How to protect your home router from hackers and neighbors. How to restrict other users' access to your home Wi-Fi

Today, wireless networks play an important role in the lives of users. If 10 years ago it was considered common to carry an Internet cable behind a laptop, today every phone connects to the Internet via wi-fi. Computers, laptops, netbooks, tablets, smartphones, printers - all this equipment can be connected to the network and interconnected simply over the air. And naturally, not only you, but also those around you have such equipment. Therefore, it is extremely important to be able to protect your wireless network.

1. Protection of the Wi-Fi network itself.

Must select reliable type security and install a difficult-to-guess security key. We recommend choosing WPA2-PSK and a security key of 8-10 characters.

Often it is also a good idea to hide the wi-fi network. To do this, check the box Enable hidden Wireless(see picture above)

In some cases, it makes sense to adjust the transmitter power so that the access point covers your apartment, but does not reach your neighbors.

2. Protect your access point (or router)

On D-Link example DIR-300:

Go to the section MAINTENANCE, select subsection Device Administration, in setting Admin Password indicate twice New Password:

And in the setting Administration uncheck the box Enable Remote Management what will he do impossible entry to the device’s web interface from the Internet.

article

Kaspersky Lab blog article.
VPN Kaspersky Secure Connection
Microsoft support site.

(System Tools → Password).
article.
Click Save (Save).

Router interfaces vary depending on the manufacturer, specific model and firmware versions. To navigate the router settings, use the user manual for your model. As a rule, it is included with the router, or you can download it from the device manufacturer's website.

Enter the router's IP address in address bar browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section ( Wireless → Basic Settings).
In field Wireless network name (Wireless Network Name
Click Save (Save).

Router interfaces vary depending on the manufacturer, specific model and firmware version. To navigate the router settings, use the user manual for your model. As a rule, it is included with the router, or you can download it from the device manufacturer's website.

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless mode→ Basic settings (Wireless → Basic Settings).
Uncheck Enable SSID Broadcast (Enable SSID Broadcast).
Click Save (Save).

Disable WPS

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the router settings page, go to the section Wireless mode → WPS (Wireless → WPS).
Click Disable (Disable).

Enable encryption

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section ( Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Version (Authentication Type) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

article.

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless Mode → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Wireless password (Wireless Password
Click Save (Save).

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are listed on the back of the router.
On the router settings page, go to the () section.
Click Add (Add New).

Included (Enabled).
Click Save (Save).

Click Turn on (Enable).
Select ().

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.

In the window Network connections press twice.
In the window State click Wireless Network Properties.
In the window Wireless Network Properties go to the tab Safety.
Select security type WPA2-Personal article.
Click OK.
Close the window State.

Windows 10, Windows 7, 8, 8.1, 10.

For all products: Software compatible

For all products: Purchase and license

For all products: Before installation

For all products: Getting started

For all products: Program settings

For all products: Uninstall programs

For all products: Errors

For all products: Secure payments

For all products: Diagnostics and reports

For all products: Articles on My Kaspersky

For all products: Windows Articles

When you connect to public Wi-Fi networks, for example, in a cafe, data is transmitted unencrypted. This means that your passwords, logins, correspondence and other confidential information become accessible to attackers. Email addresses can be used to send spam, and the data on your page social network can be changed.

Home Wi-Fi networks are also at risk. Even the highest level of security for wireless networks: WPA2 encryption, can be “cracked” using a key reinstallation attack (KRACK). For more details, see the Kaspersky Lab blog article.

Always follow these guidelines when connecting to any Wi-Fi network:

Make sure that you have Firewall installed and enabled. This security component checks network traffic and protects your computer from network attacks.
Firewall is included in Kaspersky Lab programs: Kaspersky Internet Security, Kaspersky Anti‑Virus, Kaspersky Total Security, Kaspersky Security Cloud and Kaspersky Small Office Security.
Use protected HTTPS connection. Make sure there is a green or gray padlock icon in your browser's address bar. For more details, see the Kaspersky Lab blog article.
Secure your connection with a VPN, adding another layer of encryption. To do this, install Kaspersky Secure Connection on your device and enable secure connection every time you connect to the Internet.
If you are using operating system Windows, turn off the service public access to files and printers for everyone public networks, to which you connect. Instructions on the Microsoft support site.
If possible, use Mobile Internet instead of public Wi-Fi networks.

Create a strong password to access the router

As a rule, a standard login and password are used to access the router settings. An attacker can find out the login and password for your router by downloading the user manual for the device from the manufacturer’s website. To prevent this from happening, change the router password.

For example, we show the setting TP-Link router TL-WR841N. To change the password to access the router:

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section System Tools → Password (System Tools → Password).
Enter your username, old and new password to access the router. Recommendations for creating a strong password are in the article.
Click Save (Save).

The password to access the router will be changed.

Create a unique name (SSID) for your Wi-Fi network

Rainbow tables are often used to crack passwords. Pre-built rainbow tables for popular SSIDs store millions of possible passwords. If your SSID and password are in such a table, an attacker can instantly recover your network password using special programs.

To increase the security of your home wireless network, come up with an uncommon SSID.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the Wi-Fi network name:

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless mode → Basic settings (Wireless → Basic Settings).
In field Wireless network name (Wireless Network Name) come up with and enter a name for the Wi-Fi network.
Click Save (Save).

The name for the Wi-Fi network will be changed.

Make your Wi-Fi network invisible

In the router settings, hide the network name. Your Wi-Fi network will not appear in the list of available wireless networks. Detect it without special software will be impossible.

For example, we show the configuration of the TP-Link TL-WR841N router. To make a Wi-Fi network invisible to other devices:

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless mode → Basic settings (Wireless → Basic Settings).
Uncheck Enable SSID Broadcast (Enable SSID Broadcast).
Click Save (Save).

Your Wi-Fi network will be invisible to other devices.

Disable WPS

WPS technology is designed to make it easier for devices to connect to Wi-Fi networks. Using WPS you can connect to your router without a password. We recommend disabling WPS in your router settings.

For example, we show the configuration of the TP-Link TL-WR841N router. To disable WPS:

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless mode → WPS (Wireless → WPS).
Click Disable (Disable).

WPS technology will be disabled.

Enable encryption

When working on a network with weak encryption, your data can be intercepted by attackers. If you connect to your home network and receive a message about weak encryption, change the encryption type to a stronger one. Common wireless encryption types: WEP, TKIP, WPA, WPA2 (AES/CCMP).

The main difference between them is the level of protection. We recommend WPA2 as it is the most secure available.

For example, we show the configuration of the TP-Link TL-WR841N router. To change the wireless encryption type:

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless Mode → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Version (Authentication Type) select WPA2-PSK.
In field Encryption (Encryption) select AES.
Click Save (Save).

Wi-Fi network encryption will be enabled.

Create a strong password for your Wi-Fi network

Without a password, your Wi-Fi network will be accessible to everyone. Strong password won't let you connect to it to strangers. Recommendations for creating a strong password are in the article.

For example, we show the configuration of the TP-Link TL-WR841N router. To create a password:

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are located on the back of the router.
On the router settings page, go to the section Wireless Mode → Wireless Security (Wireless → Wireless Security).
Select WPA/WPA2 - Personal.
In field Wireless password (Wireless Password) create and enter a password for the Wi-Fi network.
Click Save (Save).

A password for the Wi-Fi network will be created.

Enable MAC Address Filtering

Each device that has a network card or network interface, has its own MAC address. Create a list of MAC addresses trusted devices or prevent devices with specific MAC addresses from connecting.

For example, we show the configuration of the TP-Link TL-WR841N router. To configure MAC address filtering for trusted devices:

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.
On the login page, enter your username and password. If you haven't changed them, they are listed on the back of the router.
On the router settings page, go to the section Wireless Mode → MAC Address Filtering (Wireless → Wireless MAC Filtering).
Click Add (Add New).

Enter MAC address, device description and select status Included (Enabled).
Click Save (Save).

Click Turn on (Enable).
Select Allow access to stations specified in enabled rules from the list (Allow the stations specified by any enabled entries in the list to access).

Only those devices whose MAC addresses you added to the list will have access to the router.

Reduce Wi-Fi signal range

In the router settings, reduce the transmission power to a value where the network signal can only be received within your premises. Reduced radius Wi-Fi signal will not allow strangers to connect to it.

For example, we show the configuration of the TP-Link TL-WR841N router. To reduce the Wi-Fi signal range:

Enter the router's IP address into the address bar of your browser. You will be taken to the login page for the router settings. The router's IP address is listed on the back of the device and in the user manual.

In the window Network connections double click Wireless network connection.
In the window State click Wireless Network Properties.
In the window Wireless Network Properties go to the tab Safety.
Select security type WPA2-Personal and change the network security key. Recommendations for creating a strong password are in the article.
Click OK.
Close the window State.

The Wi-Fi network key and security type will be changed.

After changing home network settings Wi-Fi devices will not be able to automatically connect to this network, so you need to connect to the wireless network again. Look detailed instructions Online Microsoft support for Windows 10, Windows 7, 8, 8.1, 10.

Today every third user world wide web Widely applies to the entire home, offering high-speed Internet access to all devices. And that’s right, why not use this opportunity when, sitting in a chair, lying on the sofa or in bed before going to bed, you have access to the Internet from a smartphone or.

In this whole practically beneficial situation, there is one big “BUT” - users very rarely follow the security rules that directly relate to access to Wi-Fi. As time passes, we begin to notice that the speed of the Internet connection has decreased, and the printer suddenly began to be interested in “nude photos”, occasionally printing them! The actions of a “prankster” who connects to your network are not limited easy access to the Internet or to a printer, with a little dexterity, more confidential information becomes available to a third-party user, for example, your funds on electronic wallets. Therefore, protecting the wireless network and yourself personally is task number one, especially for users living in an apartment building.

How to secure Wi-Fi access from external intrusion

Usually the user, having noticed incorrect operation computer connected to the network, hurries to apply a reset. This is apparently similar to system unit, which suddenly froze. And here, we are looking for a thin object to get to the hidden “Reset” button on the case network equipment. Often, such actions save short term, and the situation is in a hurry to repeat itself...

Ways to protect Wi-Fi access:

The main step towards safety will be simple change access password to . After all, after configuration by a specialist (or self-configuration), the equipment continues to store factory credentials. And here, you don’t have to be a “computer genius” to enter the settings panel via the web interface!
Note! Not all equipment models have the ability to configure the router control panel, so the following advice is more practical to implement.
The next request concerns the network access password. Users are careless when choosing this cipher. Sometimes we refer to our weak memory, but at the same time we reset it with enviable consistency!
Therefore, it is better to configure the WPA2 encryption algorithm once and come up with a 10-digit password that you will change at least occasionally. For it, select a random set of letters and numbers, and simply write down the combination you came up with on a piece of paper or on the box from the router.

Note! Don't create readable passwords. Surnames and first names in English layout– hard to come up with, but easy to find!
Next, it would be nice to refuse WPS functions, which creates a digital PIN for new devices. The function is active by default on most access point models. If you don't have to constantly connect various smartphones or tablets, then there will be no difficulties.
Note! Even if there is a need to regularly connect new gadgets, it is enough to enter the access password every time! Low cost for home network security.
The next recommendation is more about attentiveness. Get into the habit of correctly leaving the router’s web interface, that is, not just closing the browser tab, but rather “exiting the control panel.”
This precaution is associated with some features of Internet browsers. When visiting pages, browsers save cache and cookies, which are responsible for storing temporary files and resource information. You may have previously noticed that after leaving the site, re-authorization is not required. So this is another loophole for a random attacker!
Note! It would be a good idea to get into the habit of clearing the cache and cookie of the browser you actively use (read how to do this in the article:,).
The following steps are rather addressed experienced users because they bear some risk. So, first we’ll change the router’s subnet, since it is set by default and is known to many. Typically, it is an address:
- 192.168.0.0
- 192.168.1.0
- 192.168.1.1
Moreover, the address is indicated on the device body; nothing prevents us from changing the IP address via the web interface and giving the local subnet a new name, different from the factory one.

Wi-Fi has become so popular that having a router is the rule rather than the exception. But, despite all the conveniences, you should take into account that it is visible to others. See for yourself how much is displayed in your home available connections. Hardly one or two, usually their number reaches a dozen or more. Likewise, neighbors can see your network among other available ones.

Few people want to outside users gained access to a personal wireless network

But if certain precautions are not taken, others may be able to connect to your connection. What does this mean? At the very least, a loss of Internet speed. You will not receive the full speed of your communication channel if someone connects to it at your expense. But the situation is much more dangerous if an attacker connects to your Wi-Fi and can use the transmitted data to his advantage.

To avoid this risk, you need to limit access to your Wi-Fi. Read below for recommendations on how this can be done.

Internet access for a specific list of devices

What is a mac address and how to find it out

To each network device Even during manufacturing at the factory, a special mac address is assigned - a kind of unique digital fingerprint. It looks like "A4-DB-30-01-D9-43". For further settings, you need to know the mac address of the individual device to which you are going to provide access to Wi-Fi. How to find him?

Windows

Option 1. Through the “Network Sharing Center”

Between the battery and sound icons there is an Internet connection icon. Cry right click mouse - select “Network and Sharing Center”.
“View active networks” - line “Connections”, click on the connection name - “Details”.
The “Physical address” line will contain the mac address of the laptop.

Option 2: Through Settings (for Windows 10)

Click “Start” - “Settings” - “Network and Internet” - “Wi-Fi” - “ Extra options" - "Properties".
“Physical address” is the mac address of the laptop.

Option 3. Via the command line

Hold Win+R - enter cmd (or Win+X - Command line(administrator) on Windows 8.1 and 10).
Type the command ipconfig /all.
In the "Wireless adapter" section local network. Wireless Network" in the "Physical Address" line contains the required information.

Android

“Settings” - “Wireless networks” - “Wi-Fi” - menu button - “Advanced functions”.
The required data is in the MAC address line.

iOS

“Settings” - “General” - “About this device” - “Wi-Fi address”.

Once you have discovered the device ID, write it down or simply remember it. Now let's proceed to the next stage - we will establish access to the required equipment through the router.

Setting up the router

First, log into the settings web interface. Using a browser, go to 192.168.0.1 or 192.168.1.1. Enter your login and password - admin/admin or admin/parol. These combinations work on most devices. If there is no access, check the information on the bottom surface of the router or in its instructions.

The layout of menu items may vary depending on the manufacturer, but basic principles Applicable for all devices.

In the “Wi-Fi network settings” section, enable filtering by mac address, because it is initially disabled.
In the “MAC Address Filtering” tab, add the addresses of the devices to which you are going to provide access to Wi-Fi.

Now you can use Wi-Fi only through those devices for which you have reserved addresses. Attackers will not gain access to your data.

Other access restriction options

Replacing the network and router password

If you haven't changed your Wi-Fi password, change it. Moreover, it is advisable to do this regularly. In your network security settings, create a new password. It is equally important to replace both the factory password and login login when installing the router. The standard combination is the easiest way to access the connection.