What is tkip or aes. What type of encryption to choose for a wifi router

Broadband Internet access has long ceased to be a luxury not only in large cities, but also in remote regions. At the same time, many immediately acquire wireless routers to save on mobile internet and connect smartphones, tablets and other portable equipment to the high-speed line. Moreover, providers are increasingly immediately installing routers with built-in wireless point access.

Meanwhile, consumers do not always understand how it actually works network equipment and what danger it can pose. The main misconception is that the private client simply does not realize that wireless communication can cause him any harm - after all, he is not a bank, not the Secret Service, and not the owner of pornographic warehouses. But once you start figuring it out, you’ll immediately want to go back to the good old cable.

1. No one will hack my home network

This is the main misconception of home users, leading to neglect of basic standards network security. It is generally accepted that if you are not a celebrity, not a bank or not an online store, then no one will waste time on you, because the results will be inadequate to the efforts made.

Moreover, for some reason the opinion persistently circulates that supposedly small wireless networks are more difficult to hack than large ones, which has a grain of truth, but in general it is also a myth. Obviously, this statement is based on the fact that small local networks have a limited range of signal propagation, so it is enough to lower its level, and a hacker simply will not be able to detect such a network from a car parked nearby or a cafe in the neighborhood.

This may have once been true, but today's burglars are equipped with highly sensitive antennas that can detect even the most weak signal. And the fact that your tablet in your kitchen constantly loses connection does not mean that a hacker sitting in a car two houses away from you will not be able to dig into your wireless network.

As for the opinion that hacking your network is not worth the effort, this is not at all true: your gadgets contain a sea of ​​all kinds of personal information, which, at a minimum, will allow an attacker to order purchases on your behalf, get a loan, or, using methods social engineering, achieve even more unobvious goals, such as penetrating the network of your employer or even its partners. At the same time, the attitude towards network security ordinary users today so disdainful that hack home network It won't be difficult even for beginners.

2. You don’t need a dual- or tri-band router at home

It is believed that multi-band routers are needed only by particularly demanding owners of a huge number of gadgets who want to get the most out of wireless communication maximum available speed. Meanwhile, any of us could use at least a dual-band router.

The main advantage of a multi-band router is that different devices can be “scattered” over different ranges, and thereby increase the potential data transfer speed and, of course, the reliability of communication. For example, it would be quite advisable to connect laptops to the same band, set-top boxes- to the second, and mobile gadgets- to the third.

3. 5 GHz band is better than 2.4 GHz band

Those who appreciate the benefits frequency range 5 GHz is usually recommended for everyone to switch to it and stop using the 2.4 GHz frequency altogether. But, as usual, not everything is so simple.

Yes, 5 GHz is physically less “populated” than the more widespread 2.4 GHz – also because most devices based on old standards operate at 2.4 GHz. However, 5 GHz is inferior in communication range, especially with regard to penetration through concrete walls and other obstacles.

In general, there is no definite answer here; we can only advise you to use the range in which your specific reception is better. After all, it may well turn out that in some specific place the 5 GHz band is overloaded with devices - although this is very unlikely.

4. No need to touch the router settings

It is assumed that it is better to leave configuration of equipment to professionals and your intervention can only harm the performance of the network. A common way for provider representatives (and system administrators) to intimidate the user in order to reduce the likelihood incorrect settings and subsequent house calls.

It is clear that if you have no idea what it is about, it is better not to touch anything, but even a non-professional is quite capable of changing some settings, increasing the security, reliability and performance of the network. At least go to the web interface and check out what you can change there - but if you don’t know what it will do, it’s better to leave everything as is.

In any case, it makes sense to make four adjustments if they have not already been made in your router settings:

1) Switch to a new standard whenever possible– if both the router and your devices support it. Switching from 802.11n to 802.11ac will give a significant speed boost, as will switching from older 802.11b/g to 802.11n.

2) Change the encryption type. Some installers still leave home wireless networks either completely open or with the outdated WEP encryption standard. You definitely need to change the type to WPA2 c AES encryption and a complex long password.

3) Change default username and password. Almost all providers leave this data by default when installing new equipment - unless you specifically ask them to change it. This is a well-known “hole” in home networks, and any hacker will definitely try to take advantage of it first.

4) Disable WPS (Wi-Fi Protected Setup). WPS technology is usually enabled in routers by default - it is intended for quick connection compatible mobile devices to the network without input long passwords. At the same time, WPS makes your local network very vulnerable to hacking using the “brute force” method - simply guessing the WPS PIN code, consisting of 8 digits, after which the attacker will easily gain access to the WPA/WPA2 PSK key. At the same time, due to an error in the standard, it is enough to determine only 4 digits, and this is only 11,000 combinations, and to crack it you will not need to go through all of them.

5. Hiding the SSID will hide your network from hackers

SSID is the network service identifier or simply the name of your network that is used to establish a connection various devices ever connected to it. By disabling SSID broadcast, you will not appear on the neighbor list available networks, but this does not mean that hackers will not be able to find it: unmasking a hidden SSID is a task for a beginner.

At the same time, by hiding the SSID, you will even make life easier for hackers: all devices trying to connect to your network will try the nearest access points and can connect to “trap” networks specially created by attackers. You can deploy such a substitute open network under your own disclosed SSID, to which your devices will simply connect automatically.

Therefore, the general recommendation is this: give your network a name that does not mention either the provider, the router manufacturer, or any personal information that allows you to identify you and carry out targeted attacks on weak points.

6. Encryption is not needed if you have an antivirus and firewall

A typical example of when warm is confused with soft. The programs protect against software threats online or already on your network; they do not protect you from interception of the data itself transmitted between the router and your computer.

To ensure network security, you need a set of tools, which include encryption protocols, hardware or software firewalls, and anti-virus packages.

7. WEP encryption is sufficient for your home network

WEP is not secure in any way and can be hacked in minutes using a smartphone. In terms of security, it differs little from a completely open network, and this is its main problem. If you are interested in the history of the issue, you can find a lot of materials on the Internet that WEP was easily broken back in the early 2000s. Do you need this kind of “security”?

8. A router with WPA2-AES encryption cannot be hacked

If we take a “spherical router with WPA2-AES encryption in a vacuum”, then this is true: according to the latest estimates, with existing computing power cracking AES using brute force methods would take billions of years. Yes, billions.

But this does not mean that AES will not allow a hacker to get to your data. As always, the main problem is the human factor. In this case, a lot depends on how complex and well-written your password will be. With a “everyday” approach to coming up with passwords, social engineering methods will be enough to crack WPA2-AES in a fairly short time.

We discussed the rules for creating good passwords in detail not long ago, so we refer everyone interested to this article.

9. WPA2-AES encryption reduces data transfer speeds

Technically, this is true, but modern routers have hardware to keep this reduction to a minimum. If you are experiencing significant connection slowdowns, it means you are using an older router that implemented slightly different standards and protocols. For example, WPA2-TKIP. TKIP itself was more secure than its predecessor WEP, but was a compromise solution that allowed the use of older hardware with more modern and secure protocols. To “make friends” of TKIP with the new type of AES encryption, various software tricks were used, which led to a slowdown in data transfer speed.

Back in 2012, the 802.11 standard deemed TKIP not secure enough, but it is still often found in older routers. There is only one solution to the problem - buy a modern model.

10. There is no need to change a working router

The principle is for those who today are quite satisfied with a mechanical typewriter and a telephone with a dial. New wireless communication standards appear regularly, and each time not only the data transfer speed increases, but also the security of the network.

Today, when the 802.11ac standard allows for data transfer speeds above 50 Mbps, an older router that supports 802.11n and all previous standards may limit the potential throughput networks. In the case of tariff plans that provide speeds above 100 Mbps, you will simply pay extra money without receiving a full-fledged service.

Of course, it is not at all necessary to urgently change a working router, but one fine day there will come a time when not a single modern device will be able to connect to it.

IN lately Many “exposing” publications have appeared about the hacking of some new protocol or technology that compromises the security of wireless networks. Is this really so, what should you be afraid of, and how can you ensure that access to your network is as secure as possible? Do the words WEP, WPA, 802.1x, EAP, PKI mean little to you? This short overview will help bring together all the encryption and radio access authorization technologies used. I will try to show that a properly configured wireless network represents an insurmountable barrier for an attacker (up to a certain limit, of course).

Basics

• Authentication- how the client and the access point introduce themselves to each other and confirm that they have the right to communicate with each other;
• Encryption- what scrambling algorithm for transmitted data is used, how the encryption key is generated, and when it changes.

The parameters of a wireless network, primarily its name (SSID), are regularly advertised by the access point in broadcast beacon packets. In addition to the expected security settings, requests for QoS, 802.11n parameters, supported speeds, information about other neighbors, etc. are transmitted. Authentication determines how the client presents itself to the point. Possible options:

• Open- a so-called open network in which all connected devices are authorized immediately
• Shared- the authenticity of the connected device must be verified with a key/password
• EAP- the authenticity of the connected device must be verified using the EAP protocol by an external server

• None- no encryption, data is transmitted in clear text
• WEP- cipher based on the RC4 algorithm with different static or dynamic key lengths (64 or 128 bits)
• CKIP- proprietary replacement for Cisco's WEP, early version of TKIP
• TKIP- Improved WEP replacement with additional checks and protection
• AES/CCMP- the most advanced algorithm based on AES256 with additional checks and protection

Combination Open Authentication, No Encryption widely used in systems guest access like providing the Internet in a cafe or hotel. To connect, you only need to know the name of the wireless network. Often this connection is combined with additional check to the Captive Portal by redirecting the user's HTTP request to additional page, where you can request confirmation (login-password, agreement with the rules, etc.).

Encryption WEP is compromised and cannot be used (even in the case of dynamic keys).

Commonly occurring terms WPA And WPA2 determine, in fact, the encryption algorithm (TKIP or AES). Due to the fact that client adapters have supported WPA2 (AES) for quite some time, there is no point in using TKIP encryption.

Difference between WPA2 Personal And WPA2 Enterprise is where the encryption keys used in the mechanics of the AES algorithm come from. For private (home, small) applications, a static key (password, code word, PSK (Pre-Shared Key)) with a minimum length of 8 characters, which is set in the access point settings, and is the same for all clients of this wireless network. Compromise of such a key (they spilled the beans to a neighbor, an employee was fired, a laptop was stolen) requires an immediate password change for all remaining users, which is only realistic if there are a small number of them. For corporate applications, as the name suggests, a dynamic key is used, individual for each working client in at the moment. This key can be periodically updated during operation without breaking the connection, and is responsible for its generation additional component- an authorization server, and almost always this is a RADIUS server.

All possible safety parameters are summarized in this plate:

If everything is clear with WPA2 Personal (WPA2 PSK), enterprise solution requires additional consideration.

WPA2 Enterprise

The use of the EAP authorization mechanism in your network leads to the fact that after successful (almost certainly open) client authentication by the access point (together with the controller, if any), the latter asks the client to authorize (confirm its authority) with the infrastructure RADIUS server:

Usage WPA2 Enterprise requires a RADIUS server on your network. At the moment, the most efficient products are the following:

• Microsoft Network Policy Server (NPS), former IAS- configured via MMC, free, but you need to buy Windows
• Cisco Secure Access Control Server (ACS) 4.2, 5.3- configured via a web interface, sophisticated in functionality, allows you to create distributed and fault-tolerant systems, expensive
• FreeRADIUS- free, configured using text configs, not convenient to manage and monitor

In this case, the controller carefully monitors the ongoing exchange of information and waits for successful authorization or refusal of it. If successful, the RADIUS server is able to transmit to the access point additional options(for example, which VLAN to place the subscriber in, which IP address to assign, QoS profile, etc.). At the end of the exchange, the RADIUS server allows the client and the access point to generate and exchange encryption keys (individual, valid only for this session):

EAP

• EAP-FAST(Flexible Authentication via Secure Tunneling) - developed by Cisco; allows authorization using a login and password transmitted inside the TLS tunnel between the supplicant and the RADIUS server
• EAP-TLS(Transport Layer Security). Uses infrastructure public keys(PKI) to authorize the client and server (applicant and RADIUS server) through certificates issued by a trusted certification authority (CA). Requires issuing and installing client certificates for each wireless device, so is only suitable for managed enterprise environments. The Windows Certificate Server has facilities that allow the client to generate its own certificate if the client is a member of a domain. Blocking a client can easily be done by revoking its certificate (or through accounts).
• EAP-TTLS(Tunneled Transport Layer Security) is similar to EAP-TLS, but does not require a client certificate when creating a tunnel. In such a tunnel, similar to a browser SSL connection, additional authorization is performed (using a password or something else).
• PEAP-MSCHAPv2(Protected EAP) - similar to EAP-TTLS in terms of the initial establishment of an encrypted TLS tunnel between the client and server, requiring a server certificate. Subsequently, such a tunnel is authorized using the well-known MSCHAPv2 protocol.
• PEAP-GTC(Generic Token Card) - similar to the previous one, but requires one-time password cards (and the corresponding infrastructure)

All of these methods (except EAP-FAST) require a server certificate (on the RADIUS server) issued by a certification authority (CA). In this case, the CA certificate itself must be present on the client’s device in the trusted group (which is easy to implement using group policy on Windows). Additionally, EAP-TLS requires an individual client certificate. Client authentication is performed as follows: digital signature, so (optional) by comparing the certificate provided by the client to the RADIUS server with what the server retrieved from the PKI infrastructure (Active Directory).

Support for any of the EAP methods must be provided by a client-side supplicant. The standard built-in Windows XP/Vista/7, iOS, Android provides at least EAP-TLS, and EAP-MSCHAPv2, which makes these methods popular. Intel client adapters for Windows come with a ProSet utility that extends available list. Cisco AnyConnect Client does the same.

How reliable is it?

For Open Authentication, No Encryption - nothing. Connected to the network, and that's it. Since the radio medium is open, the signal travels in different directions, and it is not easy to block it. If you have appropriate client adapters that allow you to listen to the broadcast, network traffic visible as if the attacker had connected to the wire, to the hub, to the SPAN port of the switch.
WEP-based encryption requires only IV time and one of many freely available scanning utilities.
For encryption based on TKIP or AES, direct decryption is possible in theory, but in practice there have been no cases of hacking.

Of course, you can try to guess the PSK key or password for one of the EAP methods. There are no known common attacks against these methods. You can try to use social engineering methods, or

Standards WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and WPA2 (Wi-Fi Protected Access II), which you will be offered to choose from when setting up your wireless network security settings, are the main information security algorithms. WEP is the oldest of them and the most vulnerable, as many weaknesses have been discovered in it over the course of its use. WPA offers better security, but is also reportedly susceptible to hacking. WPA2, currently an evolving standard, is currently the most common security option. TKIP (Temporal Key Integrity Protocol) and AES (Advanced Encryption Standard) are two various types encryption that can be used in the WPA2 standard. Let's see how they differ and which one is best for you.

AES vs. TKIP

TKIP and AES are two different encryption standards that can be used on Wi-Fi networks. TKIP is an older encryption protocol, introduced at one time by the WPA standard to replace the extremely unreliable WEP algorithm. In fact, TKIP is very similar to the WEP encryption algorithm. TKIP is no longer considered a reliable security method and is not currently recommended. In other words, you shouldn't use it.

AES is a more secure encryption protocol introduced by the WPA2 standard. AES is not some dull, this or that standard designed specifically for Wi-Fi networks. This is a serious global encryption standard, adopted even by the US government. For example, when you encrypt hard drive by using TrueCrypt programs, it can use the AES encryption algorithm for this. AES is a universally recognized standard that provides virtually complete safety, and its possible weaknesses are its potential susceptibility to brute-force attacks (which are countered by the use of fairly complex passphrases) and security deficiencies associated with other aspects of WPA2.

A shortened version of the security is TKIP, an older encryption protocol used by the WPA standard. AES for Wi-Fi is a newer encryption solution used in the new and secure WPA2 standard. In theory, this could be the end of it. But in practice, depending on your router, simple choice WPA2 may not be enough.

Although WPA2 uses AES for optimal security, it can also use TKIP where backward compatibility with previous generations of devices is required. In this situation, devices that support WPA2 will connect in accordance with WPA2, and devices that support WPA will connect in accordance with WPA. That is, "WPA2" does not always mean WPA2-AES. However, on devices without explicitly specifying the "TKIP" or "AES" options, WPA2 is usually synonymous with WPA2-AES.
The abbreviation “PSK” in the full name of these options stands for “pre-shared key” - your passphrase (cipher key). This distinguishes personal standards from WPA-Enterprise, which uses a RADIUS server to issue unique keys on large enterprise or government Wi-Fi networks.

Security Options for Wi-Fi Network

Even more difficult? Nothing surprising. But all you really need to do is find the one option in your device's work list that provides the most protection. Here is the most likely list of options for your router:

• Open (risky): V open networks No Wi-Fi code phrases. You shouldn't install this option - seriously, you could give the police a reason to come visit you.
• WEP 64 (risky): The old WEP protocol standard is easily vulnerable and you should not use it.
• WEP 128 (risky): This is the same as WEP, but with an increased encryption key length. In fact, it is no less vulnerable than WEP 64.
• WPA-PSK (TKIP): The original version of the WPA protocol is used here (essentially WPA1). It is not completely secure and has been replaced by WPA2.
• WPA-PSK (AES): This uses the original WPA protocol, replacing TKIP with the more modern AES encryption standard. This option is offered as a temporary measure, but devices that support AES will almost always support WPA2, while devices that require WPA will almost never support AES. So this option doesn't make much sense.
• WPA2-PSK (TKIP): This uses the modern WPA2 standard with the old algorithm TKIP encryption. This option is not secure, and its only advantage is that it is suitable for older devices that do not support the WPA2-PSK (AES) option.
• WPA2-PSK (AES): This is the most commonly used security option. It uses WPA2, the latest encryption standard for Wi-Fi networks, and the latest AES encryption protocol. You should use this option. On some devices you'll see an option called simply "WPA2" or "WPA2-PSK", which in most cases means using AES.
• WPAWPA2-PSK (TKIP/AES): Some devices offer - and even recommend - this mixed option. This option allows you to use both WPA and WPA2 - with both TKIP and AES. This ensures maximum compatibility with any ancient devices you may have, but also gives hackers the opportunity to break into your network by breaking into the more vulnerable WPA and TKIP protocols.

WPA2 certification has been in effect since 2004 and became mandatory in 2006. Any device with a "Wi-Fi" logo manufactured after 2006 must support the WPA2 encryption standard.

Since your Wi-Fi-capable device is likely under 11 years old, you can feel comfortable simply choosing the WPA2-PSK (AES) option. By installing this option, you can also check the functionality of your device. If the device stops working, you can always return or exchange it. Although, if safety matters to you great value, you can simply buy a new device manufactured no earlier than 2006.

WPA and TKIP slow down your Wi-Fi network

The WPA and TKIP options chosen for compatibility purposes can also slow down the Wi-Fi network. Many modern Wi-Fi routers that support 802.11n or newer, faster standards will throttle down to 54 Mbps if you set them to WPA or TKIP to ensure compatibility with hypothetical older devices.

For comparison, when using WPA2 with AES, even the 802.11n standard supports speeds of up to 300 Mbps, and the 802.11ac standard offers theoretical maximum speed 3.46 Gbps under optimal (read: ideal) conditions.
On most routers, as we've seen, the list of options usually includes WEP, WPA (TKIP) and WPA2 (AES) - and perhaps a mixed WPA (TKIP) + WPA2 (AES) maximum compatibility mode option thrown in with the best of intentions .
If you have a fancy type of router that offers WPA2 with either TKIP or AES, choose AES. Almost all your devices will definitely work with it, moreover, faster and more securely. AES is a simple and rational choice.

To protect your Wi-Fi network and set a password, you must select the type of wireless network security and encryption method. And on at this stage Many people have a question: which one to choose? WEP, WPA, or WPA2? Personal or Enterprise? AES or TKIP? What security settings will best protect your Wi-Fi network? I will try to answer all these questions within the framework of this article. Let's consider everything possible methods authentication and encryption. Let's find out what security settings Wi-Fi networks It is better to set it in the router settings.

Please note that security type, or authentication, network authentication, protection, authentication method are all the same thing.

Authentication type and encryption are the main security settings for a wireless Wi-Fi network. I think that first we need to figure out what they are, what versions there are, their capabilities, etc. After which we will find out what type of protection and encryption to choose. I’ll show you using the example of several popular routers.

I highly recommend setting up a password and protecting your wireless network. Install maximum level protection. If you leave the network open, without protection, then anyone can connect to it. This is primarily unsafe. And also extra load to your router, a drop in connection speed and all sorts of problems with connecting different devices.

Wi-Fi network protection: WEP, WPA, WPA2

There are three protection options. Of course, not counting "Open" (No protection).

• WEP(Wired Equivalent Privacy) is an outdated and insecure authentication method. This is the first and not very successful method of protection. Attackers can easily access wireless networks that are protected using WEP. There is no need to set this mode in the settings of your router, although it is present there (not always).
• WPA(Wi-Fi Protected Access) is a reliable and modern type of security. Maximum compatibility with all devices and operating systems.
• WPA2– a new, improved and more reliable version of WPA. There is support for AES CCMP encryption. For now this is the best way Wi-Fi protection networks. This is what I recommend using.

WPA/WPA2 can be of two types:

• WPA/WPA2 - Personal (PSK)- This the usual way authentication. When you only need to set a password (key) and then use it to connect to a Wi-Fi network. The same password is used for all devices. The password itself is stored on the devices. Where you can view it or change it if necessary. It is recommended to use this option.
• WPA/WPA2 - Enterprise- a more complex method that is mainly used to protect wireless networks in offices and various establishments. Allows you to provide more high level protection. Used only when a RADIUS server is installed to authorize devices (which gives out passwords).

I think we have figured out the authentication method. The best thing to use is WPA2 - Personal (PSK). For better compatibility, so that there are no problems connecting older devices, you can set the WPA/WPA2 mixed mode. This is the default setting on many routers. Or marked as "Recommended".

Wireless Network Encryption

There are two ways TKIP And AES.

It is recommended to use AES. If you have older devices on your network that do not support AES encryption (but only TKIP) and there will be problems connecting them to the wireless network, then set it to "Auto". TKIP encryption type is not supported in 802.11n mode.

In any case, if you install strictly WPA2 - Personal (recommended), then only AES encryption will be available.

What protection should I install on my Wi-Fi router?

Use WPA2 - Personal with AES encryption. To date, this is the best and most safe way. This is what the wireless network security settings look like on ASUS routers:

And this is what these security settings look like on routers from TP-Link (with old firmware).

More detailed instructions for TP-Link you can look.

Instructions for other routers:

If you don’t know where to find all these settings on your router, then write in the comments, I’ll try to tell you. Just don't forget to specify the model.

Since WPA2 - Personal (AES) older devices ( Wi-Fi adapters, phones, tablets, etc.) may not support it, then in case of connection problems, set the mixed mode (Auto).

I often notice that after changing the password or other security settings, devices do not want to connect to the network. Computers may receive the error "The network settings saved on this computer do not meet the requirements of this network." Try deleting (forgetting) the network on the device and connecting again. I wrote how to do this on Windows 7. But in Windows 10 you need .

Password (key) WPA PSK

Whatever type of security and encryption method you choose, you must set a password. Also known as WPA key, Wireless Password, Wi-Fi network security key, etc.

Password length is from 8 to 32 characters. You can use letters of the Latin alphabet and numbers. Also special characters: - @ $ # ! etc. No spaces! The password is case sensitive! This means that "z" and "Z" are different characters.

I don't recommend betting simple passwords. It's better to create strong password, which no one will be able to pick up, even if they try hard.

It is unlikely that you will be able to remember such a complex password. It would be nice to write it down somewhere. It’s not uncommon for Wi-Fi passwords to be simply forgotten. I wrote in the article what to do in such situations: .

If you need even more security, you can use MAC address binding. True, I don’t see the need for this. WPA2 - Personal paired with AES and a complex password is quite enough.

How do you protect your Wi-Fi network? Write in the comments. Well, ask questions :)

When I first set up home Wi-Fi router, made a serious mistake: chose the wrong encryption protocol. As a result, my point was hacked the next day, even with an 8-digit password. I realized this only after a few weeks, and before that I was content with slow loading pages and interruptions in streaming video. And this is only half the question: if through unsecured connection transmit confidential information and working documents, they may “go” into the wrong hands. Do you want to avoid such problems? It is enough to select the optimal encryption protocol.

WEP 64 and WEP 128

The worst thing you can do when setting up a router is to install WEP encryption. It cannot guarantee even a minimum level of security: they can hack your point in a matter of minutes. And not only to take advantage free internet, but also obtain personal data.

WPA-PSK (TKIP) and

Another encryption protocol that I do not recommend choosing: security, frankly speaking, is not 100%. Especially if you chose the TKIP encryption type.

WPA2-AES vs WPA2-TKIP

The WPA2 protocol version is the most current option. When the question arises about the type of encryption, choose WPA2-AES - it will provide maximum protection your Wi-Fi network and data security. In comparison, the TKIP encryption type is considered less secure. But if you outdated device And