• How to protect your wifi from outside connections. How to protect your router or secure wi-fi at home

    Today every third user world wide web Widely applies to the entire home, offering high-speed Internet access to all devices. And that’s right, why not use this opportunity when, sitting in a chair, lying on the sofa or in bed before going to bed, you have access to the Internet from a smartphone or.

    In this whole practically beneficial situation, there is one big “BUT” - users very rarely follow the security rules that directly relate to access to Wi-Fi. As time passes, we begin to notice that the speed of the Internet connection has decreased, and the printer suddenly began to be interested in “nude photos”, occasionally printing them! The actions of a “prankster” who connects to your network are not limited easy access to the Internet or to a printer, with a little dexterity, and more confidential information, for example your funds for electronic wallets. Therefore, protecting the wireless network and yourself personally is task number one, especially for users living in an apartment building.

    How to secure Wi-Fi access from external intrusion

    Usually the user, having noticed incorrect operation computer connected to the network, hurries to apply a reset. This is apparently similar to system unit, which suddenly froze. And here, we are looking for a thin object to get to the hidden “Reset” button on the case network equipment. Often, such actions save for a short time, and the situation is in a hurry to repeat itself...

    Ways to protect Wi-Fi access:

    1. The main step towards safety will be simple change access password to . After all, after configuration by a specialist (or self-configuration), the equipment continues to store factory credentials. And here, you don’t have to be a “computer genius” to enter the settings panel via the web interface!
      Note! Not all equipment models have the ability to configure the router control panel, so the following advice is more practical to implement.
    2. The next request concerns the network access password. Users are careless when choosing this cipher. Sometimes we refer to our weak memory, but at the same time we reset it with enviable consistency!
      Therefore, it is better to configure the WPA2 encryption algorithm once and come up with a 10-digit password that you will change at least occasionally. For it, select a random set of letters and numbers, and simply write down the combination you came up with on a piece of paper or on the box from the router.


      Note! Don't create readable passwords. Last names and first names in the English layout are difficult to come up with, but easy to find!
    3. Next, it would be a good idea to abandon the WPS function, which creates a digital PIN code for new devices. The function is active by default on most access point models. If you don’t have to constantly connect different smartphones or tablets, then there won’t be any difficulties.
      Note! Even if there is a need to regularly connect new gadgets, it is enough to enter the access password every time! Low cost for home network security.
    4. The next recommendation is more about attentiveness. Get into the habit of correctly leaving the router’s web interface, that is, not just closing the browser tab, but rather “exiting the control panel.”
      This precaution is associated with some features of Internet browsers. When visiting pages, browsers save cache and cookies, which are responsible for storing temporary files and resource information. You may have previously noticed that after leaving the site, re-authorization is not required. So this is another loophole for a random attacker!
      Note! It would be a good idea to get into the habit of clearing the cache and cookie of the browser you actively use (read how to do this in the article:,).
    5. The following steps are rather addressed experienced users because they bear some risk. So, first we’ll change the router’s subnet, since it is set by default and is known to many. Typically, it is an address:
      • 192.168.0.0
      • 192.168.1.0
      • 192.168.1.1

      Moreover, the address is indicated on the device body; nothing prevents us from changing the IP address via the web interface and giving the local subnet a new name, different from the factory one.

    Neighbors don’t necessarily steal Wi-Fi, but someone does it unscrupulously. And it seems that the connection speed allows you to share with neighbors, but sometimes it drops. What needs to be done to load the network like this? At the very least, lose your conscience and use someone else’s Internet without permission. But let's get to the point.

    Situation - you are surfing the Internet through your wi-fi router. And suddenly the speed drops sharply so that pages are difficult to open. And this is not the first time. It is a completely reasonable idea that someone is stealing Wi-Fi. How to find out if someone is connected to my wifi and how to turn off strangers.

    Important! All descriptions of the router are not universal - we are talking about specific model TP-LINK may vary for other devices. If you are not confident in your actions, you should not continue.

    Find out if anyone is connected to Wi-Fi

    Method one. Program. SoftPerfect WiFi Guard

    This method is for those who do not want to bother too much and who will carry out diagnostics through personal computer. To determine who connected to the router you will need SoftPerfect program WiFi Guard. We find it, for example, through Google and install it. The program is in Russian and installs quickly. Minimum settings required.

    In the “main” tab of the “settings” item of the program we find the column - “ network adapter" We select the item, in my case it is Qualcomm Atheros. Click "OK". Then click “scan” in the program window.

    The program will show all devices that are connected to our Wi-Fi. If only you are connected, you will see two devices (the “Info” column), which will be designated as “This computer” and “Internet gateway”. That is, your computer and the router itself.

    If there are strangers, the program will show them - neighbors’ devices will be displayed in red circles. This is either your neighbors or your other devices.

    Method two. Router admin panel

    This method does not require additional software. We go to the admin panel of the router. After connecting to the WiFi network, enter the IP address of the router. Typically this is 192.168.1.1. On different models The address may be different - you can check it on the device body. Then enter your username/password. As a rule, this is admin/admin (you can check on the device body).

    This is where the difficulties begin. The menu may be different on different router models. On my device, in the “Status” tab we find the “Wireless” item. There is a sign with the MAC addresses of connected devices. If you are connected alone, then there is only one MAC in this table. There are other addresses - neighbors steal Wi-Fi. But it’s important - at this point you can get information about the devices that are connected right now.

    More information can be seen in the “Interface Setup” tab, “DHCP” item.

    How to disconnect neighbors from Wi-Fi

    We offer the simplest and effective way to protect your internet. Namely, we set a password. The neighbors connected to our Internet either because they hacked your password, or because you didn’t set it at all.

    The algorithm can be different devices different. On mine it’s like this - in the admin panel of the router, go to the “Interface Setup” tab, “Wireless” item. In the “WPS Settings” column we find the item “Authenticatio n Ty pe". If it is “Disabled”, then change it to “WPA-PSK”. Then the “WPA-PSK” column below appears in the same tab. In the “Pre-Shared Key” field we enter a password - at least 8 characters. All that remains is to click “save”. We reconnect to our Wi-Fi, now we are required to enter a password.

    As a rule, you only need to enter the password once on each device (laptop, tablet, smartphone). The device will remember it and enter it automatically.

    If you forgot your wi-fi password

    If you forgot your Wi-Fi password, it is impossible to recover it - it is stored in the device itself. It can only be reset. To do this, press the “reset” button for a few seconds. The router settings will be deleted and you will need to configure it again.

    I'll tell you a story that is still going on with one Internet provider in my city. One day, visiting a friend, I asked him for access to Wi-Fi. The network is preserved in the smartphone. While in another area of ​​the city, I suddenly discovered that I had reconnected to a friend's Wi-Fi. How is this possible? It turns out that the Internet provider set the same network name and password on all routers that were issued to subscribers upon connection. More than a year has passed, but I still have free wifi in almost every yard. By the way, the login and password for accessing the routers are also the same. :)

    Naturally, I told my friend about this funny discovery and reconfigured his router. Are you sure you are not in a similar situation?

    The dangers of unauthorized access to your Wi-Fi and router

    Imagine that an attacker connected to your Wi-Fi, downloaded several gigabytes of child pornography, and posted a couple of hundred extremist and other “incendiary” messages. The contract for the provision of Internet services is issued in your name, and accordingly, you will also be held accountable for violating the law.

    Even if the connected person does not commit illegal actions, he can download and distribute for days large files(including illegal content from torrent trackers), which will affect the speed and stability of your Internet connection. The network is full of stories with freebies neighbor's Wi-Fi. Perhaps you, too, are that good neighbor?

    The situation when stranger knows the login and password for the router itself, includes all the risks listed above, and also adds several new ones.

    For example, the prankster simply changes the Wi-Fi password and you lose access to the Internet. He may change the password to the router, and you will have to reset to factory settings and configure everything again (or call a specialist if you do not have the appropriate skills) to regain control of your equipment. The prankster himself can also reset the settings.

    There is no absolute protection, but you don’t need it

    There are many ways to hack networks. The likelihood of hacking is directly proportional to the motivation and professionalism of the hacker. If you have not made enemies and do not have any super-valuable information, then it is unlikely that you will be purposefully and diligently hacked.

    In order not to provoke random passers-by and neighbors eager for freebies, it is enough to close basic security holes. Having encountered the slightest resistance on the way to your router or Wi-Fi, such a person will abandon his plan or choose a less protected victim.

    We bring to your attention a minimum sufficient set of actions with a Wi-Fi router that will allow you to avoid becoming the object of cruel jokes or someone’s free access point.

    1. Access your Wi-Fi router

    The first step is to take control of your own router. You should know:

    • Router IP address,
    • login and password to access the router settings.

    To find out the router's IP address, turn the device over and look at the sticker on the bottom. There, among other information, the IP will be indicated. Typically this is either 192.168.1.1 or 192.168.0.1.

    The router address is also indicated in the user manual. If the box with instructions from the router is not saved, then find the user manual in electronic form Google will help.

    You can find out the router address yourself from your computer.

    1. On Windows, press the combination Windows keys+R.
    2. In the window that appears, type cmd and press Enter.
    3. In the window that appears, enter ipconfig and press Enter.
    4. Find the "Default Gateway" line. This is the address of your router.

    Enter the received IP address of the router in the browser. You will see a login page for the router settings.

    Here you need to enter your username and password, which you must know. In most cases, the default login is the word admin, and the password is either an empty field or also admin (the default login and password are also listed at the bottom of the router). If you got the router from your Internet provider, then call them and find out.

    Without the ability to change settings, you essentially lose control over your own equipment. Even if you have to reset your router and set everything up again, it will be worth it. To avoid problems with accessing the router in the future, write down your username and password and store them in a safe place without access to others.

    2. Create a strong password to access the router

    Having gained access to the router, the first thing you need to do is change the password. Router interfaces vary depending on the manufacturer, specific model and firmware version. The user manual for your router will help you with this matter, as well as with subsequent steps to improve protection.

    3. Come up with a unique name (SSID) for your Wi-Fi network

    If your neighbors are completely new to technology, then a network name like fsbwifi or virus.exe may scare them away. In fact, a unique name will help you better navigate among other access points and uniquely identify your network.

    4. Create a strong password for your Wi-Fi network

    By creating a password-free access point, you essentially make it public. Strong password will not allow strangers to connect to your wireless network.

    5. Make your Wi-Fi network invisible

    You will reduce the likelihood of an attack on your network if it cannot be detected without special software. Hiding the access point name improves security.

    6. Enable encryption

    Modern routers support various methods encryption of data transmitted over a wireless network, including WEP, WPA and WPA2. WEP is inferior to others in terms of reliability, but is supported by older equipment. WPA2 is optimal in terms of reliability.

    7. Disable WPS

    WPS was created as a simplified way to create wireless networks, but in reality it turned out to be extremely vulnerable to hacking. Disable WPS in your router settings.

    8. Enable MAC address filtering

    Router settings allow you to filter network access by unique identifiers called MAC addresses. Every device that has network card or network interface, has its own MAC address.

    You can create a list of MAC addresses of trusted devices, or block connections to devices with specific MAC addresses.

    If desired, an attacker can spoof the MAC address of the device from which he is trying to connect to your network, but for an ordinary household wireless point access, such a scenario is extremely unlikely.

    9. Reduce Wi-Fi signal range

    Routers allow you to change the signal strength, thus increasing or decreasing the range of the wireless network. Obviously, you only use Wi-Fi inside your apartment or office. By reducing the transmission power to a value where the network signal is reliably received only within the premises, you, on the one hand, will make your network less noticeable to others, and on the other hand, reduce the amount of interference for neighboring Wi-Fi.

    10. Update your router firmware

    There is no perfect technology. Craftsmen find new vulnerabilities, manufacturers close them and release “patches” for existing devices. By periodically updating your router's firmware, you reduce the likelihood that an attacker will take advantage of flaws in older versions of the software to bypass security and gain access to your router and network.

    11. Block remote access to the router

    Even if you protect your wireless network and login with passwords, attackers can still access your router via the Internet. To protect your device from such external interference, find the function in the settings remote access and turn it off.

    12. Firewall

    Some routers have a built-in firewall - a means of protecting against various network attacks. Look in your router's security settings for a feature with a name like Firewall, Firewall, or Firewall» and turn it on if it is present. If you see additional options firewall, read in official instructions how to set them up.

    13.VPN

    They create something like an encrypted tunnel for secure data transfer between the device and the server. This technology reduces the likelihood of identity theft and makes it more difficult to find the user's location.

    To use a VPN, you need to install a special client program on your gadget. Such software exists for mobile devices and computers. But some routers can also be connected to VPN services. This function allows you to protect all gadgets on a local Wi-Fi network at once, even if they do not have special programs.

    You can find out whether your router supports VPN in the instructions or on the manufacturer’s website. The same applies to the necessary settings.

    Today, wireless networks play an important role in the lives of users. If 10 years ago it was considered common to carry an Internet cable behind a laptop, today every phone connects to the Internet via wi-fi. Computers, laptops, netbooks, tablets, smartphones, printers - all this equipment can be connected to the network and interconnected simply over the air. And naturally, not only you, but also those around you have such equipment. Therefore, it is extremely important to be able to protect your wireless network.

    1. Protection of the Wi-Fi network itself.

    You must select a reliable security type and install a difficult-to-guess security key. We recommend choosing WPA2-PSK and a security key of 8-10 characters.

    Often it is also a good idea to hide the wi-fi network. To do this, check the box Enable hidden Wireless(see picture above)

    In some cases, it makes sense to adjust the transmitter power so that the access point covers your apartment, but does not reach your neighbors.

    2. Protect your access point (or router)

    On D-Link example DIR-300:

    Go to the section MAINTENANCE, select subsection Device Administration, in setting Admin Password Enter the new password twice:

    And in the setting Administration uncheck the box Enable Remote Management which will make it impossible to log into the device’s web interface from the Internet.

    After all the settings have been completed, you can already use the Wi-Fi network at home. But to achieve maximum security such Internet connection (excluding login outside users to the Wi Fi network) you need to make additional settings your router.

    Filtering by Mac addresses

    The first way to protect your network is filtering by mac addresses. Every device has a Mac address, and it is different for each device. For example, for a computer, its Mac address can be found here: Start ⇒ Control Panel ⇒ Internet Network ⇒ Network and Sharing Center ⇒ Change adapter settings and we find wireless connection, which you created for the router.

    Double-click on the icon for this connection and in the window that opens, click on “details”. And there you will see the entry “physical address”, this is the mac address.

    It is this address that needs to be entered into the router to configure security. To do this, go to the admin part of the router, select the “wireless network” section. And in this section you are looking for the item "MAC Address Filter".

    Here enter your Mac address and select the “accept” filtering mode.

    This way you can add the addresses of everyone computer devices that you think should be able to access your Wi-Fi network. After that, click “apply” and wait for the router to reboot with the new parameters.

    Hiding the network name

    Each Wi-Fi device can see which networks are currently available on that access point. So that no one sees your network, you need to hide its name (SSID) and it will not be visible in the list available networks, but you will remember this name so you can always connect to this network.

    In the Wireless Networks section of the General tab, you can make changes to your SSID. There is an item “hide SSID”, select “Yes” and click apply to save the settings.

    After this, the settings page may become inaccessible. To return to the settings, you need to connect to the Wi-Fi network with new security settings.

    Your network will now be listed as “other networks” on Wi-Fi devices. You select this particular network when you want to connect to Wi-Fi, and you will be prompted to enter the network name because you have hidden it in the router settings. This name is known only to you and to whom you told it, so you enter the network name. Next, you will need to enter the security key (password), which you also specified in the router settings.

    After this, the computer connects to Wi-Fi and you need to refresh the settings page in your browser to log in again.

    Setting up a firewall

    By selecting the “Firewall” menu item, you will be taken to the configuration window for this firewall. This is where you turn it on first. In another way, it is also called Firewall and serves to protect against unwanted connections to the Internet. After that, click apply.

    Opening hours

    Also in the settings, for greater security, you can configure the allowed operating time of the router. This can be done if you know for sure that at some time you will not go online. For example, you will be at work or sleeping, etc. This can be done in the section " Wireless network" in the "professional" tab. There you can select work days and times.

    Filtering by IP addresses

    By default, the router settings are set to automatically distribute IP addresses to everyone who will connect to Wi-Fi networks. To configure allowing only certain IP addresses to work, you need to go to the “LAN” section. There you select the “DHCP server” item.

    If the DHCP server is enabled, this means that the router automatically distributes IP addresses. To do this, the range of possible IP addresses is also indicated. Using this range (by the difference in the last of the four groups of digits in the IP address) you can find out how many devices can be connected. For example, if the start address ends with "2" and the end address ends with "254", then 253 devices can be connected simultaneously.

    To enable filtering by IP addresses, you need to disable the DNS server, which will mean that there is no automatic distribution of IP addresses to connected devices. After this, you need to manually assign IP addresses to each device. You need to enter from each device MAC address and assign it your IP address of the form “192.168.1.*” and instead of the “*” sign, any number from 1 to 254. After each entry of a new device, click “add”.

    After you add all your devices this way, you need to enter its IP address in the settings for each device.

    Enter the IP address assigned to the router, the standard subnet mask is “255.255.255.0”, and the default gateway is the IP address of the router. To view it, go to the “Network Map” section in the router settings window.

    When all the data has been entered in the device settings, click “OK”.

    In the “LAN” section of the router, also click “apply” and it will reboot with new settings for filtering IP addresses. With these settings, each device will have only one IP address. Then no other device will connect until you assign it an IP address in the router settings or until you turn it on again DNS service servers for automatic distribution of addresses. But then in each device you need to return the settings to automatically receive your address.

    Setting up your computer

    The remaining Wi-Fi network security settings concern the computer. Find, as before, in the settings the item “Wireless network connection» and double-click on it. In the window that opens, select “Wireless Network Properties”.

    There will be three settings:

    1. Connect automatically if the network is within range
    2. Connect to a more suitable network, if available
    3. Connect even if the network does not broadcast its name (SSID)

    For greater security, it is better to uncheck all the boxes and then to connect to Wi-Fi you need to enter the network name that only you know every time. Then no one without you can connect to the network from this computer. But you can leave the first item checked if you do not want to enter data every time. But never leave the second item checked, because then it is possible to connect to someone else’s network if it is not protected in any way. And you can get viruses from someone else’s computer.

    Conclusion

    All security settings are optional and everyone applies them at their own discretion. The main thing is that Wi-Fi works, and often setting up a login and password is sufficient. In devices with Wi-Fi, you can see several networks, there will be especially many of them in apartment buildings, but you are connecting to your own, the name of which you specified in the router settings. In order to connect or disconnect from a network, you just need to click on its name in the list of networks. This list is available at the bottom right of the desktop (next to the clock) of the computer under this icon.

    Read more: