• home
  •  > 
  • Games
  •  > 
  • The type of wireless security and encryption. Which to choose? WiFi Security

The type of wireless security and encryption. Which to choose? WiFi Security

WEP (Wired Equivalent Privacy) - Security equivalent to secrecy) is a characteristic of the 802.11 standard that is used to ensure the security of data transmission. Data encryption was carried out using the RC4 algorithm on a key with a static component of 40 to 104 bits and with an additional random dynamic component (initialization vector) of 24 bits in size; As a result, data was encrypted using a key ranging in size from 64 to 128 bits. WEP does not have the task of completely hiding the transmitted information; it only needs to make it unreadable.

This technology was developed specifically to encrypt the flow of transmitted data within a local network. It uses the not very strong RC4 algorithm on a static key. Part of the WEP key is static (40 bits in the case of 64-bit encryption), and the other part (24 bits) is dynamic (initialization vector), that is, changing during network operation. Main vulnerability WEP protocol is that the initialization vectors are repeated after a certain period of time, and the attacker only needs to collect these repetitions and calculate the static part of the key from them. To increase the level of security, you can use the 802.1x or VPN standard in addition to WEP encryption.

To enhance security, the so-called Initialization Vector (IV) is used, which is designed to randomize an additional part of the key, which provides different variations of the cipher for different data packets. This vector is 24-bit. Thus, as a result, we get general encryption with a bit depth of 64 (40+24) to 128 (104+24) bits. The idea is very sound, since when encrypting we operate with both constant and randomly selected characters.

It is possible to hack such protection - the corresponding utilities are available on the Internet (for example, AirSnort, WEPcrack). Its main weak point is precisely the initialization vector. Since we are talking about 24 bits, this implies about 16 million combinations (2 to the 24th power) - after using this number, the key begins to repeat itself. A hacker needs to find these repeats (15 minutes to an hour for a 40-bit key) and crack the rest of the key in seconds. After this, he can log into the network as a regular registered user.

Wep security protocol

Also in 1997, when the 802.11 base standard was ratified, the IEEE approved the Wired Equivalent Privacy (WEP) mechanism, which uses encryption as a means of providing wireless security. wired networks. WEP operates at Layer 2 of the OSI model and uses a 40-bit key for encryption, which is clearly not enough.

Back in October 2000, a document was published IEEE 802.11-00/362 called "Unsafe at any key size; An analysis of the WEP encapsulation" by Jesse R. Walker, which describes the problems with the WEP algorithm and the attacks that can be launched using its vulnerabilities. This problem was developed in two papers published a month apart: "Intercepting Mobile Communications: The Insecurity of 802.11" from the University of Berkeley, presented at the 7th Annual Conference on Mobile Computing and Networking in July 2001, and "Weaknesses in the Key Scheduling Algorithm of RC4" (jointly prepared by specialists from Cisco Systems and the Department of Computer Science of the Israeli Weizmann Institute), published in August 2001.

In the same year, the first utility, developed by Adam Stubblefield, appeared, in which the theoretical calculations of the above authors were implemented in practice and which cracked the WEP cipher within a few hours. Today, there are utilities that allow you to crack WEP in 5-30 seconds. The problems with the WEP algorithm are complex and lie in a whole series of weak points:

The key exchange mechanism (or rather, its almost complete absence);

Small bit depths of the key and initialization vector (Initialization Vector -- IV);

Mechanism for checking the integrity of transmitted data;

Authentication method and encryption algorithm RC4. The WEP encryption process occurs in two stages.

1 First, a checksum (Integrity Checksum Value -- ICV) is calculated using the Cyclic Redundancy Check (CRC-32) algorithm, added to the end of the unencrypted message and used to verify its integrity by the receiving party.

2. At the second stage, encryption is carried out directly.

The WEP encryption key is a shared secret key that devices on both sides of the wireless data transmission channel must know. This 40-bit secret key, along with a random 24-bit IV, is the input sequence to a pseudorandom number generator based on the Vernam cipher to generate a string of random characters called a key stream.

This operation is performed to avoid hacking methods based on the statistical properties of the plaintext.

IV is used to provide each message with its own unique key stream.

The encrypted message (Figure 1) is produced by XORing the unencrypted message with the ICV and the key stream. So that the recipient can read it into the transmitted packet in open form IV is added. When information is received on the other side, the reverse process occurs (p=c+b). Meaning b the receiver calculates by applying the Vernam code to the input sequence consisting of the key TO(which he knows in advance) and IV, which came with the same message in clear text. For each subsequent packet, the process is repeated with a new selected IV value. To the number known properties The RC4 algorithm is that if we use the same key value and initialization vector, we will always get the same value b hence applying the XOR operation to two texts encrypted by RC4 with the same value b, is nothing more than an XOR operation on two initial texts.

c 1 =p 1 +b;

c 2 =p 2 +b; c 1 +c 2 =(p 1 +b)+(p 2 +b)=p 1 +p 2 This way we can get the plaintext that is the result of an XOR operation between two other original texts. The procedure for extracting them is not difficult. The presence of the original text and IV allows you to calculate the key, which in the future will make it possible to read all messages of this wireless network b. After a simple analysis, you can easily calculate when it will happen again . Since the key K constant, and the number of IV options is 2 24 = 16 777 216, then with sufficient load on the access point, the average packet size in the wireless network is 1500 bytes (12 000 bits), and data transfer, for example 5 Mbps (with a maximum of 11 Mbps), we get that the access point will transmit 416 messages per second, or 1,497,600 messages per hour, i.e. repetition will occur in 11 hours 12 minutes (2 24 / 1,497,600=11.2 hours). This problem is called "vector collision". Exists a large number of ways to speed up this process. In addition, "known" attacks may be used. in plain text", when a message with a previously known content is sent to one of the network users and encrypted traffic is eavesdropped. In this case, having three components out of four (plain text, initialization vector and cipher text), the key can be calculated.

The situation is similar with the ICV used in the WEP algorithm. The CRC-32 value is calculated based on the message data field. This good method to determine errors that occur during the transmission of information, but it does not ensure the integrity of the data, i.e., it does not guarantee that they have not been replaced during the transmission process. Check sum CRC-32 has a linear property: CRC(A XOR B)=CRC(A)XOR CRC(B), which allows an attacker to easily modify an encrypted packet without knowing the WEP key and recalculate a new ICV value for it.

Wired Equivalent Privacy (WEP) is an outdated algorithm for ensuring the security of an IEEE 802.11 wireless network.

Wireless networks using radio are more susceptible to eavesdropping than wired networks.

In 1999, WEP was intended to provide privacy comparable to a wired network. Also WEP is an optional feature IEEE standard 802.11, which is used to ensure secure data transmission. It is identical to the security protocol in cable local networks without the use of additional methods encryption.

WEP technology

According to the 802.11 standard, WEP data encryption is used for the following purposes:

1. Preventing unauthorized access to data when using wireless network devices.

2. Preventing interception of wireless traffic local networks.

WEP allows the wireless network administrator to define a set of keys for each user based on a "key string" that is processed by the WEP algorithm. Any user who does not have the required key cannot access the network.

As stated in the specification, WEP uses the RC4 encryption algorithm with a 40-bit or 128-bit key. When WEP is enabled, all stations (both client and access points) receive their own key, which is used to encrypt data before it is transmitted to the transmitter. If a station receives a packet that is not encrypted with the appropriate key, it is excluded from the traffic. This method serves to protect against unauthorized access and interception of data.

Since 2001, a number of serious flaws identified by cryptanalysts have shown that today's WEP communications can be hacked in a few minutes. A few months later, IEEE created a new 802.11i task force to combat the problems. In 2003, the Wi-Fi Alliance announced that WEP had been replaced by WPA, which was an amendment to 802.11i. In 2004, with the full adoption of the 802.11i (or WPA2) standard, the IEEE stated that WEP-40 and WEP-104 were not recommended because they did not fulfill their security responsibilities. Despite its shortcomings, WEP is still widely used today.

Information security researchers have published a detailed report on weaknesses in the encryption methods widely used to protect information transmitted over wireless networks.

The root of the problem is the existing privacy loopholes, which arise from flaws in the code assignment algorithm used in Wired Equivalent Privacy (WEP), a protocol that is part of the 802.11 network radio standard.

Radio security vulnerabilities have been widely documented before, but the main difference with the newly discovered flaw is that it is much easier to exploit. According to EE-Times, passively intercepting ciphertext and then processing it using the method proposed by the researchers would allow an attacker with a radio LAN connection to pick up security codes in less than 15 minutes. Increasing the length of the key used in encoding would be of no benefit in defeating attacks that exploit a fundamental flaw in the methodology of the encoding technique used.

WEP encryption mechanism

WEP (Wired Equivalent Privacy) encryption is based on the RC4 (Rivest’s Cipher v.4) algorithm, which is a symmetric stream encryption. As noted earlier, for normal exchange of user data, the encryption keys of the subscriber and the radio access point must be identical.

The core of the algorithm consists of a key stream generation function. This function generates a sequence of bits which is then combined with in clear text by summing modulo two. Decryption consists of regenerating this keystream and summing it modulo two with the ciphergram to recover the original text. The other main part of the algorithm is the initialization function, which uses a variable-length key to create the initial state of the keystream generator.

RC4 is actually a class of algorithms defined by its block size. This parameter n is the word size for the algorithm. Typically, n = 8, but for analysis purposes this can be reduced. However, to increase the level of security, it is necessary to set this value to a higher value. Internal state RC4 consists of an array of 2n words and two counters, each one word in size. The array is known as an S-box and will be referred to as S in the following. It always contains a permutation of the 2n possible meanings of a word. The two counters are designated by i and j.

RC4 initialization algorithm

This algorithm uses a key stored in Key and having a length of l bytes. Initialization begins with filling the array S, then this array is mixed by permutations determined by the key. Since only one action is performed on S, the statement must hold that S always contains all values code word.

Initial array filling:

for i = 0 to 2n – 1

Scrambling:

for i = 0 to 2n – 1

j = j + S[i] + Key

Permutation (S[i], S[j])

The RC4 keystream generator rearranges the values ​​stored in S and selects a new value from S as the result each time. In one RC4 cycle, one n-bit word K is determined from the key stream, which is further summed with the original text to obtain the ciphertext.

Initialization:

Generation cycle:

Permutation (S[i], S[j])

Result: K = S + S[j]].

Features of the WEP protocol

Sufficiently resistant to attacks associated with simple enumeration of encryption keys, which is ensured by the required key length and the frequency of changing keys and initializing vector;

Self-syncing for every message. This property is key for media access layer protocols, where the number of distorted and lost packets is high;

Efficiency: WEP is easy to implement;

Openness;

The use of WEP encryption is optional on IEEE 802.11 networks.

Stream and block encryption are used to continuously encrypt the data stream.

Stream encryption

Stream encryption performs bitwise addition modulo 2 (exclusive OR function, XOR) of the key sequence generated by the encryption algorithm based on advance given key, and the original message. The key sequence has a length corresponding to the length of the original message to be encrypted.

Block encryption

Block encryption works with blocks of a predetermined length that does not change during the encryption process. The original message is fragmented into blocks and the XOR function is calculated on the key sequence and each block. The block size is fixed, and the last fragment of the original message is padded with blank characters to the length of a normal block. For example, in block encryption with 16-byte blocks, the original 38-byte message is fragmented into two 16-byte blocks and 1 6-byte block, which is then padded with 10 bytes of null characters to the length of a normal block.

Stream encryption and block encryption use the Electronic Code Book (ECB) method. The ECB method is characterized by the fact that the same original message at the input always generates the same encrypted message at the output. This is a potential security hole because an outside observer, upon detecting repeated sequences in an encrypted message, is able to make educated guesses as to the identity of the contents of the original message.

To resolve this problem use:

· Initialization Vectors (IVs).

· Feedback(feedback modes).

Before the encryption process begins, a 40- or 104-bit secret key is distributed among all stations in the wireless network. An initialization vector (IV) is added to the secret key.

Initialization vector

The Initialization Vector (IV) is used to modify the key sequence. When using an initialization vector, the key sequence is generated by an encryption algorithm, the input of which is a secret key combined with the IV. When the initialization vector changes, the key sequence also changes. In Fig. 8.3, the original message is encrypted using a new key sequence generated by the encryption algorithm after submitting a combination of the secret key and the initialization vector to its input, which generates an encrypted message at the output.

Thus, the same unencrypted frame transmitted multiple times will produce a unique encrypted frame each time.

The initialization vector is 24 bits long and is combined with a 40- or 104-bit WEP encryption base key to produce a 64- or 128-bit key as input to the encryption algorithm. The initialization vector is present in unencrypted form in the frame header on the radio channel so that the receiving end can successfully decode the frame. Although WEP encryption is commonly talked about using 64-bit or 128-bit keys, the effective key length is only 40 or 104 bits because the initialization vector is sent unencrypted. When the encryption settings in the equipment are at 40-bit in an effective way 5 byte ASCII characters are entered (5×8=40) or 10 hexadecimal numbers(10x4=40), and with a 104-bit effective key, 13 byte ASCII characters (3x8=104) or 26 hexadecimal numbers (26x4=104) are entered. Some equipment can handle a 128-bit key.

Weaknesses of WEP encryption and examples of attacks

All attacks on WEP are based on flaws in the RC4 cipher, such as the possibility of initialization vector collisions and frame modifications. All types of attacks require interception and analysis of wireless network frames. Depending on the type of attack, the number of frames required for hacking varies. Using programs such as Aircrack-ng, hacking a wireless network with WEP encryption is very fast and does not require special skills.

Flarere-Mantin-Shamir attack

It was proposed in 2001 by Scott Flurer, Itzik Mantin and Adi Shamir. Requires the presence of weak initialization vectors in frames. On average, about half a million frames need to be intercepted to hack. Only weak vectors are used in the analysis. If they are absent (for example, after correction of the encryption algorithm) this attack ineffective.

KoreK attack

It was proposed in 2004 by a hacker calling himself KoreK. Its peculiarity is that the attack does not require weak initialization vectors. To hack, you need to intercept several hundred thousand frames. Only initialization vectors are used in the analysis.

Tevs-Weinman-Pyshkin attack

It was proposed in 2007 by Erik Tews, Ralf-Philipp Weinmann and Andrey Pyshkin. Uses the ability to inject ARP requests into a wireless network. On this moment This is the most effective attack, requiring only a few tens of thousands of frames to break. Entire frames are used in the analysis. In conclusion, it can be recalled that the algorithm has many weaknesses:

  • key exchange and data integrity checking mechanisms
  • small width of the key and initialization vector (English Initialization vector)
  • authentication method
  • encryption algorithm.

In 2001, the WEP-104 specification appeared, which, however, did not solve the problem, since the length of the initialization vector and the method of checking data integrity remained the same. In 2004, the IEEE approved the new mechanisms WPA and WPA2. Since then, WEP has been considered obsolete. In 2008, the DSS (Data Security Standard) standard was released by the SSC (Security Standards Council) of the PCI (Payment Card Industry) organization, which recommended stopping the use of WEP for encryption after June 30, 2010.

Personal data and files located on a wireless network can sometimes be seen by people receiving your network's radio signal. This may lead to identity theft and other malicious activities.

Network security key or passphrase will help protect your wireless network from such unauthorized access.

The Network Setup Wizard will help you install network security key.

Note Note: It is not recommended to use Wired Equivalent Privacy (WEP) as a way to secure your wireless network. Secure technology Wi-Fi access(WPA or WPA2) is more secure. If WPA or WPA2 technology does not work, it is recommended to replace the network adapter with one that works with WPA or WPA2. All network devices Computers, routers and access points also support WPA or WPA2.

Encryption Methods for Wireless Networks

There are currently three encryption methods for wireless networks: Wi-Fi Protected Access (WPA and WPA2), Wired Equivalent Privacy (WEP) and 802.1x. The first two methods are described in more detail below. 802.1x, which is usually used for corporate networks, is not described in this section.

Wi-Fi Protected Access Technology (WPA and WPA2)

To connect using WPA and WPA2, you must have a security key. Once the key is verified, all data sent between your computer or device and the access point will be encrypted.

There are two types of WPA authentication: WPA and WPA2. Use WPA2 whenever possible as it is the most secure. Almost all new wireless adapters support WPA and WPA2, but there are some older models that do not support them.

WPA-Personal and WPA2-Personal provide users with the same passphrase. These types are recommended for use in home networks. WPA-Enterprise and WPA2-Enterprise are designed for use with an 802.1x authentication server, which generates a different key for each user. This type is typically used in work networks.

Wired Equivalent Privacy (WEP) Protocol

WEP is a way to secure your network previous generation, is still available and supports older device models, but it is not recommended to use it. When activating WEP, you must configure a network security key. This encryption key is sent across a network from one computer to another. However, WEP security is relatively easy to break.

There are two types of WEP: open system authentication and shared key authentication. None of them are completely secure, but shared key authentication is the least secure type.

For most wireless computers and access points, the public authentication key is the same as the static WEP encryption key that is used to secure the network. An attacker can intercept the successful shared key authentication message and use sniffing tools to determine the shared authentication key and the static WEP encryption key.

Once the static WEP encryption key is determined, the attacker will have full access to the network. For this reason this Windows version do not support automatic setup network using WEP shared key authentication.

If, despite these caveats, you still want to set up WEP authentication using a shared key, you can do so by following these steps.

Creating a Profile Using Shared Key WEP Authentication

  1. Open the Network and Sharing Center window.
  2. Click Set up a new connection or network.
  3. Select Manually connecting to a wireless network and click Next.
  4. On the page Enter information about the wireless network you want to add under the heading Type of protection select WEP.
  5. Complete the remaining pages and click Next.
  6. Click Connection setup.
  7. Go to the tab Safety, in the list Type of protection select General.
  8. Click OK.

WEP encryption is a feature of every 802.11b system, so it's important to know how it works, even if you choose not to use it. As its name suggests, the original purpose of Wired Equivalent Privacy (WEP) was to provide a level of security for wireless networks comparable to that of a wired network. But there is a very common claim that a network based on WEP encryption is almost as vulnerable to intrusion as a network with absolutely no security. It will protect against the occasional spy, but won't be particularly effective against a persistent burglar.

WEP performs three functions: it prevents unauthorized access to the network, verifies the integrity of each packet, and protects data from ill-wishers. To encrypt data packets, WEP uses a secret encryption key before the network client or access point transmits it, and uses the same key to decode the data after it is received.

When a client tries to communicate with the network using a different key, the result is garbled and ignored. Therefore, WEP settings must be exactly the same on every access point and client adapter on the network. This sounds simple enough, but is problematic because manufacturers use different methods to determine the size and format of the WEP key. The functions are consistent from brand to brand, but the same settings do not always have the same designations.

How many bits are in your WEP key?

First, the WEP key can be either 64 or 128 bits. 128-bit keys are more difficult to crack, but they also increase the amount of time it takes to transmit each packet.

Confusion in implementations different manufacturers occurs because 40-bit WEP is the same as a 64-bit WEP key, and a 104-bit key is the same as a 128-bit key. A standard 64-bit WEP key is a string containing an internally generated 24-bit initialization vector and a 40-bit secret key assigned by the network administrator. Some manufacturers' specifications and configuration programs call this "64-bit encryption" and others call it "40-bit encryption". In either case, the encryption scheme remains the same, so an adapter that uses 40-bit encryption is fully compatible with an access point or adapter that uses 64-bit encryption.

Many network adapters and access points also contain a "strong encryption" feature that uses a 128-bit key (which is actually a 104-bit secret key with a 24-bit initialization vector).

Strong encryption is one-way compatible with 64-bit encryption, but is not automatic, so all components of a mixed network of devices with a 128-bit and 64-bit key will work with 64-bit encryption. If the access point and all adapters support 128-bit encryption, use a 128-bit key. But if you want your network to be compatible with adapters and access points that only recognize 64-bit encryption, configure your entire network to use 64-bit keys.

ASCII or hexadecimal key?

But the key length alone is confusing when setting up WEP encryption. Some programs require the key as a string from text characters, and others as hexadecimal numbers. Others can generate a key from an optional passphrase.

Each ASCII character consists of 8 bits, so a 40-bit (or 64-bit) WEP key contains 5 characters, and a 104-bit (or 128-bit) key consists of 13 characters. IN hexadecimal system each number is 4 bits, so a 40-bit key contains 10 hexadecimal characters, and 128-bit has 26 characters.

In Fig. 14.2 showing the Wireless Setting window for the point D-Link access The 40-bit Shared Key Security field uses hexadecimal characters and has space for ten characters. D-Link program contains all ten characters on one line, but some others divide them into five groups of two numbers or into two groups of five numbers.


Rice. 14.2

To a computer, the key looks the same either way, but it's easier to copy the string when it's split into parts.

Many client utilities, such as the Wireless Network Properties dialog box in Windows XP (shown in Figure 14.3), offer a choice of either hexadecimal code, or text, so you can use the appropriate format for the access point.

The passphrase is text string, which adapters and access points automatically convert to a string of hexadecimal characters. Since people generally remember meaningful words or phrases more easily than hexadecimal gobbledygook, a passphrase is easier to convey than a hexadecimal string. However, a passphrase is only useful when all adapters and access points on the network are made by the same manufacturer.


Rice. 14.3

What features are present?

Similar to almost all settings in the 802.11b configuration utility, the names of WEP functions are not constant from one program to another.

Some use open set features such as “enable WEP encryption,” and others use technical terminology taken from the official 802.11 specification. Open System Authentication is the second variant of the name "WEP Encryption Disabled".

Some access points also provide an optional authentication feature with public key, which uses WEP encryption when the network client has the key, but unencrypted data is accepted from other network nodes.

Combining hexadecimal and text keys

Setting up a mixed network becomes more complicated when some network nodes only use hexadecimal keys while others require text keys. If this situation occurs on your network, you need to follow the rules below to configure them with WEP:

Convert all text keys to hexadecimal. If the configuration program requires a text key, enter the characters Oh(zero followed by lowercase letter x) before the hexadecimal string. If you are using software Apple's AirPort instead Oh At the beginning of the hessadecimal key, you must enter a dollar symbol ( $ );

Make sure all your encryption keys have the correct number of characters;

If things still don't work, read the security sections in your manuals. network adapters and access points. It is possible that one or more of these devices on the network has some kind of hidden individual feature, which you don't know about.

Changing WEP keys

Many access points and adapters network clients can support up to four different 64-bit WEP keys, but only one is active at a time, as shown in Figure. 14.4. Other keys are spare keys, which may allow network administrator adjust network protection with a short notification. Adapters and access points that support 128-bit encryption use only one 128-bit WEP key at a time.


Rice. 14.4

On a network where WEP encryption is organized seriously. WEP keys must be changed regularly, according to a schedule. A month is sufficient for a network that does not transmit important data, but for a more serious network, a new key must be installed once or twice a week. Remember to write down your current WEP keys in a safe place.

The question often arises: what type of Wi-Fi encryption to choose for your home router. It might seem like a small thing, but if the parameters are incorrect, problems may arise with the network, and even with the transfer of information via an Ethernet cable.

Therefore, here we will look at what types of data encryption are supported by modern WiFi routers, and how the aes encryption type differs from the popular wpa and wpa2.

Wireless network encryption type: how to choose a security method?

So, there are 3 types of encryption in total:

  1. 1. WEP encryption

The WEP encryption type appeared back in the 90s and was the first option Wi-Fi protection networks: it was positioned as an analogue of encryption in wired networks and used the RC4 cipher. There were three common encryption algorithms for transmitted data - Neesus, Apple and MD5 - but each of them did not provide the required level of security. In 2004, IEEE declared the standard obsolete due to the fact that it finally ceased to provide secure network connections. At the moment, it is not recommended to use this type of encryption for wifi, because... it is not crypto-proof.

  1. 2.WPS is a standard that does not include the use of . To connect to the router, simply click on the appropriate button, which we described in detail in the article.

Theoretically, WPS allows you to connect to an access point using an eight-digit code, but in practice, only four are often enough.

This fact is easily taken advantage of by numerous hackers who quickly (in 3 - 15 hours) hack wifi networks, so use this connection also not recommended.

  1. 3.Encryption type WPA/WPA2

Things are much better with WPA encryption. Instead of the vulnerable RC4 cipher, we use AES encryption, where the password length is an arbitrary value (8 – 63 bits). This type encryption provides a normal level of security, and is quite suitable for simple wifi routers. There are two types of it:

Type PSK (Pre-Shared Key) – connection to the access point is carried out using specified password.
- Enterprise – the password for each node is generated automatically and checked on RADIUS servers.

The WPA2 encryption type is a continuation of WPA with security improvements. IN this protocol RSN is used, which is based on AES encryption.

Like WPA encryption, WPA2 has two modes of operation: PSK and Enterprise.

Since 2006, WPA2 encryption type has been supported by all Wi-Fi equipment, the corresponding geo can be selected for any router.

Advantages of WPA2 encryption over WPA:

Encryption keys are generated during the connection to the router (instead of static ones);
- Using the Michael algorithm to control integrity transmitted messages
- Using an initialization vector of significantly greater length.
In addition, you should choose the type of Wi-Fi encryption depending on where your router is used:

WEP, TKIP and CKIP encryption should not be used at all;

For home point WPA/WPA2 PSK is quite suitable for access;

For this you should choose WPA/WPA2 Enterprise.