Wifi connections are becoming more and more common, there is no place in any medium-sized city where you can scan with your mobile phone and not find any network within reach, and many of them insecure or with easily decipherable encryption. We already saw a few weeks ago how relatively easy it was to hack any type of wifi, from the already famous WEP, to even WPA/WPA2 thanks to the WPS protocol or default keys, in the best of cases, it takes mere seconds in obtaining a Wifi key.
Since the other day we showed you how to hack your own Wifi, today I feel morally obliged to give you all the tips you need to make your secure Wifi connection. Thanks to the previous article I have been able to learn to distinguish the weak points of our Wifi connections and thus compile them in the following article. The order used is by importance, although it is very relative as it is totally my choice according to my experience, here we go:
1. Use WPA key
There are three types of Wifi keys, WEP, WPA and WPA2The first of these is totally inadvisable because, however complicated it may be, it has been perfectly obtainable for quite some time. The logical thing to do would be to assign WPA2 security, but my recommendation is that normal WPA is sufficient, as they are practically just as difficult to remove, and we also avoid the two problems it brings with it The next version of the new version, the slowdown of the connection and the incompatibility with some older devices, which will not be able to use the network with this type of security.
To do this we will have to enter the configuration of our router through our favourite browser by entering the address of the router, which we can retrieve with the command ipconfig from a window of MS-DOSwhich we will open by writing cmd in the search engine of the Windows Startup. Normally the router addresses are 192.168.0.1 o 192.168.1.1but this may vary depending on the model.
Next we will log in with the access keys (be careful, this is the router access key), it has nothing to do with your Wifi key), which are normally User: admin Pass: admin. To find out the password of your router there are some websites that compile all of them by entering the make and model of your router, I use RouterIPAdress y Phenoelitwhich are very comprehensive.
Once inside, look for the security section and we will see our password, change it and that's it.
Note: Each router has a different interface and menus, but they are all very similar in essence, so we go through the menus to find what we are looking for, being very careful to do not over touch so as not to deconfigure the router and avoid having to reset it.
2. Change the default password
A few years ago they managed to obtain the default key generation algorithm used by router manufacturers to give the key that your router will initially have. There are a multitude of vulnerable brands and models, and each time more are being discoveredSo the best way to be reassured is to change the password that we have at the beginning. This is changed from the same section as in the previous point.
3. Use long passwords with all types of characters.
This is logical, but not everyone needs to know this. How much longer and with more characters The more complicated it will be for hackers to obtain our password by brute force, as these programmes use dictionaries to try out the passwords one by one, and the longer and more characters we have, the more complex the dictionaries must be and the longer it will take. To give you an idea, a 20-character key with uppercase letters, lowercase letters, numbers and symbols would take several years to be deciphered with a computer of standard power, and that is practically impossible if you have the right dictionary.
I leave you a website which automatically generates secure keys according to the parameters you tell it. It is also very important that write down the key in a place where you can have it at hand, I recommend that it is underneath your router, on the sticker of the router, and with a indelible marker so that it does not fry in the heat of the device itself.
Note: As I have already mentioned, this is of no use if our key type is WEP, as it will be just as easy to obtain it, however long and complicated it may be.
4. Disable WPS (Wifi Protected Setup)
The WPS protocol is a system that allows us to quickly and "securely" connect between Wifi devices such as antennas, smartphones and so on. Not long ago it was discovered a vulnerability and it is being exploited to get WPA and WPA2 keys through this, and I have to say that in many occasions it is very very fast to obtain the WPA/WPA2 key of a router using this method.
To deactivate it, go to the security section of your router and look for this option too. If you don't see it, it is very likely that your router does not support this protocol, but to make sure, you can check the methods we have explained in previous articles to find out which ones are compatible. connections with WPS enabled.
5. Use MAC filtering
Every device used to connect to a network and to the Internet has an implicit hardware address called MAC address, which is nothing more than an identifier. unique and unchanging of such a network card. There is a method to stop routers from letting through MACs that are not on a list that we have previously made.
This section is usually located in the Wireless It is very easy to configure if we know the MACs to which we want to allow access, we simply activate it and write the MACs of our devices.
To know the MACs of our Wifi devices (PC, laptop, smatphone, console, etc...), we have to go to the following sections About and we will have them without any problem. In the case of Windows, we can use the same command as in the first point to obtain it, ipconfig at MS-DOS.
Note: This method alone is not reliable to 100% as there are applications for masking our MACsand can be used to change it to a MAC allowed on a router, so as an add-on it's perfect, but don't use it alone.
6. Change the SSID and hide it
The SSID of a network is its name, and it also helps, if you have left the default one, to know the steps to follow with your network in order to get the password. If you have followed all the above steps, you will have no problems as you are using a very secure network, but it never hurts to be cautious for two. In addition to changing the network name, the network name can be hidden and used only by those who know it, as you will need to enter it manually on your devices.
To change this, log back into your router and look for the section WirelessThere you will see the options to change the name of the network and hide it (to hide it you may see the option like boardcast).
7. Turn off the router if you are not going to use it.
There are hackers who use your connection to make simple queries on the Internet and are not continuously connected and downloading, but there are others who use the Internet to make simple queries. your connection as their own. Therefore, if you turn off the router when you are not using it, it is probably too much of a hassle for the hacker to decide to try to hack into and use another neighbour's router, and leave you alone.
On the other hand, if you shut down the router while the hacker is in the middle of an attack, it is highly likely that I have to start from scratchyet another aspect that will put him off.
8. Disable DHCP
The DHCP protocol is responsible for automatically give IP addresses necessary to be able to surf the Internet, if you disable it in your router, you will be forced to manually set a specific compatible IP in order to be able to use the connection from all the devices you want to use. Therefore, if you do not know the range of IPs you can use to connect, it will be impossible to do so.
Note: The range of automatic IPs is given by the gateway (the IP address with which you enter the router configuration), which is typically 192.168.1.1 or similar.
9. Wifi Guard
Keep your network monitoredwith Wifi Guard you can see at all times who is connected to your network and identify at a glance and with a lot of information, if there is someone who does not correspond to your known devices. Wifi Guard provides us with data such as the Assigned IP by our router to the clients (devices which are using the router), the MAC of such a device, the latency (more or less it is the quality of the connection), the PC name (very useful if we know the names of our neighbours and want to know who the intrepid one is), extra information (basically it marks the IP that corresponds to the computer you are using and the IP of the router) and the manufacturer of the device in question.
As we can see, this is a very useful tool that we should not leave too far from our hands, and that will be very helpful if we suspect we have intruders.
10. Lower the Wifi power
Finally we have the most obvious of all in my opinion, if you don't want your neighbour to steal your Wifi, you'd better make sure it does not reach him or that it arrives with a derisory power. I have to say that if the above steps are fulfilled, this point is quite unnecessary, as no matter how hard you try, it will be almost impossible. get your Wifi key and be able to navigate through your Internet.
This option is normally marked as Wifi poweror as Power Tx in the general menu of WirelessIf your router gives you the possibility, of course, it is very easy to find it.
And you, do you already use a completely secure Internet connection, which methods do you like best?
More information - Hacking Wifi to get your own key (part 1)
Download - Wifi Guard