With the development of wireless technology, more and more people began to use wireless internet, install a wireless router or AP, you can freely mobile internet, free from the constraints of the cable. But when you rub off the net, do you still feel like you have a wireless network that you can only enjoy on a secure scale? The answer may be negative.
In general, our wireless router or AP now supports WEP/WPA/WPA2 three encryption methods, if you do not set up encryption for wireless networks, or if you think you are lucky to use WEP encryption, it is possible that people around you are secretly sharing resources with you.
There are also a lot of reports about WPA being cracked, but in practice, to crack WPA-PSK is not as much as WEP to catch a lot of packets can be cracked, the key is to get the handshake package. After the WPA handshake Verification Package is obtained, the attacker will use brute force mode for WPA password cracking, as well as the use of a targeted dictionary prior to the dictionary to crack the attack. So is it possible to say that as long as there is enough space to consider a comprehensive dictionary, the solution of WPA is actually a matter of time. In accordance with the current mainstream stand-alone configuration, in the WPA cracking rate is maintained in 100-300k/s (k/s to crack the number of key calls per second), at such a rate to break a 5-bit WPA password with a combination of lowercase letters and numbers, it takes about 2-7 days; This is a 5-bit WPA password, if the use of the WPA password longer, or the use of letters + numbers + special characters, then the crack time will be a geometric level of growth into astronomical, and crack time units will be calculated by year.
We already know that the WPA system is more secure than WEP, according to the previous content. So how do we make sure that the wireless network is secure in the actual use of the wireless router? In fact, it takes only a few steps, a few minutes, to keep us from getting rubbed off. Let's take the D-link wireless router For example to see what settings are required. Other models of wireless routers may have different configuration interfaces, but the functionality required for configuration is the same.
The first step is to modify the SSID
After landing router configuration interface, click on "Wireless Installation"? "Manual Wireless Internet Installation"
The following figure shows that the SSID in the default state of the router is DLink, while the SSID is broadcast state.
Modifying the SSID name, called TESTWPA, prevents the wireless network connection from being blocked by an SSID conflict with a similar product, and avoids an attacker guessing the SSID easily.
Step two, hide the SSID
While the iron is hot, after modifying the SSID, check the "Enable hidden wireless" option below. In this case, we will not be able to find your wireless network when we use Windows to search for a wireless network with our wireless management program.
Step three, set up wireless security encryption
Generally speaking, router factory set wireless security mode is not enabled, that is, by default, the wireless network is not encrypted, any PC as long as the wireless card can connect. So the crucial step we're making now is to encrypt our wireless network, as mentioned above, where the current WPA/WPA2 encryption is the safest, where we choose to "Enable WPA/WPA2 wireless Security (enhanced)."
When you are enabled to see the following need to fill in WPA/WPA2 information, at this time the password type select the highest security level of AES, in addition to the network key to fill out the password you want to set, the password requires 8-63-bit ASCII, that is, you fill out more than 8 letters, numbers or special characters can The higher the password complexity, the more difficult it is to crack. The remaining options remain in the default state.
The above SSID is modified and hidden, the wireless encryption is done, you can use the "Save Settings" button to make these functions effective. If you are using a router with these features that are not in a single configuration interface, you can also set and save them to take effect.
Step Fourth, admin password modification
And in the third step, we've seen, the wireless network key for the configuration interface does not render the origin or the * character, so if someone else is connected to your local area network, you can log in to your router to view the configuration information, including the wireless key, in addition to sharing your network resources, It is also possible to make your ADSL account password, etc. leaked out. To avoid this, we'll add a password to your router admin permissions. Routers generally default to empty passwords, or admin, etc., so you can "maintain"? "Settings Management", fill out "New password", and then "Confirm password" fill, and finally click "Save Settings" to make it effective on it.
When you log on to the router again, you will need to fill in the password you just set before you can log in.
Step fifth, add MAC address filtering
MAC address is the only network identification of each hardware device, where the MAC address that needs to be filled in is the MAC address of your PC network card or wireless network card. As an example of the Windows XP operating system, you can view the MAC address of your PC by following these steps. Click "Start"? "Run", typing cmd, then click "OK".
In the MS-DOS interface that pops up below, enter the command Ipconfig/all and return.
Back to the router configuration interface, to find the Mac filter rule, select "Turn on Mac filtering, allow the computer on the list to access the network", add the MAC addresses of each PC you want to connect to DIR-605, add 25 items, and then click Save Settings to make it effective. When this feature is configured, PCs that do not appear in the MAC filtering rule are not connected to the DIR-605 properly.
So how do you connect to the top of a wireless network that hides the SSID, and here's a demo of the WinXP system for example.
We've just set up a wireless network with the SSID as TESTWPA, but it hides its SSID, so we can't search for it when we use XP "view available wireless networks."
When you click on "Change advanced Settings", the Wireless Network Connection Properties dialog box appears, where we manually set up a wireless network so we can connect to the DIR-605.
(1) in the Network Name (SSID): Fill in our set in the DIR-605 SSID------TESTWPA;
(2) Wireless network key: network authentication select WPA2-PSK; Data encryption select AES; then fill in the wireless network key set up on the router and confirm it.
In addition, look at the Validation tab to ensure that the IEEE802.1X authentication enabled for this network is not checked.
Once you have completed the above, you will find that you see the network TESTWPA that we have just established in the Wireless network connection properties------preferred network.
Click OK again and make sure that your wireless network connection automatically gets the IP, when the wireless network is automatically connected to the DIR-605.