How to stop WiFi hackers?

In a WiFi network that it is not encrypted all traffic can be seen by others, they can get passwords, personal data or inclusive supplant the web page of the bank to that we are connecting to. Added to the fact that anyone can use a connection, which is linked to our name, to some unlawful purpose. I'm not saying that all our neighbours are pedophiles terrorists and killer of kittens, I'm saying that if someone it was, something not very probable but not impossible, the ideal way to communicate and interchange material with their similar without being exposed, would be through open WiFi networks.

Although the people when think that their connection are being stolen, don't take care by that can arrive the police to their house to arrest them, but that the connection are going slow and also the guilty is that unfriendly neighbour. A lot of people worry to that could occurs, so protects their network allowing only the access to the devices that have a determinate physical network address (MAC), and using some protocol that encrypts the communication as the WEP or WAP.

But any of these methods is secure. Actually only is secure the WAP2 or an authentification with digital certificate. A lot of people think that the MAC filter is infallible, due to an old legend that says that the MAC of a computer can't be falsified because is stored in read only memory (ROM) of the network card. Really this is copied to the RAM when the operating system starts and there can be modified. This can be do it directly from the control panel of Windows or with the command ifconfig of Linux, isn't necessary be super hacker. Also isn't needed be a super hacker to get the MAC of the computers connected or the encrypted password with WEP or WAP. There are a lot of programs that facilitates this task to the attacker. Searching a little by Internet, anyone can find them, the marks and models of network cards that can work in monitor mode to do this attacks, the difference between passive an active attack, etc.

My recommendations to avoid be the target of these attacks are:

- If we have the access point near of our computer, limit the output power of the signal to reduce the radius where can works the WiFi.

- If we can deactivate easily the WiFi, deactivate it when we aren't using it.

- Do the MAC filter with a white list.

- Activate WAP2 as minimum. If additionally you can setup if you want TKIP+AES or only AES, then chose only AES.

- Change the passphrase regularly and that really be a long phrase. If we use a word someone can find it quickly by brute force (trying all the keys), because there are programs that using the GPU (graphical processor unit) can search keys reducing hundred times the necessary time needed to find the key. If we use a passphrase the needed time will be of million of years and reduce the time hundred of times don't serves too much.

Finally, if after all of this you continue without trusting your WiFi, you can do as me: deactivate the WiFi, remove the antennas of the router and put cables all over the house.