• How to close a wifi network. How to protect your router from hacking

    What could be more important in our time than protecting your home Wi-Fi network :) This is a very popular topic, on which more than one article has been written on this site alone. I decided to collect all the necessary information on this topic on one page. Now we will look in detail at the issue of protecting a Wi-Fi network. I’ll tell you and show you how to protect Wi-Fi with a password, how to do it correctly on routers from different manufacturers, which encryption method to choose, how to choose a password, and what you need to know if you are planning to change your wireless network password.

    In this article we will talk exactly about protecting your home wireless network. And about password protection only. If we consider the security of some large networks in offices, then it is better to approach security there a little differently (at least a different authentication mode). If you think that one password is not enough to protect your Wi-Fi network, then I would advise you not to bother. Set a good, complex password using these instructions and don't worry. It is unlikely that anyone will spend time and effort to hack your network. Yes, you can, for example, hide the network name (SSID) and set filtering by MAC addresses, but these are unnecessary hassles that in reality will only cause inconvenience when connecting and using a wireless network.

    If you are thinking about protecting your Wi-Fi, or leaving the network open, then there can only be one solution - protect it. Yes, the Internet is unlimited, and almost everyone at home has their own router, but eventually someone will connect to your network. Why do we need this, because extra clients are an extra load on the router. And if it’s not expensive, then it simply won’t withstand this load. Also, if someone connects to your network, they will be able to access your files (if local network is configured), and access to your router settings (after all, you most likely did not change the standard admin password that protects the control panel).

    Be sure to protect your Wi-Fi network with a good password with the correct (modern) encryption method. I recommend installing protection immediately when setting up the router. Also, it would be a good idea to change your password from time to time.

    If you are worried that someone will hack your network, or have already done so, then simply change your password and live in peace. By the way, since you will still be logging into the control panel of your router, I would also recommend , which is used to enter the router settings.

    Proper protection of your home Wi-Fi network: which encryption method to choose?

    During the password setting process, you will need to select a Wi-Fi network encryption method (authentication method). I recommend installing only WPA2 - Personal, with encryption algorithm AES. For a home network, this is the best solution, currently the newest and most reliable. This is the kind of protection that router manufacturers recommend installing.

    Only under one condition that you do not have old devices that you want to connect to Wi-Fi. If, after setting up, some of your old devices refuse to connect to the wireless network, you can install a protocol WPA (with TKIP encryption algorithm). I do not recommend installing the WEP protocol, as it is already outdated, not secure and can be easily hacked. Yes, and there may be problems connecting new devices.

    Protocol combination WPA2 - Personal with AES encryption, this is the best option for a home network. The key itself (password) must be at least 8 characters. The password must consist of English letters, numbers and symbols. The password is case sensitive. That is, “111AA111” and “111aa111” are different passwords.

    I don’t know what router you have, so I’ll prepare short instructions for the most popular manufacturers.

    If after changing or setting a password you have problems connecting devices to the wireless network, then see the recommendations at the end of this article.

    I advise you to immediately write down the password that you will set. If you forget it, you will have to install a new one, or .

    Protecting Wi-Fi with a password on Tp-Link routers

    Connecting to the router (via cable or Wi-Fi), launch any browser and open the address 192.168.1.1, or 192.168.0.1 (the address for your router, as well as the standard username and password are indicated on the sticker at the bottom of the device itself). Provide your username and password. By default, these are admin and admin. In , I described entering the settings in more detail.

    In settings go to the tab Wireless(Wireless mode) - Wireless Security(Wireless Security). Check the box next to the protection method WPA/WPA2 - Personal(Recommended). In the drop down menu Version(version) select WPA2-PSK. On the menu Encryption(encryption) install AES. In the field Wireless Password(PSK Password) Enter a password to protect your network.

    In the settings we need to open the tab Wireless network, and make the following settings:

    • In the "Authentication Method" drop-down menu, select WPA2 - Personal.
    • "WPA encryption" - install AES.
    • In the "WPA Pre-Shared Key" field, write down the password for our network.

    To save the settings, click the button Apply.

    Connect your devices to the network with a new password.

    Protecting your D-Link router's wireless network

    Go to the settings of your D-Link router at 192.168.0.1. You can see detailed instructions. In settings, open the tab WiFi - Security Settings. Set the security type and password as in the screenshot below.

    Setting a password on other routers

    We also have detailed instructions for ZyXEL and Tenda routers. See the links:

    If you haven’t found instructions for your router, then you can set up Wi-Fi network protection in the control panel of your router, in the settings section called: security settings, wireless network, Wi-Fi, Wireless, etc. I think I can find it it won't be difficult. And I think you already know what settings to set: WPA2 - Personal and AES encryption. Well, that's the key.

    If you can't figure it out, ask in the comments.

    What to do if devices do not connect after installation or password change?

    Very often, after installation, and especially after changing the password, devices that were previously connected to your network do not want to connect to it. On computers, these are usually errors “The network settings saved on this computer do not meet the requirements of this network” and “Windows could not connect to...”. On tablets and smartphones (Android, iOS), errors such as “Could not connect to the network”, “Connected, protected”, etc. may also appear.

    These problems can be solved by simply deleting the wireless network and reconnecting with a new password. I wrote how to delete a network in Windows 7. If you have Windows 10, then you need to “forget the network” using . On mobile devices, press and hold your network and select "Delete".

    If connection problems occur on older devices, then set the WPA security protocol and TKIP encryption in the router settings.

    Wi-Fi has become so popular that having a router is the rule rather than the exception. But, despite all the conveniences, you should take into account that it is visible to others. See for yourself how many available connections are shown in your home. Hardly one or two, usually their number reaches a dozen or more. Likewise, neighbors can see your network among other available ones.

    Few people want strangers to gain access to their personal wireless network

    But if certain precautions are not taken, others may be able to connect to your connection. What does this mean? At the very least, a loss of Internet speed. You will not receive the full speed of your communication channel if someone connects to it at your expense. But the situation is much more dangerous if an attacker connects to your Wi-Fi and can use the transmitted data to his advantage.

    To avoid this risk, you need to limit access to your Wi-Fi. Read below for recommendations on how this can be done.

    Internet access for a specific list of devices

    What is a mac address and how to find it out

    Each network device, even at the factory, is assigned a special mac address - a kind of unique digital fingerprint. It looks like "A4-DB-30-01-D9-43". For further settings, you need to know the mac address of the individual device to which you are going to provide access to Wi-Fi. How to find him?

    Windows

    Option 1. Through the “Network Sharing Center”

    • Between the battery and sound icons there is an Internet connection icon. Right-click and select “Network and Sharing Center.”
    • “View active networks” - line “Connections”, click on the connection name - “Details”.
    • The “Physical address” line will contain the mac address of the laptop.

    Option 2: Through Settings (for Windows 10)

    • Click “Start” - “Settings” - “Network and Internet” - “Wi-Fi” - “Advanced settings” - “Properties”.
    • “Physical address” is the mac address of the laptop.

    Option 3. Via the command line

    • Hold Win+R - enter cmd (or Win+X - Command Prompt (Administrator) on Windows 8.1 and 10).
    • Type the command ipconfig /all.
    • In the section “Wireless LAN adapter. Wireless Network" in the "Physical Address" line contains the required information.

    Android

    • “Settings” - “Wireless networks” - “Wi-Fi” - menu button - “Advanced functions”.
    • The required data is in the MAC address line.

    iOS

    “Settings” - “General” - “About this device” - “Wi-Fi address”.

    Once you have discovered the device ID, write it down or simply remember it. Now let's proceed to the next stage - we will establish access to the required equipment through the router.

    Setting up the router

    First, log into the settings web interface. Using a browser, go to 192.168.0.1 or 192.168.1.1. Enter your login and password - admin/admin or admin/parol. These combinations work on most devices. If there is no access, check the information on the bottom surface of the router or in its instructions.

    The layout of menu items may vary depending on the manufacturer, but the basic principles apply to all devices.

    1. In the “Wi-Fi network settings” section, enable filtering by mac address, because it is initially disabled.
    2. In the “MAC Address Filtering” tab, add the addresses of the devices to which you are going to provide access to Wi-Fi.

    Now you can use Wi-Fi only through those devices for which you have reserved addresses. Attackers will not gain access to your data.

    Other access restriction options

    Replacing the network and router password

    If you haven't changed your Wi-Fi password, change it. Moreover, it is advisable to do this regularly. In your network security settings, create a new password. It is equally important to replace both the factory password and login login when installing the router. The standard combination is the easiest way to access the connection.

    Nowadays, most apartments and houses have more than one device that is connected to the Internet. This has led to the popularity of routers and wireless access points, which have almost completely replaced connecting an Internet provider cable directly to a single computer. Now the Internet service provider wire is included in a special device that allows you to use the same connection for several computers at once, as well as connect mobile devices, laptops and regular computers via Wi-Fi, combining them into a local network.

    Routers are in our home, warm and cozy, and this gives rise to a false feeling that the routers are safe. This is not at all true, each router stands on the seven winds - in a very aggressive environment: anyone (literally ANYONE) within reach of the wireless signal can interact with your router, record transmitted traffic; You also need to remember that routers have access to the Internet, where numerous automated scanners can scan ports, running services, try passwords, and perform exploits against your router dozens of times a day.

    Your router needs protection - without your help it could become a victim of hackers, this article will tell you how how to protect and configure a Wi-Fi router so that it cannot be hacked.

    What can hackers get by hacking a Wi-Fi router?

    Many users take router security lightly because they do not understand the dangers that can result from hacking a router. It is curious that most users understand the danger of having their computer hacked, since an attacker can gain access to their personal data, photos, and passwords. It is very important to understand that hacking a router is a prior step to hacking a computer. Having penetrated the router, a hacker can:

    • perform a man-in-the-middle attack, which is aimed at intercepting passwords and other data that you transmit over the network;
    • carry out a man-in-the-middle attack aimed at infecting a user's computer with a backdoor or Trojan;
    • carry out phishing attacks aimed at obtaining logins and passwords from websites, extorting money, infecting a computer with a backdoor or Trojan;
    • monitor users' network activity;
    • block the Internet connection completely or to individual sites;
    • use the Internet connection for criminal activities (law enforcement agencies will see your IP as the address of a cybercriminal);
    • access webcams and other peripheral equipment connected to your router
    • make changes to the router firmware.

    Hacking a router is a serious threat that can lead to serious consequences for the user.

    How to get into the router settings

    In the vast majority of cases, a web interface is used to manage routers, i.e. You can make all settings directly from the browser. Your computer and your router are on the same local network (it doesn't matter whether you use Wi-Fi or a wire). To get “inside” your router, type in your browser

    If this address does not work, then sometimes it can be

    You will be greeted with a form to enter your username and password. They can be viewed in the device passport, on the box, on the case. Or just look for the default (factory) credentials for your router on the Internet.

    Each model has its own interface design and grouping of settings, but usually the “Wireless network”, “Local network” and “Internet” items are always present. Menu items and settings may be named a little differently, but once you understand the meaning of the setting, you can easily find it in your home.

    Recommendations for protecting your router and Wi-Fi access point from hacking

    Use a password to access your network

    Do not leave your wireless network “Open”, select the encryption (authentication method) WPA or WPA2.

    Stop using the WEP algorithm

    WEP is an outdated, largely unused Wi-Fi security algorithm. It can be hacked in minutes. However, there are still access points that use WEP, so check yours and if it uses WEP for encryption, switch to WPA or WPA2.

    Disable WPS

    WPS (Wi-Fi Protected Setup) provides an easy, but not secure, way to create a wireless network. Depending on the degree of vulnerability, the WPS, and then the Wi-Fi password, can be hacked in a day or even in a matter of minutes.

    Set a strong password

    Since by its very nature a Wi-Fi network is accessible to anyone within its range, anyone can try to connect to it by trying different passwords (called online brute force). Another technique is also popular, which is based not on connection attempts, but on capturing certain data that the legitimate user and the access point exchange at the time of connection and their subsequent hacking (offline brute force). The use of the latter allows you to brute force passwords at a speed of tens and hundreds of thousands per second. You can protect yourself from such an attack only by setting a long and complex password.

    The following rules will allow you to be almost guaranteed to protect yourself from any brute force hacking:

    • use a long password. The Wi-Fi password cannot be less than eight characters. If possible, try to use passwords of 10 or more characters;
    • the password should not be a meaningful phrase or consist of several combined meaningful words, since such a password option can be hacked using a dictionary;
    • use four classes of characters in your password: numbers, capital and small letters, punctuation marks;
    • From time to time, for example, once every few months, change your password to a new one.

    The screenshot above shows that routers often use generated passwords consisting of eight characters and including three classes of characters (capital and small letters, numbers): L95atyz7, 6rQTeRBb, YssvPT4m, WJ5btEX3, dn8MVX7T. To crack such passwords on a typical home computer, it will take 1-3 years of continuous brute force. BUT by assembling a computer on several top-end video cards (by making something like a “farm” for mining), a complete search of such a password can be reduced to one or several months. In my opinion, such passwords cannot be considered reliable. As already mentioned, add a fourth character class (syntax marks) and increase the number of characters - this will guarantee that your Wi-Fi network will not be hacked even with the use of very powerful equipment.

    Check your 5 GHz network settings

    Many users do not know that their router operates in two frequency bands: 2.4 GHz and 5 GHz. If you secure one range but forget about another, the attacker can take advantage of this. Set a strong password for the 5 GHz network, disable WPS for it. If you do not use the 5 GHz band, you can simply turn it off.

    Set a strong password to log into the router admin area

    As already mentioned, your router is connected to local and global networks, where anyone can try to connect to it. To prevent an attacker from guessing your password, set a long password using different character classes.

    Change the admin name

    Change the username from Admin/admin to another, less predictable one - this will further complicate the task of guessing the password.

    Disable access to the router control panel from the Internet

    In the vast majority of cases, you only need access to the router’s administration panel from the local network. If you do not need access to the router settings from an external network (from the Internet), then disable it; this will not allow an attacker to try to guess the login password. This setting may be called "Enable Web Access from WAN".

    Update your router's firmware

    Even with a strong password, an attacker can gain access to the router or obtain the password in clear text if the router contains a vulnerability. New firmware from manufacturers should eliminate vulnerabilities and other errors, improve stability and functionality, so regularly (every few months) check for new firmware and update it on your router.

    Search for vulnerabilities in the router

    Unfortunately, sometimes vulnerabilities are found after the manufacturer has stopped supporting the router. This can lead to a situation where hackers are aware of a vulnerability in your router, but there are no firmware updates.

    You can check your router for vulnerabilities using Router Scan by Stas’M. It is a fairly easy to use GUI program.

    If you are familiar with Linux, you can use a similar program called RouterSploit, which may have exploits that Router Scan does not. Instructions for use:

    If your router turns out to be vulnerable without the ability to update the firmware, it is recommended that you stop using it and replace it with a new one.

    Disable unused network services

    The more complex the device, the more potential points for a hacker to apply his efforts. Many of the online services and advanced features are not used by most users, and some of them also contain known vulnerabilities. Therefore, disable SSH, FTP, Telnet, Internet file sharing (for example, AiDisk), file/media server (for example, UPnP), SMB (Samba), TFTP, IPv6 and others that you do not need.

    Enable HTTPS for administrative connections

    On most routers it is disabled by default. This setting will allow you to prevent the interception of your router admin password if you connect to it from the Internet, or during man-in-the-middle attacks if the attacker has already penetrated your local network.

    Log out (log out) when you are done using the router

    Simply closing the page can leave the login session open on the router.

    Enable logging

    It's a good habit to check your logs for suspicious activity from time to time. Correctly set the clock and time zone to make the logs more accurate.

    Check logs, control connected devices

    This already applies to identifying a hacked router - this issue will be discussed in more detail below.

    Set up a "Guest" network

    Many modern routers can create separate guest networks.

    Make sure that it only has access to the Internet and not to the local network. Naturally, use WPA2 and, of course, the password should be different, not the same as for your main Wi-Fi.

    Additional steps to protect your router

    If the previous one is not enough for you, then here are some more tips for you.

    Change the default range of IP addresses for your local network

    All user routers I've seen have the same local address range. This is 192.168.1.x or 192.168.0.x. This facilitates automated script attacks.

    Available ranges:

    • Any 10.x.x.x
    • Any 192.168.x.x
    • 172.16.x.x to 172.31.x.x

    Change the router's default local address

    If someone breaks into your network, they know for sure that your router address is x.x.x.1 or x.x.x.254, making it difficult for them.

    Limit administrative access over the wireless network

    It's not for everyone. For example, it may be that absolutely all computers are connected only via a wireless network. But if this can be done, it will greatly complicate the attacker's task.

    Using a MAC filter

    This is not an effective method of defense, since an attacker can easily find out the MAC addresses being skipped and spoof them. There is no need to rely on this protection.

    Hiding the network

    Ineffective from a safety point of view. Does not worsen security, but does not increase it either, since an attacker can easily find out the network name.

    Signs of a Wi-Fi router being hacked

    Changing router settings without your knowledge

    If illegitimate users have changed any settings, especially the password for logging into the administration panel, DNS, VPN settings, then this is a sign that a hacker has gained access to your router.

    Control devices connected to your local network

    For this, programs such as NetworkConnectLog and Wireless Network Watcher () can be used.

    An unauthorized connection means your network is compromised.

    View the router log

    If your router supports logging that records device administrator logins, review it regularly to identify suspicious activity.

    Detecting man-in-the-middle attacks and strange network disruptions

    Advanced users, in addition to detecting new devices on the network, can also take actions to identify attacks that have begun against them ")".

    Strange disturbances in network operation may also indicate changes in the settings of network equipment and interception/modification of traffic by the attacker.

    I'll tell you a story that is still going on with one Internet provider in my city. One day, visiting a friend, I asked him for access to Wi-Fi. The network is preserved in the smartphone. While in another area of ​​the city, I suddenly discovered that I had reconnected to a friend's Wi-Fi. How is this possible? It turns out that the Internet provider set the same network name and password on all routers that were issued to subscribers upon connection. More than one year has passed, and I still have free Wi-Fi in almost every yard. By the way, the login and password for accessing the routers are also the same. :)

    Naturally, I told my friend about this funny discovery and reconfigured his router. Are you sure you are not in a similar situation?

    The dangers of unauthorized access to your Wi-Fi and router

    Imagine that an attacker connected to your Wi-Fi, downloaded several gigabytes of child pornography, and posted a couple of hundred extremist and other “incendiary” messages. The contract for the provision of Internet services is issued in your name, and accordingly, you will also be held accountable for violating the law.

    Even if the connected person does not commit illegal actions, he can download and distribute large files (including illegal content from torrent trackers) for days, which will affect the speed and stability of your Internet connection. The network is full of stories about free neighbor Wi-Fi. Perhaps you, too, are that good neighbor?

    The situation when an outsider knows the login and password for the router itself includes all the risks listed above, and also adds several new ones.

    For example, the prankster simply changes the Wi-Fi password and you lose access to the Internet. He may change the password to the router, and you will have to reset to factory settings and configure everything again (or call a specialist if you do not have the appropriate skills) to regain control of your equipment. The prankster himself can also reset the settings.

    There is no absolute protection, but you don’t need it

    There are many ways to hack networks. The likelihood of hacking is directly proportional to the motivation and professionalism of the hacker. If you haven’t made enemies and don’t have any super-valuable information, then it’s unlikely that you will be purposefully and diligently hacked.

    In order not to provoke random passers-by and neighbors eager for freebies, it is enough to close basic security holes. Having encountered the slightest resistance on the way to your router or Wi-Fi, such a person will abandon his plan or choose a less protected victim.

    We bring to your attention a minimum sufficient set of actions with a Wi-Fi router that will allow you to avoid becoming the object of cruel jokes or someone’s free access point.

    1. Access your Wi-Fi router

    The first step is to take control of your own router. You should know:

    • Router IP address,
    • login and password to access the router settings.

    To find out the router's IP address, turn the device over and look at the sticker on the bottom. There, among other information, the IP will be indicated. Typically this is either 192.168.1.1 or 192.168.0.1.

    The router address is also indicated in the user manual. If the box with the instructions from the router has not been preserved, then Google will help you find the user manual in electronic form.

    You can find out the router address yourself from your computer.

    1. On Windows, press the Windows key + R.
    2. In the window that appears, type cmd and press Enter.
    3. In the window that appears, enter ipconfig and press Enter.
    4. Find the "Default Gateway" line. This is the address of your router.

    Enter the received IP address of the router in the browser. You will see a login page for the router settings.

    Here you need to enter your username and password, which you must know. In most cases, the default login is the word admin, and the password is either an empty field or also admin (the default login and password are also listed at the bottom of the router). If you got the router from your Internet provider, then call them and find out.

    Without the ability to change settings, you essentially lose control over your own equipment. Even if you have to reset your router and set everything up again, it will be worth it. To avoid problems with accessing the router in the future, write down your username and password and store them in a safe place without access to others.

    2. Create a strong password to access the router

    Having gained access to the router, the first thing you need to do is change the password. Router interfaces vary depending on the manufacturer, specific model and firmware version. The user manual for your router will help you with this matter, as well as with subsequent steps to improve protection.

    3. Come up with a unique name (SSID) for your Wi-Fi network

    If your neighbors are completely new to technology, then a network name like fsbwifi or virus.exe may scare them away. In fact, a unique name will help you better navigate among other access points and uniquely identify your network.

    4. Create a strong password for your Wi-Fi network

    By creating a password-free access point, you essentially make it public. A strong password will prevent strangers from connecting to your wireless network.

    5. Make your Wi-Fi network invisible

    You will reduce the likelihood of an attack on your network if it cannot be detected without special software. Hiding the access point name improves security.

    6. Enable encryption

    Modern routers support various methods of encrypting data transmitted over a wireless network, including WEP, WPA and WPA2. WEP is inferior to others in terms of reliability, but is supported by older equipment. WPA2 is optimal in terms of reliability.

    7. Disable WPS

    WPS was created as a simplified way to create wireless networks, but in reality it turned out to be extremely vulnerable to hacking. Disable WPS in your router settings.

    8. Enable MAC address filtering

    Router settings allow you to filter network access by unique identifiers called MAC addresses. Each device that has a network card or network interface has its own MAC address.

    You can create a list of MAC addresses of trusted devices, or block connections to devices with specific MAC addresses.

    If desired, an attacker can spoof the MAC address of the device from which he is trying to connect to your network, but for an ordinary household wireless access point such a scenario is extremely unlikely.

    9. Reduce Wi-Fi signal range

    Routers allow you to change the signal strength, thus increasing or decreasing the range of the wireless network. Obviously, you only use Wi-Fi inside your apartment or office. By reducing the transmission power to a value where the network signal is reliably received only within the premises, you, on the one hand, will make your network less noticeable to others, and on the other hand, reduce the amount of interference for neighboring Wi-Fi.

    10. Update your router firmware

    There is no perfect technology. Craftsmen find new vulnerabilities, manufacturers close them and release “patches” for existing devices. By periodically updating your router's firmware, you reduce the likelihood that an attacker will take advantage of flaws in older versions of the software to bypass security and gain access to your router and network.

    11. Block remote access to the router

    Even if you protect your wireless network and login with passwords, attackers will still be able to access your router via the Internet. To protect your device from such external interference, find the remote access function in the settings and disable it.

    12. Firewall

    Some routers have a built-in firewall - a means of protection against various network attacks. Look in your router's security settings for a feature with a name like Firewall, "Firewall" or "Firewall" and enable it if it is present. If you see additional firewall settings, read the official instructions on how to configure them.

    13.VPN

    They create something like an encrypted tunnel for secure data transfer between the device and the server. This technology reduces the likelihood of identity theft and makes it more difficult to find the user's location.

    To use a VPN, you need to install a special client program on your gadget. Such software exists for mobile devices and computers. But some routers can also be connected to VPN services. This function allows you to protect all gadgets on a local Wi-Fi network at once, even if they do not have special programs.

    You can find out whether your router supports VPN in the instructions or on the manufacturer’s website. The same applies to the necessary settings.

    Read more: