Problems With Consumer Routers
Routers are the essential but unheralded workhorses of modern computer networking. Yet few home users realize routers are in fact full-fledged computers, with their own operating systems, software and vulnerabilities.
“A compromised router can spy on you,” Horowitz said, explaining that a router under an attacker’s control can stage a man-in-the-middle attack, alter unencrypted data or send the user to “evil twin” websites masquerading as often-used webmail or online-banking portals.
Many consumer-grade home-gateway devices fail to notify users if and when firmware updates become available, even though those updates are essential to patch security holes, Horowitz noted. Some other devices will not accept passwords longer than 16 characters the minimum length for password safety today.
Encryption Seeds And Pmk
WPA2-Personal PSK combines a passphrase and an SSID to generate encryption keys. The generated key a Pairwise Master key is used to encrypt data using TKIP/CCMP. The PMK is based on a known value , so anyone with that value could capture the key and potentially use brute force to decrypt traffic.
A few words on seeds and SSIDs.
- SSIDs All the network names that appear in your devices list of wi-fi hotspots are SSIDs. Network analyzing software can scan for SSIDs, even those supposedly hidden. According to Microsofts Steve Riley, An SSID is a network name, not I repeat, not a password. A wireless network has an SSID to distinguish it from other wireless networks in the vicinity. The SSID was never designed to be hidden, and therefore wont provide your network with any kind of protection if you try to hide it. Its a violation of the 802.11 specification to keep your SSID hidden the 802.11i specification amendment even states that a computer can refuse to communicate with an access point that doesnt broadcast its SSID.
- Seeds The SSID and SSID length are manipulated before being roped into becoming part of the generated PMK. The SSID and SSID length are used as seeds, which initialize a pseudorandom number generator used to salt the passphrase, creating a hashed key. That means passwords are hashed differently on networks with different SSIDs, even if they share the same password.
What To Do If Your Security Type Is Wpa2
WPA2 is also a secure protocol, so you don’t need to worry about updating your hardware. However, if you’re interested in staying up-to-date, it’s worth looking at the current generation of routers with WPA3 compatibility. If you liked the sound of the features we listed under the WPA3 protocol, you should consider upgrading to a router that supports it.
Recommended Reading: Blink Sync Module 2 Reset Button
What Kind Of Wifi Protected Access Should You Use To Secure Your Enterprise
When examining WiFi security, the first layer of defense is the method being used to authenticate to the network. The most widely used methods of authentication are Open authentication, WPA2-PSK and WPA2-Enterprise . Below, we examine these different options for WiFi protected access.
Other authentication methods such as WEP and WPA-PSK are used as well, but they are relatively easy to hack, and therefore are not really worth mentioning, besides making a general note here to utterly avoid them.
Wifi Security: Differences Between Wep Wpa Wpa2 And Wpa3
The wireless network technology has undergone quite a number of significant changes and upgrades since its inception in the 1990s. Thanks to these changes, wireless technology has become much more advanced, reliable, and most importantly, secure.
Speaking of security, its impressive how the wireless security protocols that help secure wireless networks have advanced as well. As the use of wireless networks becomes widespread, so does the security risks that come with this newfound popularity.
Given the numerous loopholes often posed by wireless networks, using a highly secure wireless security protocol for your device/s is a good way to ensure maximum protection from cyber attacks.
Not only do wireless security protocols prevent malicious attackers from accessing your wireless network, but they also encrypt all the data you send and receive while connected to the internet.
When it comes to protecting your wifi network, using a strong and unique password is only half the way to completely securing your network and your device. Selecting the right level of encryption is just as important.
In this article, we help you better understand the major differences between the 4 main wireless security protocols namely-WEP, WPA, WPA2, and WP3.
Read Also: Southwest Airtime Player App
Change Your Router Administrator Login
To set up your wireless router, you usually need to access an online platform or site, where you can make several changes to your network settings. You can usually access this by entering your routers IP address into your web browser.
If you have a new router, you can find its IP address listed on the manufacturers website or in the product manual you were provided with upon purchase. However, if your device is rather old, you can still discover its IP by following this handy guide.
These basic steps will teach you how to easily connect to your home network as an admin. Usually, the address bar type looks like http://192.168.1.1 or http://192.168.0.1.
Most Wi-fi routers come with default credentials such as admin and password which are easy for malicious hackers to break into. Therefore, you need to access the routers settings and change them to unique credentials that cannot be guessed so easily.
My recommendation is to create a username that isnt personal to you in any way and pair it with a strong password that contains both uppercase and lowercase letters, as well as alphanumeric characters.
Setting Up A Guest Network
You may not want all of your visitors putting who-knows-what on your network along with your devices, but fortunately, DD-WRT makes it possible to set up a second guest network, even on very inexpensive routers.
Go back to the Wireless tab, then to Basic Settings. Under the heading Virtual Interfaces, click Add. You can now provide the name of a second SSID. Click the Advanced checkbox, then click the AP Isolation option to give your guests better security from one anothers devices. Then click the Wireless Security tab and set up security settings for your guest network. Once again, use WPA-Personal and AES and a long password, though you may opt not to make it quite as obnoxious as your regular one.
If you have very old devices that can only do WPA or WEP, such as some Nintendo handheld games, and plugging them into a wired jack isnt an option, your best bet is to create a separate guest network for them with the reduced security settings. Set the Max Associated Clients as low as you possibly canhopefully 1. Turn on MAC address filtering, which really doesnt provide much extra security, but with WPA and WEP you need all you can get. Click the MAC Filter tab, then click the button labeled Use Filter, select Permit only clients listed to access the wireless network, and enter the MAC address of your old device. Its still not very safe, but at least you can limit what an uninvited guest can get to.
Heres more on guest networks if youre interested.
Read Also: Delta Flight Wifi
Can Wpa2 Psk Be Hacked
You can read more about that in my beginners guide to hacking Wi-Fi. As a replacement, most wireless access points now use Wi-Fi Protected Access II with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, thats very difficult to crackbut not impossible.
Limitations Of Wifi Range Extenders
WiFi range extenders are tremendously useful devices that can instantly extend the reach of a weak WiFi network and eliminate places of signal weakness. However, they do have certain limitations, and you should keep them in mind when researching which WiFi extender is the best and deciding whether a new WiFi router wouldnt be a better solution:
- WiFi range extenders create a separate network, which means that your devices must switch from your main network to the extended network as you move around your house. Some devices can transition between WiFi networks relatively smoothly, while others take a long time. Broadcasting one more WiFi network can also create issues with signal interference, especially in the 2.4 GHz band, which offers only three non-overlapping channels.
- Limited bandwidth: Because of how WiFi range extenders operate, they effectively reduce the available bandwidth in half for any device connected to them. If network performance is critically important to you, it might be a good idea to research other solutions, such as mesh networks.
- Another device to configure: When you buy a WiFi range extender to increase the reach of your existing network, you need to configure it separately from your router. From time to time, you should also check if there is an update available for your extender to keep it secure and in the best possible working condition.
Don’t Miss: How To Change Roku Wifi Without Remote
My Wireless Password Story
I create 63-character wireless passwords for myself. Thats the longest it allows. The problem with those passwords is remembering and typing them. When I set up a router for my mother in law, I put a long password on it too. Then one time I came over to visit and I couldnt get on her wifi.
I investigated, and found my now-former brother-in-law had reset the router to the factory defaults, including the default password. So I recommend making sure the password is something thats not too hard to type, especially on a mobile device. When I told my mentor this story, he lectured me about how its possible to have too much security. Hes right. Security is like a law. If people wont follow it, you end up worse off. A speed limit of 25 miles per hour on the interstate is, in effect, no speed limit at all. And no security is much worse than weak security.
Why Is Wpa2 Better Than Wpa
In 2006, WPA became a deprecated protocol, and WPA2 replaced it.
The notable drop of TKIP encryption in favor of the newer and more secure AES encryption led to faster and more secure Wi-Fi networks. AES encryption is much stronger in comparison to the stopgap alternative that was TKIP.
Put simply, WPA-TKIP was merely an interim choice while they worked out a better solution in the three years between the release of WPA-TKIP and WPA2-AES.
AES, you see, is a real encryption algorithm, and not the type used solely for Wi-Fi networks. It’s a serious worldwide standard that has been used by government and many others to protect data from prying eyes. That the same standard is used to protect your home network is a real bonus, but one that required an update in router hardware.
Read Also: How Much Does Wifi Cost On Delta
Configure Ssid Security Settings
When you add an SSID, you can configure security settings that control how wireless clients must connect to your APs. By default, the wireless security mode is set to WPA2 only to encrypt the transmissions on the wireless LAN between the computers and the APs, and to prevent unauthorized access to the AP. To protect privacy, you can use other LAN security mechanisms such as password protection, VPN tunnels, and user authentication.
Types Of Wifi Encryption Protocols
Think of wifi encryption protocols like a foreign language that only you and those on your network can understand. Anything that you do online gets translated to this language, making it virtually unreadable by outsiders. There are three types of wifi encryption protocols: Wired Equivalent Privacy , Wi-Fi Protected Access , and Wi-Fi Protected Access Version 2 . These encryptions have one thing in common protecting the data on your network but the main difference lies in how well they do so. Think of these as good, better, and best.
You May Like: What Is The Difference Between Broadband And Wi Fi
Select The Best Encryption
Criminals love unsecured home Wi-Fi networks. Securing your Wi-Fi network can also shield you from unwelcome connections that may be using your network for illegal activities.
This is why it’s important to protect your Wi-Fi network with strong encryption. If you are required to enter a password to connect to your Wi-Fi, you already have some encryption enabled on your router.
There are different types of Wi-Fi encryption, and you have to make sure that it’s the most secure one you can employ.
Stop your smartphone from tracking you:Keep it from sharing data and sending ads, too
The most widely-used Wi-Fi security protocol right now is still Wi-Fi Protected Access 2 encryption. However, this standard is over a decade old, and it is already susceptible to serious security vulnerabilities like 2017’s KRACK attack.
If you’re shopping for a new router, look for one that supports the newest security standard called WPA3. These models have just started rolling out. Every router has a different menu layout, but you should be able to find encryption under the “Wireless” or “Security” menu. You’ll have a number of encryption options: if you still have an older router, you want to select one that starts with “WPA2.” If your router is not WPA3 compatible, then “WPA2-PSK AES” is your best option right now.
However, if you have older Wi-Fi gadgets, you might have to select the hybrid option “WPA2-PSK AES + WPA-PSK TKIP” to get them working.
Change The Default Wi
If you want better wireless network security, the first thing you should do is to change the name of your Wi-Fi network, also known as the SSID . While giving your Wi-Fi a somewhat provocative name such as Cant hack this may backfire at times, other names such as this is not a Wi-Fi or too fly for a Wi-Fi are perfectly acceptable.
Changing your Wi-Fis default name makes it harder for malicious attackers to know what type of router you have. If a cybercriminal knows the manufacturer name of your router, they will know what vulnerabilities that model has and then try to exploit them. We strongly advise not to call your home network something like Johns Wi-Fi.
You dont want them to know at first glance which wireless network is yours when there are probably three or four other neighboring Wi-Fis. Also, remember that disclosing too much personal information on a wireless network name may expose you to an identity theft operation. Heres a step-by-step and simple guide that explains how you can easily change the name of your wireless network.
Read Also: Does Dunkin Donuts Have Free Wifi
Wifi Protected Access: Wpa / Wpa2 / Wpa3
WPA stands for WiFi Protected Access. This authentication method uses different encryption algorithms to encrypt the transport. Therefore, this type of network cannot be forged easily, unlike open networks, and users get privacy. Today, WPA2 is probably the most commonly used method to secure WiFi networks.
Sadly, WPA and WPA2 protocols have been hacked and are considered to be less secure. Performing a WPA2 hack requires a lot of time and is somewhat theoretical. Slowly, we are noticing a move to the WPA3 method, but for that to happen, different infrastructure is needed to support that protocol.