Security when using Wi-Fi

The central part of any Wi-Fi equipment is the so-called access point or router. And to bring all these products together, Wi-Fi equipment manufacturers provide specialized web pages that allow Wi-Fi users to log on to the Web using their own account and a dedicated, special network address. All this web design is protected by a login screen (username and password), which, in theory, should give access to the Network only to registered users. However, by default, logins are provided by the manufacturers of Wi-Fi equipment themselves, and they are known to hackers on the Internet. All these settings should be changed. In a normally configured network, a harmful hacker will receive a “refusal” because of a lack of knowledge of the WPA password and will not get to user data stored in the PC’s memory or forwarded messages. But this does not preclude the possibility of hacking the device from the internal network, so the idea of changing the password is more than sound.

Encryption security

Be sure to enable WPA / WEP encryption security. All types of Wi-Fi equipment support certain forms of encryption. There are several standards of protection; the user needs to find one that will work most effectively with specific Wi-Fi equipment. Nevertheless, whatever technology you use: WAP or WEP (currently morally obsolete) – all Wi-Fi devices on the Web must support their own user settings. To begin with, it is quite possible to find and set the minimum level of security in the settings of user Wi-Fi equipment. WPA is worth setting up, and WPA2-only (AES encryption) is very desirable. Other options (WEP and WPA with TKIP encryption) are subject to a number of unpleasant vulnerabilities. WEP is generally very easy to crack, and its effectiveness is purely symbolic. Protects only from very lazy.

WEP and WPA with TKIP encryption are subject to a number of unpleasant vulnerabilities.

MAC address filter

Connect the MAC address filter. Each item of Wi-Fi equipment has a special identifier called a physical address, or MAC address. The Wi-Fi equipment router stores the MAC addresses of all those devices that are connected to it. Many such products offer the user that option in the form of a key in the MAC addresses of your equipment, which allows only trusted devices to connect to the Network. The considered feature of protecting user equipment is not so strong and powerful: hackers and their special software easily trick MAC addresses. So this protection only works against novice hacking enthusiasts … Nevertheless, restricting poppy addresses and disabling ssid is ineffective in the sense that it will save only novice users. For more experienced ones, it is not a problem to look at the IP sniffer and set the correct one, similarly to the mac address, etc.

Hackers and their special software easily trick MAC addresses

Service Set Identifier (SSID)

The next step is to change the default SSID. Routers use the SSID (Service Set Identifier) for their work. Manufacturers supply their equipment with the same SSID settings. For example, the SSID for Linksys will often mean “linksys.” When the default SSID is found, the hacker will once again make sure that the user of this Wi-Fi network is a full loser, and his system can and should be attacked immediately. One thing to remember here: when you configure your Wi-Fi network, immediately change the default SSID.

When you configure your Wi-Fi network, immediately change the default SSID

Disable SSID transfer

A router on a Wi-Fi network usually broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for those cases and mobile “hot” ports, when Wi-Fi clients can enter and leave the coverage area of their own network. But at home, this roaming function is completely useless, and this all seriously increases the risk that someone else in your area will be able to use the entire network. This is the situation described above based on practical experience in the Republic of Finland.

It is important to keep in mind that in most Wi-Fi routers there is a feature of disabling this roaming through the admin panel.

Turn off the automatic connection

The next step, turn off the automatic connection, so as not to connect via open Wi-Fi. Why is it important? Connecting via open Wi-Fi hot ports or through a router of a potential neighbor will increase the risk of your own computer. Despite the fact that in the normal state this is not allowed, nevertheless all computers have those settings that allow you to connect to such ports in automatic mode without notifying the user. Therefore, this setting should be disabled.

Static IP

Set static IP on all devices. Most home Wi-Fi lines used dynamic IP addresses. DHCP technology today is the best solution in this regard. However, not everything is so simple: it is this convenience that allows hackers to intercept your signals, which can easily get a static IP from your DHCP channel.
What to do? Disable DHCP on the user router and set a fixed IP instead; but then also do not forget to configure each device device properly. Another thing is that not all Internet service providers allow this. You have to choose … Alternatively, use secret IP addresses (for example, 10.0.0 x) to prevent computers from connecting directly from the Internet.

Firewall

Activate Firewall on each computer and on the router itself. Modern routers already contain built-in Firewall’bi, but there is always an option to disable them. Make sure Firewall is enabled on your router. For a more substantial and additional protection, you should install a personal Firewall on each computer that is directly connected to the router itself.

Turn off

Turn off your line if you are not using it for a long time. And here’s why … Another solution is to turn off your sophisticated equipment when you are not using it at all! This dramatically reduces hacking!

Computer disks do not like a constant cycle: on / off, but for broadband modems and routers all this is not so scary. If you have only one router for the entire line of computers (Ethernet), then it makes sense to disable just a broadband Wi-Fi router instead of disconnecting the entire computer network. This will help protect user computers and information.

Resume

Designing Wi-Fi networks, of course, has its own characteristics. Such cases are frequent when, after disabling SSID broadcast, a smartphone and a tablet cannot connect to it. Although when changing the settings were on the network. To do this, there is a function to connect to a hidden network. Enter your user password and use.