WiFi Network Protection

Understanding WiFi Encryption

WiFi encryption protects the data transmitted between your devices and your router. Without encryption, anyone within range can intercept your traffic.

WEP (1997) Broken. Can be cracked in minutes with freely available tools. Never use.

WPA (2003) Improved over WEP but still has vulnerabilities. Avoid if possible.

WPA2 (2004) Strong security with AES encryption. Minimum recommended standard.

WPA3 (2018) Latest standard. Protects against offline dictionary attacks. Best choice.

Choosing a Strong WiFi Password

Your WiFi password is the primary barrier against unauthorized access. Follow these guidelines:

Length: At least 12 characters, ideally 16 or more
Complexity: Mix of letters, numbers, and symbols
Avoid: Dictionary words, names, addresses, phone numbers, or common patterns
Consider: A passphrase like "Sunset-Coffee-Mountain-42!" is strong and memorable

⚠️

Change the default password

The password printed on your router's sticker is often generated from predictable patterns. Always set your own unique password.

MAC Filtering

MAC filtering restricts network access to devices with specific MAC addresses (hardware identifiers). While it adds a layer, it is not a strong security measure because:

MAC addresses can be easily spoofed (faked) by attackers
It creates management overhead when adding new devices
It provides a false sense of security

Verdict: Use MAC filtering as an additional measure, but never rely on it as your primary protection. Strong encryption and a good password are far more important.

Hidden SSID: Pros and Cons

Hiding your network name (SSID) makes it invisible in the normal WiFi scanner list.

Pro: Casual users will not see your network
Con: Any attacker with basic tools can still detect hidden networks
Con: Your devices must broadcast the hidden SSID name to connect, which can actually leak information
Con: Causes connection issues on some devices

Verdict: Hiding your SSID provides minimal security benefit and can cause usability issues. Focus on strong encryption and passwords instead.

Monitoring Connected Devices

Periodically check which devices are connected to your network. Most routers show a connected devices list in the admin panel (often under "DHCP" or "Connected Clients").

What to look for:

Recognize every device on the list (by name, MAC address, or IP)
Unknown devices may indicate unauthorized access
If you find unknown devices: change your WiFi password immediately

On Linux, you can scan your network to discover connected devices:

sudo nmap -sn 192.168.1.0/24

On Windows, you can use:

arp -a

Summary

In this tutorial, you learned:

WiFi encryption standards and why WPA2/WPA3 are essential
How to choose a strong WiFi password
The limitations of MAC filtering and hidden SSIDs
How to monitor devices connected to your network

🎉

Your WiFi is now protected!