How to configure Wireless Router Security

Source: Internet
Author: User

Wireless Router Security Settings: WEP encryption or WPA encryption?

Wireless Network Encryption provides security through data encryption on the radio receiver. It is mainly used for the confidentiality of link layer information data in the wireless LAN? Currently, most wireless devices have the WEP encryption and WAP encryption functions. Do we use WEP encryption or WAP encryption? Apparently, WEP appears earlier than WAP, and WAP is more secure than WEP.

WEP adopts symmetric encryption mechanism. Does data encryption and decryption adopt the same key and encryption algorithm? After encryption is enabled, two wireless network devices must use encryption to communicate with each other. Do they have the same key and algorithm? WEP supports 64-bit and 128-bit encryption. For 64-bit encryption, the key is 10 hexadecimal characters (0-9 and A-F) or 5 ASCII characters; for 128-bit encryption, the key is a string of 26 hexadecimal or 13 ASCII characters.

Wireless Router Security Settings: How to Make WEP more secure

(1) using multiple sets of WEP keys and a set of fixed WEP keys will be very insecure. Using multiple sets of WEP keys will improve security, but note that WEP keys are saved in Flash, therefore, some hackers can access your network by obtaining any device on your network;

(2) If you are using an old wireless router that only supports WEP, you can use a 128-bit WEPKey, which makes your wireless network more secure.

(3) regularly change your WEP Key

(4) You can download a firmware upgrade from the manufacturer's website. After the upgrade, you can add WPA support.

What security issues cannot be solved by WEP? To put it simply, the low security of WEP comes from the sharing of one key by each device on the network? This key has an insecure factor. the weakness in its scheduling algorithm allows malicious hackers to easily intercept and destroy the WEP password and access the internal resources of the LAN? ,.

Is WPA a new technology that inherits the basic principles of WEP and solves the disadvantages of WEP? Since the algorithm for generating encryption keys is enhanced, even if the group information is collected and parsed, it is almost impossible to calculate the general key? The principle is to generate different keys for each group based on the general key and the serial number indicating the computer MAC address and group information? This key is then used for RC4 encryption like WEP.

Through this processing, the data exchanged for all group information of all clients will be encrypted by different keys? No matter how much data is collected, it is almost impossible to crack the original universal key? What other functions and authentication functions are added to WPA to prevent data tampering? With these features, all of the shortcomings previously criticized by WEP can be solved? WPA is not only a more powerful encryption method than WEP, but also has a richer connotation? As a subset of the 802.11i standard, does WPA contain authentication? Encryption and data integrity verification are three components that constitute a complete security solution.

We would like to remind you that the data transmission encryption function is disabled when many wireless routers or APs are leaving the factory. If you use it without further settings, then your wireless network becomes a "unlimited" decoration. We recommend that you use WPA encryption.
Wireless Router Security Settings: MAC address-DNA in the online world

Since each wireless network card has a unique physical address MAC in the world, you can manually set a list of wireless network card MAC addresses for a group of hosts allowed to access in the Wireless AP (or wireless router, implement physical address filtering? This requires that the MAC address list in the AP be updated at any time.

Setting MAC address filtering for routers is too heavy for large wireless networks, but not for Small wireless networks, so we should not be afraid of trouble? The MAC address can be forged theoretically, so it is a low-level authentication method. We recommend that you set the MAC address filtering function for wireless networks in the home and small office areas.

Wireless Router Security Settings: SSID-hide yourself

Generally, a wireless router provides the "allow SSID broadcast" function? If you do not want your wireless network to be "easily" searched by another wireless network adapter, you 'd better "Disable SSID broadcast "? In general, the SSID is the name given to the wireless network. It is used to distinguish different wireless networks.

SSID is the first element of wireless network discovery by a wireless network adapter. After the Broadcast SSID is enabled, the wireless network adapter will automatically find the network and try to connect to it within the effective coverage of the wireless network? If we do not want to expose our wireless network to the public, we should think of hiding our wireless network SSID and disable the "Broadcast SSID" function. After "Broadcast SSID" is disabled, the wireless network adapter will not automatically find the wireless network. Do you need to manually add the SSID to connect to this wireless network? We recommend that you hide the SSID.

Wireless Router Security Settings: How to make wireless networks more secure

According to Internet data, the following software is used: NetworkStumbler? WildPacketsAiroPeekNX? OmniPeek4.1 and WinAircrack. If these software has enough time to capture wireless network communication signals in the communication process, it can crack such attacks as WEP encryption, WPA encryption, and MAC filtering, SSID hiding and other wireless network security settings. This may sound disappointing. How can we make wireless networks safer?

Make sure that wireless access networks do not rely on WEP and other technologies as much as possible to adopt other more security measures. Currently, the main methods to achieve this goal include VPN technology, such: use security protocols such as Point-to-Point Tunneling Protocol (PPTP) or L2 Tunneling Protocol (L2TP), and VPN technologies such as IPSec and SSL. In this way, both the access control function and the end-to-end (Program-to-Program) encryption function can be obtained.

VPN technology, an end-to-end security solution, may be too complicated to be deployed for small networks and personal applications without technical support. This is a dilemma for small users, however, the WEB-based SSLVPN technology is relatively easier.

Wireless Router Security Settings: automatically obtain IP addresses or fixed IP addresses?

The DHCP (DynamicHostConfigurationProtocol) Dynamic Host setting protocol function is to automatically assign IP addresses to each computer in the LAN. Do you need to set IP addresses? Subnet Mask and other required TCP/IP parameters. It is divided into two parts: one is the server side (here refers to a Wireless AP or wireless router with DHCP service functions ), and the other is the client (the user's personal computer and other wireless client devices )? All IP network settings are centrally managed by the DHCP server and are responsible for handling the DHCP requirements of the client. The client uses the IP Environment Information allocated from the DHCP server.

If the DHCP function is enabled on a wireless router or Wireless AP to provide dynamic IP addresses for hosts connected to the wireless network, it is easy for others to use your wireless network. Therefore, it is necessary to disable DHCP for personal or enterprise wireless networks, unless at the airport? DHCP should be enabled in public wireless "Hotspot" areas such as bars? Generally, set the DHCP server to "disabled" under the "DHCP server" setting of the wireless router? In this way, the network is still unavailable even if the wireless network signal can be found. We recommend that you do not use static private CIDR blocks that are not commonly used. Instead, use the common private CIDR blocks 192.168.0.0-192.168.0.255.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.