Securing Your Network with WPA2 and AES
In this section, we’ll make the changes required to ensure that we have the router’s security options set to MAX. But before we do, we need to introduce all of the gibberish that will come across in the router configuration interface.
Network security technoglyphs
As you wander about the screens of your router’s configuration interface, you’re going to come across a series of mystifying technical hieroglyphs (technoglyphs). These can, at first, appear quite threatening. The good news is that we don’t actually have to understand what they mean before we can secure our network. We just have to know which are the GOOD ones, and which are the ones to AVOID. We’ll cover that now.
AVOID
Below is a list of network security options that you should avoid. Your router will happily let you choose these options, but in doing so, your network will be insecure. So, unless advised otherwise by an expert, your router’s security configuration should not include any of the following:
Protocol Settings to Avoid
Open, None
If you are using these settings then your network has zero security. Not recommended.
WEP, WPA
If you are using either of these settings then your network is vulnerable. Not recommended.
TKIP
Avoid. Use AES instead.
Mixed, Auto, “WPA/WPA2”
If you are using any of these settings then your network may become vulnerable. Note that when you see WPA2 by itself, it is GOOD but when you see WPA2 in combination with WPA (as we do here), it is to be AVOIDED.
Enterprise
This is for businesses and not for home networks, so you'll not be using this.
GOOD Security Settings
The following technolglyphs are GOOD and should be used in preference to anything else:
WPA2
This is the safest security protocol and should always be used.
AES
This is the strongest encryption method and should always be used.
PSK
PSK does not impact security – it’s OK if you select an option with PSK. It’s OK is you select an option without PSK.
Personal
Personal does not impact security – it’s OK if you select an option with Personal. It’s OK is you select an option without Personal.
How to configure your router’s security options without having a clue about what you’re doing
There is no such thing as a simple set of instructions for configuring every router. Each router is different and each router’s configuration interface is different. And they change over time. So providing an exhaustive set of instructions for the world’s routers is out of scope of this document. Instead, you'll find general guidance for feeling your way around the interface and picking the most secure options.
Navigating the interface
Most router configuration interfaces are split into BASIC and ADVANCED sections. To secure our network, we first need to find the Wireless Security Options. These are typically in the BASIC section, under WIRELESS. The way that most of us find the right screen is to start clicking on anything that mentions ‘wireless’ or ‘security’, and when you start to see some of the gibberish from the lists above, then you know that you are in the right place. You can't break anything by clicking around the interface, as long as you don't hit SAVE.
Once we have located the correct Wireless Security screen, we’re ready to start setting our network security.
As per the GOOD section above, we are going to set our network security so that it reads 'WPA2' and 'AES'. If the settings include a reference to 'PSK', that’s fine. If the settings include a reference to ‘Personal’ that is also fine. The important thing is that your network security settings read 'WPA2' and 'AES' and do not include anything from the AVOID section.
Note
Note that the network security options may be presented in single or multiple lists, depending on how confused the router manufacturer wants you to be. The trick here is to familiarize yourself with the available options, and make sure you steer clear of anything in the AVOID section. If really desperate, you could also try consulting the manual - though I suspect that this will be equally as mystifying.