Take Control of Your Home Network with Ease

What is WiFi Security??

A wireless network is an unbounded data communication system that uses radio frequency technology to communicate with devices and obtain data.

They are easy to maintain and are inexpensive, when compared to wired networks.

A wireless network can be easily compromised if adequate security measures are not used.

Using a high security mechanism for a wireless netw o rk may be expensive. Hence, we should first determine the critical sources, risks, or vulnerabilities associated with it and then check whether the current security mechanism is able to protect the wireless network against all possible attacks. If not, then upgrade to the security mechanism.

Wi-Fi Authentication modes:

There are two major authentication mechanisms supported by 802.11 standards:

1. Open System Authentication :

· Also called null authentication algorithm

· It consists of 2 steps for authentication:

o The client sends a message to the Access Point containing the authentication information ( identity of the sending station)

o The AP then returns an authentication frame to confirm access to the requested station, and thus complete the authentication process.

2. Shared-Key Authentication:

· It consists of four steps:

o The client will send a request to the AP, to establish a connection with it

o The AP responds with an authentication challenge

o The host then encrypts the authentication challengesent by the AP using a 64-bit or 128-bit key

o The AP decrypts the authentication challenge. If it matches with the original challenge, the host is given access to the wireless network and send a success message back to the host. Else it will send a failure message.

Wi-Fi Standards:

· WEP Stands for Wireless Equivalent Privacy

· It is an encryption algorithm in IEEE 802.11 -1999 Standard

· for confidentiality: stream cipher RC4 is used

· for integrity: CRC32 is used

· WEP is no longer used due to the following vulnerabilities:

o There is no proper key management system.

The administrator has to manually change the key every time.

Use of static encryption keys.

o Vulnerable to :

Replay attacks

Dictionary attacks

DOS Attacks

Known Plain Text Attacks

o The size of the IV used is only 24 bits which is very small. In case large traffic , the IV can be repeated and the key can be captured very easily

o There is no assurance of packet integrity- data can be modified easily.

· WPA stands for WI-FI Protected access.

· It was defined by 802.11i

· WPA is considered secure than WEP because messages are passed through a Message Integrity Check (MIC) that ensures integrity of the message using the Temporal Key Integrity Protocol (TKIP) that is of 128 –bit and hence provides stronger encryption and authentication.

· Stands for Wi-Fi Protected Access 2

· It had replaced WPA in 2006

· WPA2 uses NIST FIPS 140–2-compliant AES encryption which is a very strong encryption method.

· It alsousesCCMP-Cipher block chaining message authentication code protocol

· WPA2 is the most secure wireless standard known till now as it provides:

o Stronger data protection

o Network access control

· It operates in two modes:

o WPA2 Personal-

In this PSK (Pre-Shared Key) is used to protect from unauthorized network access.

The encryption keys keep on changing constantly

o WPA2 Enterprise-

Here centralized client method authentication is used such as EAP and RADIUS.

Users must first provide the login credentials provided by the centralized server to login to the network

Multiple authentication methods can be used such as :

· Rouge Access Points-

o Using sniffing tools, the attacker can capture a MAC address, SSID, vendor name and security configurations of an access point

o This information can be used for connecting the client to a fake access point.

o The attacker can then obtain all the traffic coming from the client.

· Misconfigured access Point-

o An Access point is misconfigured if it has the following weak points:

SSID Broadcast- this can lead to dictionary and brute force attack

Weak Password-using the default password and not changing it frequently can compromise an AP

Configuration Error- the configuration error may be errors made during installation, no security changes implemented uniformly across an architecture which can lead to a hacker stealing the SSID.

· AP MAC Spoofing:

o When probe requests are transmitted by an AP, then it leads to disclosure of some sensitive information one of which is MAC Address.

o An attacker can spoof the MAC Address and this will ultimately force the client to connect to a rouge AP.

· Denial of Service Attacks:

o By broadcasting de-authentication commands, an attacker can force the client to disconnect from the network that can lead to DoS attack.

· KRACK (Key Reinstallation Attack)

o This attack exploits the behaviour of the 4-way handshake in the wireless networks.

o In this, the attacker captures the ANonce key that is already in used and he can then replay the 4-way handshake process again to authenticate the AP.

Countermeasures against Wireless Threats:

· Use WPA/WPA2 Encryption standard and avoid WEP security.

· Update all the Wi-Fi devices and the routers with latest security patches

· Enable HTTPs everywhere authentication

· Use two factor authentication

· Do not connect to wifi that are found in public places such as airports, coffee shops, railway stations etc.

· Disable SSID broadcast

· Disable remote router login

· Enable MAC address filtering to avoid any unauthorized user to connect to the wifi device.

If you liked the story and want to appreciate us you can clap as much as you can. Appreciate our work by your constructive comment and also you can connect to us on….


What is wifi security types

Home Network Security is much more than setting a password for your home WiFi. Your family members watch their favorite shows on your smart TV, purchase various goods online, enjoy games via the game console, and/or work from home. All kinds of vital data — identities, passwords, addresses, private photos, etc., are constantly connected to the internet through your home network.

While you may have heard of concepts like “Phishing” and “Malware” that hackers and viruses use to disguise themselves to access your home network in order to steal private information—or ruin your data—do you really know what it is and how to stop it? Home network security is the fundamental basis for protecting your family from dangers posed by those with malicious intentions. Here, we hope to provide a basic understanding of home network security and how to improve it.

How Do I Secure My Home Network?

How to Secure Your Router

Typically, the home network starts from a router and several connected devices. The router governs the data transmission between the home network and the internet. Your wireless router might be an obscure gadget compared to your beloved game console, smart TV, phone, or tablet, but it’s the most vital defender against malicious external attacks. There are several changes you could make if you want your router to be harder to breach for hackers or malware:

Set a unique password for both your WiFi and router admin account.

Do not leave your router running with the default WiFi and administrator passwords. Hackers constantly try to break into devices using these publicly known credentials. It’s also a good habit to change the password on a regular basis.

Keep the Firmware up to date.

Serving as the essential control code embedded into a network device, the firmware in a router sets the basic security standard for your home network, determining what devices can and cannot connect. Security patches and bug fixes will be inserted into the latest firmware to repair the recently exposed network vulnerabilities. A router with automatic updates is the best option, but you’ll need to make sure you’ve enabled them.

Create a Guest Network.

Pretty much anyone will occasionally have visitors, and it’s weird to reject if they ask for WiFi access, but who knows who or what might get into your network with them? The best solution for this problem is to set up a guest network, presuming your WiFi router supports the function. A guest network is fairly isolated from the home LAN network, visitors get internet access without the potential to get into your private data. You may even want to take things a step further by hiding your home WiFi’s SSID, only connecting trusted devices to your home network, and periodically checking for new connected devices to ward off invaders.

Читайте также:  Установка сети и Wi Fi на Dreambox 800

Disable WPS and UPnP functions.

Some WiFi routers have the pair button or WPS button to make connecting easier as you won’t have to enter the password to add new devices to your network. However, while it’s convenient, it can also be exploited to get access to your home network.

Similarly, UPnP (Universal Plug and Play) is designed to make it easier for devices like routers and smart TVs to connect without complex configuration. But some malware programs target UPnP to get access to your home network.

If network security is a major concern for you, it’s safer to turn off these shortcuts.

How to Pick a Secure Router

Choose a router with WPA3.

There is already plenty of work done to improve your home network security. Currently, nearly all home routers use WiFi Protected Access technologies (WPA-PSK/WPA2-PSK) for WiFi encryption to keep your passwords safe when you use them on the internet. WPA3 is the latest WiFi security protocol introduced by WiFi Alliance, and it provides more secure password encryption and enhanced protection against brute force attacks. If your home router doesn’t support WPA3, the previous WPA2-AES standard is still reasonably robust. However, you really should consider replacing your router if it only supports the outdated WEP (Wired Equivalent Privacy) protocol.

Pick a router with security controls and antivirus.

It's a relief that today's manufacturers take security seriously and many models feature built-in security services and antivirus functions. These services help prevent network intrusions, enhance your data security and privacy, and remedy the vulnerabilities in your home network. You could save yourself the hassle of remembering and implementing the previous tips by just picking a secure router. There are also plenty of add-on safe box products to choose from if you don’t want to replace your router.

Use a router with app management.

Router manufacturers are developing more sophisticated apps for home network management instead and moving away from troublesome web browser interfaces in the past few years. A dedicated router app with security functions continuously monitors your network security and keeps you aware of things to pay attention to by sending notifications to your phone or tablet any time there is an incident. This makes it easy to keep tabs on who’s accessing your devices and lets you manage network access via your phone.

How to Keep the Internet Safe for Your Family

It's worthwhile to help your family develop good digital habits to help them avoid potential networking threats. There are numerous parental control functions to create individual profiles for your family members that allow you to limit what they can and can’t do on their devices as well as manage how much time they spend online. It’s an easy way to keep them away from dubious sites and a practical way to help them develop disciplined internet use according to their age.

Set Online Duration for Your Kids.

Children are spending more and more time online with every aspect of their lives becoming connected and tied to a screen. This leads them to be less active which in turn increases the risk of obesity and internet addiction. It’s a good idea to help them develop healthy habits by managing their daily time online and creating schedules or curfews for when your kids are on their devices.

Block Unhealthy Content for Your Family.

A fully equipped home router with parental controls can block unhealthy and malicious content according to the manufacturer’s professional filter library. You are also empowered to restrict your children’s access to URLs with certain keywords or apps with age ratings.

Guard Your IoT Devices.

Smart home cameras can provide more peace of mind when you’re away from home, but you don’t want strangers accessing your devices and spying on your family. Generally, IoT devices will reveal multiple vulnerabilities when confronted with external intrusions. Therefore, it’s important to provide your IoT devices with extra protection. A high-end router with IoT device protection service may not be low-cost, but it’s a worthwhile investment if you’re after the convenience of a smart life without compromising your home network security.

Take Control of Your Home Network with Ease

We’ve given you a few tips on how to ensure your home network security—most of them involving routers with advanced features. It would be remiss of us to not give some recommendations so you know where to start looking. With that in mind, we would encourage you to consider our Deco line mesh WiFi products.

TP-Link Deco products offer an excellent solution for easily taking control of your home network security. Not only will a mesh WiFi solution provide corner-to-corner whole home WiFi coverage with a single SSID, but it is also equipped with the advanced security features we mentioned previously.

TP-Link has developed the HomeCare™ service to give Decos the most comprehensive security of any whole home WiFi system currently available, so every device on your network is automatically protected from security threats.

HomeCare™ also includes powerful parental controls that are easy to use right from the Deco app, making it remarkably easy to schedule online time for your family as well as build a healthy internet environment through its advanced content filter.

The Deco series* supports the latest WPA3 protocol and provides hands-off WiFi that automatically updates to the latest security features and functionality.

Setup takes mere minutes with the Deco app, and you’ll be notified immediately of any security concerns.

* Please visit WPA3 Compatibility to check for the compatible models.

Common Questions

Q: How do I find out what security protocol my router uses?

A: You can check your router’s security protocol through the router’s web administrator interface or management app and find the wireless security options in the network security section. It’s also wise to check the wireless security specifications on the manufacturer’s website before you purchase a new router.

Q: Does all Deco products support HomeCare™?

A: At present, the following models support HomeCare™:
Deco X60, Deco X20, Deco M9 Plus, Deco P7, and Deco M5. As all Deco series works together to create a whole home mesh WiFi, you can buy one of these models as the main router to provide whole home network protection.

Q: How does Deco protect my IoT/smart home devices?

A: TP-Link HomeCare™ identifies intrusions, blocks potential threats, and fixes vulnerabilities in your network. Infected devices are automatically quarantined, keeping your personal information safe and preventing the spread of viruses to other devices.

Q: How do I update firmware for Deco?

A: You can choose the automatic update option in the Deco app or visit TP-Link Support to download the latest firmware and update your Deco manually.


Тип Шифрования WiFi — Какой Выбрать, WEP или WPA2-PSK Personal-Enterprise Для Защиты Безопасности Сети?

Сегодня мы чуть глубже копнем тему защиты беспроводного соединения. Разберемся, что такое тип шифрования WiFi — его еще называют «аутентификацией» — и какой лучше выбрать. Наверняка при настройке роутера вам попадались на глаза такие аббревиатуры, как WEP, WPA, WPA2, WPA2/PSK, WPA3-PSK. А также их некоторые разновидности — Personal или Enterprice и TKIP или AES. Что ж, давайте более подробно изучим их все и разберемся, какой тип шифрования выбрать для обеспечения максимальной безопасности WiFi сети без потери скорости.

Читайте также:  Option 4 Get Wi Fi Password on iPhone iPad

Для чего нужно шифровать WiFi?

Отмечу, что защищать свой WiFi паролем нужно обязательно, не важно, какой тип шифрования вы при этом выберете. Даже самая простая аутентификация позволит избежать в будущем довольно серьезных проблем.

Почему я так говорю? Тут даже дело не в том, что подключение множества левых клиентов будет тормозить вашу сеть — это только цветочки. Главная причина в том, что если ваша сеть незапаролена, то к ней может присосаться злоумышленник, который из-под вашего роутера будет производить противоправные действия, а потом за его действия придется отвечать вам, так что отнеситесь к защите wifi со всей серьезностью.

Шифрование WiFi данных и типы аутентификации

Итак, в необходимости шифрования сети wifi мы убедились, теперь посмотрим, какие бывают типы:

  • WEP
  • WPA
  • WPA2
  • WPA3

Что такое WEP защита wifi?

WEP (Wired Equivalent Privacy) — это самый первый появившийся стандарт, который по надежности уже не отвечает современным требованиям. Все программы, настроенные на взлом сети wifi методом перебора символов, направлены в большей степени именно на подбор WEP-ключа шифрования.

Что такое ключ WPA или пароль?

WPA (Wi-Fi Protected Access) — более современный стандарт аутентификации, который позволяет достаточно надежно оградить локальную сеть и интернет от нелегального проникновения.

Что такое WPA2-PSK — Personal или Enterprise?

шифрование- wifi

У стандартов защиты WiFi WPA2 и WPA есть еще две разновидности:

  • Personal, обозначается как WPA/PSK или WPA2/PSK. Этот вид самый широко используемый и оптимальный для применения в большинстве случаев — и дома, и в офисе. В WPA2/PSK мы задаем пароль из не менее, чем 8 символов, который хранится в памяти того устройства, которые мы подключаем к роутеру.
  • Enterprise — более сложная конфигурация, которая требует включенной функции RADIUS на роутере. Работает она по принципу DHCP сервера, то есть для каждого отдельного подключаемого гаджета назначается отдельный пароль.

тип шифрования wifi

Что такое WPA3-PSK?

Стандарт шифрования WPA3-PSK появился совсем недавно и пришел на смену WPA2. И хоть последний отличается очень высокой степенью надежности, WPA3 вообще не подвержен взлому. Все современные устройства уже имеют поддержку данного типа — роутеры, точки доступа, wifi адаптеры и другие.

Типы шифрования WPA — TKIP или AES?

Итак, мы определились, что оптимальным выбором для обеспечения безопасности сети будет WPA2/PSK (Personal), однако у него есть еще два типа шифрования данных для аутентификации.

  • TKIP — сегодня это уже устаревший тип, однако он все еще широко употребляется, поскольку многие девайсы энное количество лет выпуска поддерживают только его. Не работает с технологией WPA2/PSK и не поддерживает WiFi стандарта 802.11n.
  • AES — последний на данный момент и самый надежный тип шифрования WiFi.

wpa2 psk

Какой выбрать тип шифрования и поставить ключ WPA на WiFi роутере?

С теорией разобрались — переходим к практике. Поскольку стандартами WiFi 802.11 «B» и «G», у которых максимальная скорость до 54 мбит/с, уже давно никто не пользуется — сегодня нормой является 802.11 «N» или «AC», которые поддерживают скорость до 300 мбит/с и выше, то рассматривать вариант использования защиты WPA/PSK с типом шифрования TKIP нет смысла. Поэтому когда вы настраиваете беспроводную сеть, то выставляйте по умолчанию

Либо, на крайний случай, в качестве типа шифрования указывайте «Авто», чтобы предусмотреть все-таки подключение устройств с устаревшим WiFi модулем.

При этом ключ WPA, или попросту говоря, пароль для подключения к сети, должен иметь от 8 до 32 символов, включая английские строчные и заглавные буквы, а также различные спецсимволы.

Защита беспроводного режима на маршрутизаторе TP-Link

На приведенных выше скринах показана панель управления современным роутером TP-Link в новой версии прошивки. Настройка шифрования сети здесь находится в разделе «Дополнительные настройки — Беспроводной режим».

В старой «зеленой» версии интересующие нас конфигурации WiFi сети расположены в меню «Беспроводной режим — Защита». Сделаете все, как на изображении — будет супер!

wpa2 aes

Если заметили, здесь еще есть такой пункт, как «Период обновления группового ключа WPA». Дело в том, что для обеспечения большей защиты реальный цифровой ключ WPA для шифрования подключения динамически меняется. Здесь задается значение в секундах, после которого происходит смена. Я рекомендую не трогать его и оставлять по умолчанию — в разных моделях интервал обновления отличается.

Метод проверки подлинности на роутере ASUS

На маршрутизаторах ASUS все параметры WiFi расположены на одной странице «Беспроводная сеть»

тип шифрования wpa2 asus

Защита сети через руотер Zyxel Keenetic

Аналогично и у Zyxel Keenetic — раздел «Сеть WiFi — Точка доступа»

шифрование zyxel

В роутерах Keenetic без приставки «Zyxel» смена типа шифрования производится в разделе «Домашняя сеть».

шифрование keenetic

Настройка безопасности роутера D-Link

На D-Link ищем раздел «Wi-Fi — Безопасность»

wpa-psk d-link

Что ж, сегодня мы разобрались типами шифрования WiFi и с такими терминами, как WEP, WPA, WPA2-PSK, TKIP и AES и узнали, какой из них лучше выбрать. О других возможностях обеспечения безопасности сети читайте также в одной из прошлых статей, в которых я рассказываю о фильтрации контента на роутере по MAC и IP адресам и других способах защиты.

Видео по настройке типа шифрования на маршрутизаторе


Wi-Fi Security Types


In this article, you’ll learn some of the basics of WiFi security. We’ll also share our recommendation on which type you should choose – eliminating the guesswork and helping you keep your network as secure as possible.

Wireless Security Types

There are several types of wireless security that you’ll come across– here’s a quick rundown on the details.

Wired Equivalent Privacy, aka WEP, is the grandfather of wireless security types, dating back to 1999 (an eternity in the world of technology!). When a client (like a laptop or iPad) connects to a WEP-protected network, the WEP key is added to some data to create an “initialization vector”, or “IV” for short. For example, a 128-bit hexadecimal key is comprised of 26 characters from the keyboard (totaling 104 bits) combined with a 24-bit IV. When a client connects to an AP, it sends a request to authenticate, which is met with a challenge reply from the AP. The client encrypts the challenge with the key, the AP decrypts it, and if the challenge it receives matches the original one it sent, the AP will authenticate the client.

This may sound secure, but there was room in this scheme for an exploit to be discovered. The risk presents itself when a client sends its request to the access point– the portion containing the IV is transmitted wirelessly in clear-text (not encrypted). In addition, the IV is simple compared to the key, and when there are several clients using the same WEP key on a network, IVs have an increased probability of repeating. In a busy environment, a malicious user wishing to gain access to a network utilizing WEP security can passively eavesdrop and quickly collect IVs. When enough IVs have been collected, the key becomes trivial to decrypt.

Clearly, WEP is not the correct choice for securing your network, and in light of this, other types of wireless security were created.

WiFI Protected Access (WPA) was ratified by the WiFi Alliance in 2003 as a response to the insecurities that were discovered in WEP. This new security standard, the Temporal Key Integrity Protocol (TKIP), included several enhancements over WEP, including a new message integrity check nicknamed “Michael.”

While Michael offered a great deal of improvement over the old way of securing networks, there was still some worry about some security issues with using a similar (though much stronger) implementation.

The concerns about Michael led to WPA2’s introduction in 2004. At the center of WPA2 is its use of a security protocol based on Advanced Encryption Standard (AES), the U.S. Government’s preferred choice of encryption. As it stands now, the only people who should still be using TKIP on a wireless network are those who are dealing with hardware that is rated for 802.11g only.

In 2007, a new security method – WiFi Protected Setup (WPS) – began to show up on wireless access points. With this type of security, a user is able to add new devices to their network by simply pushing a button (within administration software or physically on the router) and then typing in an 8-digit PIN number on the client device. The PIN feature acts as a sort of shortcut for entering in a longer WPA (WiFi Protected Access) key. The basic idea behind WPS is that having physical access to the AP to hit a button and reading a sticker would provide a more secure implementation of WiFi authentication. Everything was well and good in the WPS world, until last winter, when a security researcher discovered the Achilles Heel in the implementation. Here’s how it works:

Читайте также:  На что обращать внимание при выборе

The eighth and final digit of the PIN number is a checksum, which is used to make sure the 7 digits that matter don’t get corrupted. From these 7 digits, we can see that there are 10,000,000 possibilities (since each of the 7 digits can be 0-9, with repeats allowed). This is still a pretty huge amount of possibilities, and alone could arguably still be considered quite safe — but there’s a flaw in the checking process. When a PIN is being examined by the AP, the first 4 digits (10,000 possibilities) are checked separately from the last 3 digits (1,000 possibilities). This translates into a malicious user only needing to make at most 11,000 guesses, which a computer can handle in a matter of hours!

As you can see, if you are currently using WPS on an access point, you should disable the feature as soon as possible.

WiFi Security Best-Practices

  • Don’t use WEP, which is easy to crack
  • Don’t use WPA, unless legacy devices on your network require it
  • Don’t use WPS, which can easily be brute-forced
  • Do use WPA2 with a strong passphrase

If WPA2 with WPS disabled ever becomes vulnerable, we’ll be sure and keep you updated on the adjustments you should make to remain secure.


WiFi Security Types for Wireless Network Security

I get a few questions about WiFi security types so I thought that I would take the opportunity to explain some fundamentals. The truth is, wireless communication isn’t very complicated. But wireless security is –and it relies heavily on encryption to help keep the bad guys out. Encryption is not the only method of wireless security. But it is the most important. Without it, your network is exposed to anyone within range of it.

Some people stack their security methods in a way that makes hacking a real chore for the attacker. For example, in addition to using strong WiFi security, you might also setup a MAC filter to prevent unauthorized devices from connecting to your network in the first place. Even that is not bulletproof. It’s simply another hoop that the hacker will have to navigate. But in the long run, strong WiFi security will do the most good.

What are the various WiFi security types?

WiFi security works by encoding wireless communication so that only authorized devices can communicate with the broadcasting device. This encoding process requires three primary things: (1) a way to encode the transmission, (2) a way to decode it and, (3) devices capable of handling the transmission.

The encoding process uses a special algorithm to scramble the data. This is known as ciphertext. An encryption key determines how the ciphertext is encoded.

Different WiFi security types use different security encryption protocols.

WiFi Security Encryption

The length of the key is made up of bits, such as 64-Bit, 128-Bit, 256-Bit. A bit is a single numeric value, either ‘1’ or ‘0’, that encodes a single unit of information. More bits mean more ciphertext and greater complexity.

Is 256 bit encryption better than 128 bit?

The short answer is, yes. It is more difficult to crack (more like impossible to crack). Historically, the higher the encryption, the more resources are needed to decrypt the message. So this begs the answer to an obvious question; Is 256 bit necessary and is 128 bit sufficient?

Well, if it takes 600 years to break the ciphertext of a 128 bit encrypted key, and it takes 100,000 years to break the ciphertext of a 256 bit key, is 256 bit really necessary? Not really. 128-Bit is sufficient. However, given today’s computing power, 256-Bit takes only slightly more resources.

How is the encryption decoded?

In order to decode encryption, the wireless device must know the encryption key, the security type and type of encryption used.

WiFi Security Types

  • WEP – Wireless Equivalent Privacy
  • WPA – Wi-Fi Protected Access
  • WPA2 Personal- Wi-Fi Protected Access II
  • WPA2 Enterprise

WEP was the first wireless network security method used. WEP is no longer safe as it can be easily cracked with minimal effort.

Currently, WPA2 Personal is generally the best network security type for home networks. It uses a 256 bit key and is virtually impossible to crack. One challenge is that older wireless devices do not support WPA2. This may require you to revert back to WPA for maximum compatibility. Basically, if your wireless router is broadcasting with WPA2 security, your wireless client must also use WPA2. It must also use the same method of encryption.

WPA2 Enterprise is more suited for businesses with experienced IT personnel. Here’s why: Unlike WPA2 Personal which uses one passphrase for everyone, with Enterprise mode, each person has his/her own account. In order to facilitate account management, Enterprise mode typically requires a separate server (known as a RADIUS Server). The RADIUS server handles WiFi authentication for each individual person. This makes it much easier to add and revoke WiFi privileges without having to change the password on every wireless device in the company.

What types of encryption is used for wireless network security?

TKIP (Temporal Key Integrity Protocol) utilizes a 64-Bit Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption.

AES offers better encryption and provides more security. TKIP provides good encryption and supports the broadest number of devices with better support for older machines.

WiFi Security Settings

Log into your router, then navigate to: Basic > Network

WiFi security types for wireless network security.

WiFi Security Options

Under ‘Wireless’, Choose the wireless security type, encryption type and enter a shared key.

What else should I know about wireless security?

Not everything is black and white. Some things require trial and error, even for experienced technicians. For example:

If you experience connectivity issues, try removing special characters from your wireless password. Try using only upper case letters, lower case letters, and numbers. For example:

Some encryption methods may not play nicely with other devices. This is particularly true with wireless bridges. For example, a WDS bridge can only work with WPA security. If you’re having difficulty setting up a wireless bridge, try temporarily removing all wireless security to determine whether nor not the problem is related to the actual bridge link, or the security type that you are trying to use.

Whenever possible, try to use AES encryption over TKIP. However, there may be instances such as when attempting to create a bridge using “repeater mode” that may not work well with AES. In such cases, you may have to try using TKIP on both devices.

What else can I do to secure my wireless network?

Once you’ve established some wireless network security, your next best approach to is to reduce the number of WiFi connections allowed. For example, use Wireless MAC address filters, and smaller DHCP address pools (instead of

254, you might use

109). Technically, these strategies are not true “security features” but they do enable the typical home network administrator to control the number of devices that connect without the overhead of running a RADIUS server and managing individual clients.

Other Posts in Home Network Security

Best VPN Routers

Looking for the most secure router for VPN service options? Look no further.


Опубликовано в рубрике WiFi