Вай фай защита wpa psk

What are WPA-PSK/WPA2-PSK, TKIP and AES? | Understanding types of internet encryption

In articles about network security, the terms ‘protocol’, ‘standard’ and ‘certification’ and ‘program’ are often used interchangeably when talking about encryption. What one source, website, or individual refers to as a ‘protocol’, for instance, might be referred to as a ‘standard’ elsewhere.

In articles on network security, the terms ‘protocol’, ‘standard’ and ‘certification’ and ‘program’ are often used interchangeably

The first things we examine below are certification programs. WPA, WPA2, and WPA3 are the three wireless network certification programs we’ll be discussing in this article. These are occasionally referred to as encryption standards themselves.

Certification programs – in this case for Wi-Fi networks – use encryption protocols to secure data transmitted over a given Wi-Fi connection. An example would be TKIP, the Temporal Key Integrity Protocol. How encryption protocols encrypt data is determined by ciphers, which are essentially just algorithms that shape the process. An example of this is AES (which, confusingly, stands for Advanced Encryption Standard).

Authentication methods or mechanisms are used to verify wireless clients, such as a Pre-Shared Key (PSK), which is essentially just a string of characters. In cryptography this is called a ‘shared secret’ – it’s a piece of data known only by entities involved in the secure communication it is being used for. An example of a PSK would be a Wi-Fi password, which can be up to 63 characters and usually initiates the encryption process.

Security certification programs

All networks need security programs, certifications, and protocols to keep the devices and users on the network safe. For wireless networks, a number of security certification programs have been developed, including WPA and WPA2.

Wired Equivalent Protection (WEP)

WEP was the original wireless network security algorithm, and as you can probably tell by the name, was designed to supply a given network with the security of a wired one. WEP uses the RC4 cipher. However, WEP isn’t very secure at all, which is why it’s not commonly used, and is wholly obsolete when compared to later protocols. Everyone on the network shares the same key – a form of static encryption – which means everyone is put in harm’s way if one client is exploited.

Читайте также:  Нет трафика через wifi

Wi-Fi-Protected Access (WPA)

WPA is a more modern and more secure security certification for wireless networks. However, it is still vulnerable to intrusion and there are more secure protocols available. Wireless networks protected by WPA have a pre-shared key (PSK) and use the TKIP protocol – which in turn uses the RC4 cipher – for encryption purposes, making WPA-PSK. This is also not the most secure program to use because using PSK as the cornerstone of the certification process leaves you with similar vulnerabilities to WEP.

Wi-Fi-Protected Access 2 (WPA2)

WPA2 is another step up in terms of security and makes use of the Advanced Encryption Standard (AES) cipher for encryption, which is the same cipher the US military uses for a lot of its encryption. TKIP is replaced with CCMP – which is based on AES processing – providing a better standard of encryption. There is both a personal version (which supports CCMP/AES and TKIP/RC4) and an enterprise version (which supports EAP – the Extensible Authentication Protocol – as well as CCMP). See our guide to WPA2 for more information about it.

Wi-Fi-Protected Access 3 (WPA3)

WPA3 was only recently developed in the last three years and isn’t yet in widespread use. WPA3 also has Personal and Enterprise options, and is described by the Wi-Fi Alliance as having:

New features to simplify Wi-Fi security, enable more robust authentication, deliver increased cryptographic strength for highly sensitive data markets, and maintain resiliency of mission-critical networks.

Ciphers and protocols

Above, we looked at exactly which certification programs are the most up-to-date, as well as what encryption protocols and ciphers they use to secure wireless networks. Here, we’ll briefly run through how they work.

Ciphers

Ciphers – which, as we mentioned before, determine the process by which data is encrypted – are an important part of securing a wireless network. RC4 – short for Rivet Cipher 4 – which is a stream cipher. Stream ciphers encrypt data one bit at a time, using a pseudo-random bit generator to create an 8-Bit number. Created way back in 1987, it was lauded for its speed and simplicity for many years but now is recognized to have several vulnerabilities that leave it open to man-in-the-middle attacks, amongst others.

Читайте также:  Утилита включения вай фай

Vast improvement has come in the form of the AES, which is an acronym for Advanced Encryption Standard. AES is a symmetric block cipher. It’s symmetric in the sense that there is just one key used to decipher the information and it is classified as a ‘block’ cipher because it encrypts in blocks of bits instead of bite-by-bite like a stream cipher. It uses key lengths of 256 bits, which makes it virtually impenetrable to brute force attacks (on present computing power). AES encryption is the US federal standard for encryption and is considered the strongest widely-used form ever created.

Encryption protocols

The Temporal Key Integrity Protocol was designed with WEP’s vulnerabilities in mind. WEP used a 64-bit or 128-bit encryption key that had to be entered on wireless access points and devices manually, and the key itself would never change. TKIP, on the other hand, implements a per-packet key, meaning that it creates a new 128-bit key for each data packet in a dynamic fashion.

The Counter Mode Cipher Block Chaining Message Authentication Code Protocol is the step up from TKIP largely because it uses the AES cipher, the security-maximizing properties of which were discussed above.

Different combinations and which is safest?

Below is a rundown of some of the different combinations the wireless networks you regularly connect to might use for their security.

Option Option Safety level
Open Network This is the kind of network you might find in a café or outside at a tourist spot. It requires no password which means anyone can connect to the network. Very Risky
WEP 64/128 Although WEP 128 is more secure than WEP 64 – it uses a bigger encryption key – these are both old, outdated, and therefore vulnerable. Very Risky
WPA-PSK (TKIP) This is a pairing of the older security certification program with an outdated encryption protocol, so isn’t very secure either. Risky
WPA2-PSK
(TKIP)
Using an outdated encryption protocol that isn’t secure defeats the purpose of using WPA2, which is a secure Wi-Fi certification program. Risky
WPA2-PSK (AES) This is the latest encryption cipher paired with the most up-to-date and secure certification program, combining to make the most secure wireless network option. Secure

Written by: Aaron Drapkin

After graduating with a philosophy degree from the University of Bristol in 2018, Aaron became a researcher at news digest magazine The Week following a year as editor of satirical website The Whip. Freelancing alongside these roles, his work has appeared in publications such as Vice, Metro, Tablet and New Internationalist, as well as The Week’s online edition.

Читайте также:  Внешний ретранслятор wifi сигнала

Источник

Как обезопасить/защитить мою беспроводную сеть с помощью WPA-PSK/WPA2-PSK при использовании беспроводного маршрутизатора TP-Link 11N?

Дата последнего обновления: 08-31-2011 14:38:25 PM 624507

TL-WR841ND , TL-WR842ND , TL-WR843ND , TL-WDR4300 , TL-WDR3500 , TL-WR720N , TL-WR841N , TL-WDR3600 , TL-WR710N , TL-WR842N , TL-WR740N , TL-WR741ND , TL-WR840N , TL-WR940N , TL-WR743ND , TL-WR841HP , TL-WDR4900 , TL-WR941ND , TL-WR1043ND , TL-WR1042ND , TL-WR702N , TL-WR700N , TL-WR810N , TL-WR843N

Шаг 1 Откройте веб-браузер, наберите IP -адрес маршрутизатора (192.168.1.1 по умолчанию) в адресной строке и нажмите Enter .

Шаг 2 Введите имя пользователя и пароль на странице авторизации, по умолчанию имя пользователя и пароль: admin .

Шаг 3 В меню слева выберите Wireless (Беспроводная связь) -> Wireless Settings (Настройки беспроводных сетей), откроется окно настройки беспроводных сетей.

Идентификатор SSID (имя беспроводной сети): задайте новое имя для вашей беспроводной сети

Канал: 1, 6 или 11 подойдут лучше, чем Auto (Авто).

Поставьте галочку в полях «Enable Wireless Router Radio» (» Включить беспроводной маршрутизатор «) и «Enable SSID Broadcast» (» Включить вещание SSID»).

Шаг 4 Нажмите Save (Сохранить) для сохранения настроек.

Примечание: После нажатия кнопки Save (Сохранить), появляется сообщение “Изменения настроек беспроводной сети начнут работать только после перезагрузки компьютера, пожалуйста, нажмите здесь, чтобы перезагрузить компьютер сейчас”. Вам не нужно перезагружать маршрутизатор, пока вы не завершите все настройки беспроводной сети.

Шаг 5 В меню слева выберите Wireless (Беспроводная связь) -> Wireless Security (Безопасность беспроводной сети), с правой стороны включите опцию WPA — PSK / WPA 2- PSK .

Version (Версия): WPA — PSK или WPA 2- PSK

Encryption (Шифрование): TKIP или AES

PSK Password (Предварительно выданный ключ): укажите пароль (длина предварительно выданного ключа от 8 до 63 символов.)

Шаг 6 Нажмите Save (Сохранить) для сохранения настроек.

Шаг 7 В меню слева выберите Systems Tools (Служебные программы) -> Reboot (Перезагрузка). Перезагрузите маршрутизатор для того, чтобы настройки вступили в силу.

Примечание: Если вы настраивали безопасность, то настройки безопасности должны быть такими же у клиента (беспроводной адаптер) для подключения к беспроводной сети (маршрутизатору).

Был ли этот FAQ полезен?

Ваш отзыв поможет нам улучшить работу сайта.

Что вам не понравилось в этой статье?

  • Недоволен продуктом
  • Слишком сложно
  • Неверный заголовок
  • Не относится к моей проблеме
  • Слишком туманное объяснение
  • Другое

Как мы можем это улучшить?

Спасибо за обращение
Нажмите здесь, чтобы связаться с технической поддержкой TP-Link.

Источник

Оцените статью
Adblock
detector