Today, when it is possible to catch a wireless Internet network in most homes, the question of how to put a password on wifi takes on the role of an important aspect of data security. Creating a reliable “line of defense” for a home network is a rather responsible matter, and has its own subtleties. With this in mind, it will be useful for you to take into account the knowledge and advice offered in this article.

The outline of the topic will be as follows:

• First, we will cover the main existing types of encryption in wifi networks;
• Then we will look at a generalized example of how to password-protect a network.

Encryption in WIFI networks

Personal information stored in the files of a computer connected to a wireless network may be accessible to unauthorized persons who do not have the right to do so. In other words, for ill intent or not, for entertainment or profit, unauthorized access to all PC contents can be obtained through a network without a password. To prevent this, various encryption methods have been developed that can protect users. More about what they are.

WEP

This technology (802.11 standard) was one of the first systems to ensure the security of a wifi network. It provided weak protection, which is why it was often hacked by hackers in order to steal important information. The result of this has been a significant slowdown in the adoption of wifi networks in companies and business organizations. The leaders did not have the slightest confidence in the confidentiality of the data transmitted via wireless communication. In addition, this system did not provide for the ability to set a password.

The IEEE institute, which organized 802.11i, took up the solution to this problem - working group, which began the creation of a new data encryption model that can protect wifi networks.

The result was the emergence in 2004 of WPA (Wifi Protected Access or Protected Access). New system fixed the shortcomings of the old one thanks to a combination of several technologies at once that can solve the problem of its vulnerability and put an end to the history of easy network hacks.

WPA

The 802.1x standard, as mentioned above, has replaced 802.11. The main difference was mutual authentication and permanent encapsulation of data transmitted between the server and client access points. The Authentication Protocol (EAP) has also been extended.

We invite you to familiarize yourself with a schematic representation of the operation of WAP and many other security systems (see fig.)

In addition, the Temporal Key Integrity Protocol (TKIP) method and MIC, a message checksum that prevents any change in data packets during transmission, were integrated into WAP. Together, these technologies can ensure that the network is secure by restricting access to the network to only users who own the password.

WPA2

The next breakthrough towards network security was the release of the WPA2 (802.11i) program. Only with its advent, wireless networks began to be actively introduced by enterprises and companies that give privacy a special role.

The most important innovation was the introduction of AES, a 128-bit advanced data encryption algorithm. It allows you to put an end to the work of the "blocker" of the cipher, which makes it possible to use one code for both authentication and encryption. It has now become mandatory to use different ciphers for each of these operations. We also added key caching and pre-authentication of users (to sort them by access points).

There are modifications of the 802.11i standard:

• 802.11r is a technology specialized in the fast and reliable transmission of key hierarchies based on the Handoff algorithm. This wifi standard is fully compatible with 802.11a/b/g/n modifications.
• 802.11w - designed to improve the mechanism responsible for security, through heightened attention to the protection of control packets based on 802.11i. Both of these standards belong to the 802.11n group.

Thus, the use of the latest (WPA2) standard in organizing the security of a wireless network is obvious.

Enough theory. The next step should be the organization of wifi password protection, which we will now consider.

Password for wifi - installation nuances

A wireless network makes it possible to connect various devices to the Internet within a radius far beyond the apartment. Therefore, if your wifi is not password protected, neighbors will be able to use it. And it’s one thing if such an unauthorized “visit” is made only for the sake of obtaining free Internet, and quite another if its purpose is to obtain personal information for committing fraudulent activities.

Therefore, setting a password on wifi is a top priority after creating and configuring a network.

This procedure may have slight differences when working with different models of routers. But despite this, there is one general tuning algorithm that applies in all cases.

Step 1

The first operation required in order to password-protect the network is to enter the router settings.

It comes with a CD to help you set up the equipment. But if you find it difficult to find it, you can use the web interface of the router. In this case, you will need to launch a web browser and enter a special code (a structure consisting of "http://" and "IP router") in the address bar. Standard addresses for most routers start with "192.168.", followed by: "1.1", "0.1", "2.1" (for example, 192.168.1.1). Which one is right for you? This can be found by looking at the back of the router (99% of the time) or by looking online.

Consider the following:

• It is better to enter the router settings from a computer connected to it using an Ethernet cable. When using a wifi connection, you will have to repeat the login procedure every time after any change.
• The name and password from the router is almost always "admin". If it does not fit, look through the instructions in search of the right option, or look at the back cover of the device.
• If you find it difficult to remember the password that you set earlier, restart the router with the Reset button. This will reset all user settings of the device, returning them to factory settings.

Step 2

Now you need to find a tab with a name similar to "Network Security Properties". It is most often located in the "Wifi Settings" or the "Security" section. Having trouble finding the tab? You can enter the model name of your router into the search and locate it.

Step 3

Next, you need to select the type of data encryption. Modern models provide for the use various methods network protection. We talked about the features of each at the beginning of the article. And, as discussed in the same place, it is most advisable today to use WPA2 due to its highest reliability.

• Important! Older router models may not be able to use WPA2. Therefore, you need to install either WPA, or change the device to a more modern one.

STEP 4

After choosing an encryption method, you need to set its algorithm. For WPA2-Personal, you need to install AES. Another - TKIP - is much inferior to the first in reliability, and it is not advisable to use it.

Important! In some router models, TKIP is no longer even provided, as it is outdated and cannot provide desired level protection.

Step 5

Here we have reached the most important stage of the whole procedure. You need to decide on the SSID (access point name) and set a password for wifi (in other words, specify a code word or password for the network).

When choosing a secret phrase, keep in mind:

• The password should be a combination of both numbers and symbols, and it is very good if they are mixed. Complicated in this way secret code, you can set a difficult task for detractors who want to pick it up.
• The Internet is littered with many simple password generators that can be cracked in seconds.

Step 6. Last

It remains only to save the new settings and reboot the router. Click on "Apply" ("save", "save", "apply" ...), and all changes will be ready to take effect. This will only happen after the router is rebooted. In most cases, the router will restart itself, and all connected devices will be disconnected from wifi without fail. In order to notify them of changes in the network, you will have to re-establish the connection and enter the new password specified in the step above.

Important to remember:

• If the automatic reload did not start after saving, you will need to do it manually. You need to unplug the router from the power supply, count to 10, and then turn it back on. You can start working after it completes the initial boot. Its completion will be reported by the indicator lights, having ceased to blink randomly.
• Such a reboot is different from the one obtained by pressing the RESET button! The latter will erase all your settings, resetting them to the initial (factory) settings.
• To prevent network intrusions, it is recommended to change the password at least twice a year.

Remember, you have everything you need to ensure that the security of your personal data is not compromised. The main thing is to learn how to use the methods of protecting a wireless network.

It so happened that many are not serious about protecting their home Wi-Fi network and the router itself. At best, the Wi-Fi network is protected by some kind of password, and the factory password of the router has been changed. But this does not always happen either. Very often, users leave the Wi-Fi network completely open. Out of the kindness of my heart, or just too lazy to install, and then also enter this password - I don’t know. But this is very stupid.

I think that many simply do not understand how dangerous it can be for other users to connect, or even worse, intruders to their Wi-Fi network. Let's imagine that we have a home wireless network. Let it be password protected, or completely open. But by hacking, or simply connecting (if the network is not secure), other users have connected to it. These users most likely have no bad intentions. They are not interested in our personal files and they have no purpose to harm us somehow. Just connect to someone else's Wi-Fi and enjoy the internet.

It seems nothing terrible, but we do not mind. But you need to understand that these foreign devices create a load on our router. He starts to work slowly. The connection speed drops. What if they download/share torrents? Or in Online Games play? This is a big load on the network and router. It can generally freeze, fail, etc. But this is still half the trouble. If we have a local network configured, access to some files on the computer is open, then everyone who is connected to your router can also access your files. And this is at least unpleasant. Have you changed the administrator password on the router? If not, then these other users have access to the router settings. And they can generally change / set the password for Wi-Fi. to your Wi-Fi. And you will have to reset the router settings and configure everything again.

But there may be more serious problems. Especially when, due to the poor security of your wireless network, some intruder gains access to it. He, for example, can perform some illegal actions through your connection. For example, post or upload some prohibited files. And you will most likely be responsible for this. Also through the router, you can access your devices and the information that is stored on them.

Of course, any Wi-Fi network can be hacked. And there is no 100% protection. But hardly anyone will spend time and effort on getting access to a regular home Wi-Fi network. Unless, of course, you store highly sensitive information and specifically your wireless network is not of particular interest to intruders. Therefore, I recommend everyone to at least set a good password for Wi-Fi and for the router itself. But besides that, I have a few more recommendations that will allow you to protect your wireless network and router as much as possible from other users. (represented by neighbors, intruders, etc.) and hacking.

To change the security settings of the router, you need to go to its web interface. This process (as well as the process of changing other parameters) differs depending on the manufacturer, model, or firmware of the router. Therefore, I give a link to the universal instruction:. All the necessary information is there.

Set a strong Wi-Fi network password

Your Wi-Fi network must be password protected. Good password. No "11111111", "12345678", "qwertyui", etc. Be sure to come up with a strong password that includes capital letters, numbers, and special characters (~ ! @ # $ % & *). Also, do not be too lazy to write down this password so that you don’t ask in the comments later:

Yes, such passwords are not very convenient to enter when connecting devices. But how often do you connect new devices? I think no.

Wireless security settings are more than just a password. You need to select a modern and reliable one in the settings. If you do not want to watch a separate article on this topic, then I will say that it is better to install WPA2 - Personal with AES encryption.

If you do not know how to set or change the Wi-Fi password on your router, then see the article. If you do not find instructions for your router in the article, then use the site search. If you don’t find anything there, then leave your question in the comments. Just write the model. I will try to suggest how and where you can change the password on your device.

I also want to add here that it is desirable to change the wireless network name (SSID). Come up with some original name. So you will not lose your network among other neighboring networks.

Protect your router settings with a password

This password has nothing to do with Wi-Fi. It is used solely to protect the settings of the router. So that no one except you can enter the web interface of the router and change any settings there. As a rule, a username and password are set (sometimes just a password). Some routers have it installed by default. Usually admin/admin is used. If the password is not set by default, then during the first setup, the router offers to set it. But this can be done at any time in the control panel.

After setting/changing the password, you will need to enter it every time you log into the web interface.

I have already prepared a separate article on this topic:. There I showed how to set a password on ASUS, D-Link, TP-Link, ZyXEL routers.

Disable the WPS function

With WPS, you can quickly connect devices to a wireless network without entering a password. But as practice shows, few people use WPS. You can find many materials where it is written about different problems with WPS function security. Therefore, to protect the router from hacking, it is better to disable this function.

In addition, I noticed that due to WPS, it is very often impossible to connect some devices to Wi-Fi, or configure the router in bridge mode.

Hide Wi-Fi network from prying eyes

In the Wi-Fi network settings on the router, there is such a function as "Hide SSID" (Hide SSID), or "Disable SSID Broadcast". After activating it, devices will no longer see your Wi-Fi network. And in order to connect to it, you will need to specify not only the password, but also the name of the network itself (SSID). And this is additional protection.

This setting is usually located in the wireless settings section. You can see, for example, . After that, you may need the instructions in which I showed.

Set up MAC address filtering

Not sure if every router has this feature, but I think it should. MAC address - the unique address of the Wi-Fi adapter (module). That is, each device has its own. In the router settings, you can register the MAC addresses of those devices that can connect to your network (create a whitelist of addresses). If the MAC address of the device is not in the list, it will not connect to the network.

This is probably the most effective protection router. The only inconvenience is that when connecting new devices, you will have to go into the router settings and prescribe their MAC addresses.

I talked a little about these settings in the article. Only there I created a blacklist of devices (who are not allowed to connect), and in our case, you need to create a white list of MAC addresses of devices (who are allowed to connect).

A few more tips to help make your router even more secure.

• Update the router firmware. In new versions of the software, not only some functions or stability of work, but also security can be improved.
• Firewall, Antivirus, Firewall, DoS protection - all or some of these features are present in modern routers. Usually, they are enabled by default. Do not turn them off unnecessarily and do not change the settings.
• Remote access to the router is the control of the router via the Internet. If you do not use this feature, then it is better to disable it.
• Change your Wi-Fi network password from time to time.
• Check if there are any foreign devices in the list of connected clients on your router. How to watch:,.

All these basic settings will help you patch the main "holes" in the security of your router and the Wi-Fi network that it distributes. I think that for home Wi-Fi networks, these recommendations are more than enough.

Hello! I decided to prepare an article in which to collect all the main and most important effective advice and answer your question how to secure a wifi network. From whom will we protect? From neighbors, of course, but if you need to protect a Wi-Fi set in the office, then from colleagues from a neighboring company :). But seriously, the issue of protecting wireless networks is now very relevant, I drew conclusions from the article in which I described. The article very quickly became popular, and gathered a lot of comments.

Set a password to access the Wi-Fi router settings

This is the first thing to do when setting up a secure Wi-Fi network. In the router settings, look for the “System Tools” tab, then go to the “Password” tab.

We enter the old login and password, then in the form below we enter a new name for access and twice a new password. Come up with a good and complex password. Consisting of letters and numbers. And most importantly, remember yourself :). To save, click "Save". We continue to configure the protection of the Wi-Fi network.

We put a password on the Wi-Fi network and set the type of encryption

Without fail, you need to specify the type of encryption that you will use for the network and set a strong password. Well, unless you have some kind of cafe and you want to make open access to Wi-Fi for visitors.

Go to the tab "Wireless", and "Wireless Security". We put a mark next to the WPA / WPA2 - Personal protocol, set the settings as in the screenshot below and in the line, opposite “PSK Password:” we come up with a good password. This password will be used to connect to Wi-Fi. To save, click "Save".

The router will offer to restart it, but if you still make settings, you can not restart it yet. But the new settings will only work after a reboot.

Another great defense. We hide the name of the Wi-Fi network, and you can connect to it only if you know what it is called. Your network will not appear in the list of available networks.

We are looking for and go to the tab "Wireless". And in order to hide the SSID, just uncheck the box “Enable SSID Broadcast”. That's it, it's simple. Click the “Save” button to save the changes.

Enable device filtering by MAC address

Enabling this feature will allow you to connect to the router only those devices whose MAC addresses are specified in the settings and are allowed. This is a very effective protection, but if you often connect new devices, it will not be very convenient to go into the router settings every time and prescribe the MAC address of the device.

First you need to find out the MAC addresses of the devices that you want to allow to connect to the Wi-Fi network. You can see them in the settings, read more. If it's a phone or tablet, then you can see the address in the settings, in the "About phone" section. And if the device is already connected to the router, then all the necessary information can be found on the tab “DHCP” - “DHCP Clients List”.

So, go to the “Wireless” tab, and go to “Wireless MAC Filtering”. First, enable this service by clicking on the “Enable” button. Then set a checkmark next to the item ” Allow the stations specified by any enabled entries in the list to access.”. This means that only devices that are on the list will be able to connect to Wi-Fi.

And press the button “Add New…“, in order to add the MAC addresses of devices that need to be allowed access. Enter the MAC address, description (optional), leave the Enable status and click the “Save” button.

In this way, we add all the devices that you want to allow to connect to your router.

Disable the QSS service (WPS)

I wrote in detail about this service, and how to use it, in the article. But if you do not connect new devices very often and it is not difficult for you to enter the password for the Wi-Fi network, then it is better to disable this service.

To disable, go to the tab “QSS”, you may also call it “WPS”, or something like that. And press the button "Disabled QSS".

This was the last point that I advise you to do to completely protect the Wi-Fi network on your router. It remains only to reboot the router by clicking on the “click here” link, or do it with the button on the router itself.

That's all friends, that's all I wanted to advise you to protect your wireless network. I hope that the information I have prepared for you will be useful to you. Good luck!

How to secure a Wi-Fi network? Basic and effective tips updated: February 7, 2018 by: admin