How to do with another box?
All the operations described here are carried out using a Orange Livebox. But do not worry: whatever the model of your box or your router, its possibilities are similar and generally bear the same titles. You can therefore perfectly carry out the changes described here on a Freebox, an SFR Box, a Bbox, etc.
Wi-Fi is now everywhere in our home: in our boxes or our routers, of course, but also in our computers, our smartphones, our tablets, our game consoles, our connected speakers … But when the first connections appeared Wireless, we thought that a simple key WEP would be enough to protect the famous wireless network. And yet, the protocol did not last long, and in 2005, the FBI itself demonstrated that it was possible to hack the famous key in a few minutes, and thus to access the whole of a Wi-Fi network. Consequently, we turned to the keys WPA and WPA2, considered much more secure. And that’s true, because coming to the end of a WPA or WPA2 key requires a lot more time … which nevertheless implies that the protocol is not inviolable. In 2008, researchers Martin Beck and Erik Tews managed to undermine this kind of key by detecting a security flaw in it. And they have since been joined by other “discoverers”, who have also highlighted the shortcomings of WPA and WPA2.
But then, who to trust? Can we still repel intrusion attempts, and make sure that its Wi-Fi network is completely secure ? The answer is simple: “yes”. Here are a series of tips that will help you improve your entire home network, and prevent malicious people (or your neighbors) from connecting to it.
>> Read also: Wi-Fi: how to improve the quality of your connection
1. Access your box or router
First of all, start with yourself connect at your ADSL / fiber box, or to your router if you have one. Open your Navigator (Firefox, Chrome, Microsoft Edge, Safari…) and in the address bar, enter theIP from your box. It is generally in the form “192.168.xxx.xxx”. In Orange or SFR for example, it has the address 192.168.1.1. However, at Free, it’s even simpler: just enter http://mafreebox.freebox.fr in the address bar, and voila. Then enter your username (admin, in most cases) and your password (sometimes the same as that of the Wi-Fi key, which you will find written on the back of the ADSL box or the router). You can then access the configuration of your device. Note that there is, in the event of a problem, another way to connect to the box, without entering the username and password. Just press the small “service” button on your box to remove the password protection system for a few minutes.
2. Who is connected to the network?
You can at any time verify that other people are not connected to your network without your knowledge. On all box models (Freebox, Neufbox, Livebox, etc.), you have two types of viewing: one allowing you to view all the devices connected to your box, whether wired or Wi- Fi (sometimes located in the tab Network > Connected workstations, or otherwise directly accessible from the first page, as in the example above). The other graphic representation only lists the machines connected by Wi-Fi (tab Wireless > Connected workstations). The list in question takes into account all computers, as well as tablets, smartphones or game consoles connected to your box. It specifies the MAC addresses and IP addresses locally of each device.
3. Change your Wi-Fi key
Go to the tab my WiFi and look for a part mentioning the security of your box or your router. This is where you can consult the device Wi-Fi key, as well as its security level. Always choose a WPA or WPA2 level, unless you have an old device (like a first generation PSP, for example) that only supports WEP. In the field Security key, click on modify: you can then change the security code that you must enter each time you connect a new device to your network. Ban all passwords like this 12345678, azerty, Date of Birth, first name, nickname, etc. Feel free to mix uppercase, lowercase, numbers and special characters like the asterisk. You can also use a key generator. There are line services like the one offered by SkyMinds, or that of Delahaye.fr, or even better: free software like WiFi Password Key Generator. Be careful though: the more complicated the key and contain special characters, the more difficult it will be to memorize it and enter it on devices like game consoles. An alternative, perhaps a little less secure, but still more practical, rest to use two or three terms simple to remember and spelled backwards, and interspersed with special characters and of figures.
>> Read also: How to install a VPN? To do what ?
4. Filter MAC addresses
As a reminder, a MAC address is a unique identifier number, assigned to any type of computer or electronic equipment, be it a PC, a game console, a smartphone, etc. Thanks to MAC address filtering, you can really determine which devices have the right to connect to the network, in order to ban all others. This option is usually found in the tab Wireless, under the name MAC filtering (in the example above, it is accessible via the tab my WiFi > Advanced WiFi > MAC filtering > activate). Add the MAC addresses of all the devices that have the right to connect to your Wi-Fi network, one by one. If you want to know the MAC address of a device, you have several options:
- either from the interface of your box or your router. On Orange boxes, a list of MAC addresses of all connected (or recently connected) devices appears. These are the devices you need to add to the list of devices authorized to connect. On an SFR box, just click on Network > General. You should see a list of all connected devices, so you can find out their MAC addresses.
- either directly from a device or a computer. In Windows for example, press the keys [Windows] + [R]. Enter the term cmd. In the window that appears, simply enter the command getmac. The MAC address of your PC is then displayed on the first line, below the mention Physical addressOn other devices (game console, multimedia player, etc.), the MAC address is generally accessible from the Settings> System info function (or something similar depending on the device).
5. Removing DHCP
The DHCP (Dynamic Host Configuration Protocol) dynamically generates local IP addresses for all devices that want to connect (wired or Wi-Fi). The advantage is that each new machine that wants to connect to the Wireless will automatically have a local IP address, without you having to configure anything. The downside is that a hacker can then easily join your network by assigning a free IP address. Ideally, to counter any threat, the first step is to limit the number of IP addresses assigned by the DHCP server. On a Livebox, Click on Advanced configuration. The first tab that appears must correspond to that of the function Network configuration > DHCP. Count the number of devices you want to use in your home or office. Allocate as many addresses as necessary, specifying the first in the field start IP address, and the last one in end IP address. Note that the box is not part of it, and that its address is specified in the field Livebox IP address (it is generally around 192.168.1.1). Click on record.You can go even further in this kind of setting by assigning a very specific IP address to each device, so that no one else comes to steal the IP that is normally allocated to it. To do this, go to the Static DHCP Leases section, and add each device one by one according to its MAC address (go to step 4 to find the MAC addresses of all your devices).
>> Read also: Free Wi-Fi: the pitfalls to avoid
6. Hide the Wi-Fi network name (SSID)
This is a fairly simple operation which allows your box to no longer be visible from other computers. Go to the tab my Wifi and click Advanced WiFi. In the name of the network section WiFI (SSID) > broadcast the SSID, check the option No. As a result, your network is invisible to computers and smartphones that have never connected to your Wi-Fi box. As a bonus, you can also muddy the waters. Some hackers still manage to find the name of an SSID using a glossary of the most frequently used terms to designate a box on a router. By clicking on the option edit (always from the function WiFi network name) you are free to change the name of the SSID, for example by choosing a somewhat complex term interspersed with special characters or numbers.
7. Bonus: deactivate WPS
Last step, but which is not always necessary: deactivate the WPS (Wi-FI Protected Setup). This protocol actually allows you to connect two devices, without having to enter the WPA2 code. It’s the famous little button that you have to press on your box and that opens for 2 or 3 minutes your Wi-Fi network, so that your PC can connect to it during a first configuration. It is also the pin code located on the back of a router, and you only need to enter the PC to be instantly connected to the device. And it’s also the possibility of connecting in NFC to a box or router, by simply approaching a smartphone. But the WPS is far from infallible. As soon as your PC is connected to it, you can deactivate it. Note, however, that it can already be deactivated depending on the box or router you are using (hence the “bonus” as title). To do this, go to the tab myWifi, then on Advanced Wifi. Click on the function Disabled up to the line Wifi Protected Setup (WPS) and validate.