Common Methods for setting Wireless Router Security

Users have their own methods for setting wireless router security. The following describes several tips. I hope you can give it a try and give more friends a valuable reference. Everyone should know that it is very expensive to build a router lab.

Common Methods for setting Wireless Router Security

I believe everyone has heard about the benefits of a wireless LAN. However, the communication link of a wireless network is opened in the air through wireless signals, and it is not concealed. An indisputable fact is that the vast majority of wireless networks are insecure. For wireless network users, it is important to know that no matter how secure the wireless network is, unless end-to-end encryption technology has been deployed, otherwise, there is no real security. Although wireless technology has many advantages in availability, wireless security cannot be compared with wired network security.

DHCP-automatically obtain an IP address or a fixed IP address?

DHCP (Dynamic Host Configuration Protocol) allows you to set the Protocol for a Dynamic Host to automatically assign IP addresses to each computer in the LAN, you do not need to set IP addresses, subnet masks, and other required TCP/IP parameters. It is divided into two parts: one is the server side (here refers to a Wireless AP or wireless router with DHCP service functions ), the other is the client (the user's personal computer and other wireless client devices ). All IP network settings are centrally managed by the DHCP server and are responsible for handling DHCP requirements of the client. The client uses IP Environment Information allocated from the DHCP server.

If the DHCP function is enabled on the Wireless AP or wireless router to provide dynamic IP addresses for hosts connected to the wireless network, it is easy for others to use your wireless network. Therefore, disabling DHCP is necessary for personal or enterprise wireless networks. DHCP should be enabled unless it is in public wireless "hot spots" areas such as airports and bars. Generally, set the DHCP server to "disabled" under the "DHCP server" setting of the wireless router. In this way, the wireless network signal can be found and the network cannot be used. We recommend that you do not use static private CIDR blocks. Instead, use the common private CIDR blocks 192.168.0.0-192.168.0.255.

Wireless Router Security Settings: WEP, WPA-WEP encryption, or WPA encryption?

Wireless Network Encryption provides security by encrypting the data of the radio receiver. It is mainly used to keep the information data of the link layer in the wireless LAN confidential. Currently, most wireless devices have the WEP encryption and WAP encryption functions. Do we use WEP encryption or WAP encryption? Apparently, WEP appears earlier than WAP, and WAP is more secure than WEP.

WEP adopts symmetric encryption mechanism, and data encryption and decryption adopts the same key and encryption algorithm. After encryption is enabled, both wireless network devices must use encryption to communicate with each other, with the same key and algorithm. WEP supports 64-bit and 128-bit encryption. For 64-bit encryption, the key is 10 hexadecimal characters (0-9 and A-F) or 5 ASCII characters; for 128-bit encryption, the key is a string of 26 hexadecimal or 13 ASCII characters.

Wireless Router Security Settings: This shows you how to make WEP more secure:

(1) using multiple sets of WEP keys and a set of fixed WEP keys will be very insecure. Using multiple sets of WEP keys will improve security, but note that WEP keys are saved in Flash, therefore, some hackers can access your network by obtaining any device on your network;

(2) If you are using an old vro that only supports WEP, you can use a 128-bit WEP Key, which makes your wireless network safer.

(3) Change Your WEP Key periodically.

(4) You can download a firmware upgrade from the manufacturer's website. After the upgrade, you can add WPA support.

WPA can solve security problems that cannot be solved by WEP. To put it simply, the low security problem of WEP comes from the sharing of a key by each device on the network. This key is vulnerable to insecurity. Its scheduling algorithm's weakness allows malicious hackers to easily intercept and destroy the WEP password, and then access the internal resources of the LAN.

WPA is a new technology that inherits the basic principles of WEP and solves the disadvantages of WEP. Because the algorithm for generating encryption keys is enhanced, even if the group information is collected and parsed, it is almost impossible to calculate a general key. The principle is to generate different keys for each group based on the general key and the serial number indicating the computer MAC address and the group information order number. This key is then used for RC4 encryption like WEP.

Through this processing, the data exchanged for all group information of all clients is encrypted by different keys. No matter how much data is collected, it is almost impossible to crack the original universal key. WPA also adds functions and authentication functions to prevent data tampering in the middle. With these features, all the shortcomings that were previously criticized by WEP have been solved. WPA is not only a more powerful encryption method than WEP, but also has a richer connotation. As a subset of the 802.11i standard, WPA consists of authentication, encryption, and data integrity verification. It is a complete security solution.

We would like to remind you that the data transmission encryption function is disabled when many wireless routers or APs are leaving the factory. If you use this function without further setting, then your wireless network becomes a "undefended" decoration. We recommend that you use WPA encryption.

Wireless Router Security Settings: MAC address-DNA in the online world

Since each wireless network card has a unique physical address MAC in the world, you can manually set a list of wireless network card MAC addresses for a group of hosts allowed to access in the Wireless AP (or wireless router, implements physical address filtering. This requires that the MAC address list in the AP be updated at any time.

Setting MAC address filtering is too heavy for large wireless networks, but not for Small wireless networks, so we should not be bothered. The MAC address can be forged theoretically, so it is a low-level authentication method. We recommend that you set the MAC address filtering function when there are not many users in the home and small office wireless networks.

Wireless Router Security Settings: SSID-hide yourself

A wireless router generally provides the "allow SSID broadcast" function. If you do not want your wireless network to be easily searched by another wireless network adapter, you 'd better Disable SSID broadcast ". In general, the SSID is the name given to the wireless network. It is used to distinguish different wireless networks.

SSID is the first element of wireless network discovery by a wireless network adapter. After the Broadcast SSID is enabled, the wireless network adapter automatically finds the network and tries to connect to it within the effective coverage of the wireless network. If we do not want to expose our wireless network to the public, we should think of hiding our wireless network SSID and disable the "Broadcast SSID" function. After "Broadcast SSID" is disabled, the wireless network card does not automatically find the wireless network. To connect to this wireless network, you need to manually add the SSID. We recommend that you hide the SSID.

Wireless Router Security Settings: How to make wireless networks more secure

According to Internet data, the following software is used: Network Stumbler, WildPackets AiroPeek NX, OmniPeek 4.1, WinAircrack, etc. As long as these software has enough time to capture wireless Network communication signals in communication, attackers can crack wireless network security settings, such as WEP encryption, WPA encryption, MAC filtering, and SSID hiding.

This sounds disappointing, so how to make wireless networks more secure. Make sure that wireless access networks do not rely on WEP and other technologies as much as possible to adopt other more security measures. Currently, the main methods to achieve this goal include VPN technology, such: use security protocols such as Point-to-Point Tunneling Protocol (PPTP) or L2 Tunneling Protocol (L2TP), and VPN technologies such as IPSec and SSL. In this way, both the access control function and the end-to-end (Program-to-Program) encryption function can be obtained.

VPN technology, an end-to-end security solution, may be too complicated to be deployed for small networks and personal applications without technical support. This is a dilemma for small users, however, the WEB-based ssl vpn technology is relatively easier. Wireless Network = insecure? This makes us very confused. Do we need to map the network to facilitate and sacrifice security? The question is the answer.