A secure password is a prerequisite for a secure WLAN network.
(photo: picture alliance / florian schuh/dpa-tmn)
If routers and WLANs are not secured, all connected devices are at risk, and so is the data stored on them. Ntv.De shows how to protect your home network from hackers in just a few steps.
Last May, a warning from the German Federal Office for Information Security (BSI) about a vulnerability called "fragattacks" caused a stir caused a big stir because virtually all WLAN devices were affected, especially routers. Hackers can not only access the affected devices via the gap, but may also be able to carry out other attacks in the network. The widely used fritzboxes were also affected, but manufacturer aVM has since secured all still-supported routers and accessories with updates, most recently also some devices that are more than five years old.
In "fragattacks" it’s a vulnerability that gives hackers a lot of work to do. However, it is often much easier for them to penetrate networks because many users do not secure their routers at all or only inadequately. in the worst case, they can then take information from connected devices or even take them over. Ntv.De shows how to protect routers and WLAN from attacks.
Anonymous WLAN name
A first step is to change the name of the network (SSID) in the router’s user interface and to choose an anonymous term for it. This does not directly protect a network, but it makes it a bit more difficult for hackers to attack it, especially in multi-family homes. in the factory settings you will also receive information about the router you are using, where you may know about unclosed security holes and how to exploit them.
– if you have a fritzbox you can reach the user interface by typing "fritz" into the address line of your browser.Box" enters. Then you can change WLAN – radio network – radio network name change the SSID.
Protect router access
After renaming the SSID, you should change the default password or set up a password to access the router to change settings.
– the password of a fritzbox can be changed under system – fritz!Box user – user.
– a secure password is as long as possible and consists of letters, numbers and special characters that do not make sense.
– if possible you should not use a WLAN connection to change the router settings, but connect the computer via LAN cable instead.
– when you are done, end the session before you continue surfing. The access to the user interface usually remains open and you will be logged out after a certain time. with the fritzbox this takes 20 minutes.
use two-factor authentication
if offered, you should activate the two-factor-authentication. This means that in addition to entering the password, a confirmation is required to change critical settings, for example by means of a PIN sent via SMS.
– in case of a fritzbox you can also use a connected phone or the google-authenticator-app for this purpose. The setting can be changed under system – FRITZ!Box-user – additional confirmation.
change WLAN password
It is especially important to change the WLAN password (SSID password). the preset combination is usually written on the back or bottom of a router and is therefore anything but a secret. Sometimes it consists only of zeros or ones, which is the first thing every attacker tries out.
– here, too, it is important to choose a password that is as secure as possible, even if it can be annoying to enter long, complicated combinations the first time a new device is connected.
– in the menu of the fritzbox you change the WLAN password under WLAN – security – encryption – WLAN network key .
choose highest WLAN encryption
The best password is of little use if the WLAN connection is not encrypted or not encrypted well enough. therefore it is important to set the best possible protection here.
– the most common method is WPA (Wi-fi Protected Access), which defines how the router and WLAN device negotiate a common key for the connection.
– the original WPA is now outdated and is no longer secure. The current standard is WPA2, the best encryption is achieved with WPA3.
– in the settings of the router there is often an option that automatically selects WPA or WPA2 for older WLAN devices. it should not be used. If there are still devices in the household which can only do WPA, it is time to get rid of them. They do not receive any updates (for a long time) and represent a great security risk for themselves.
– the checkbox should be set to WPA2 or WPA2 or WPA3 respectively.
– in the menu of the fritzbox you can change the WPA settings under WLAN – security – encryption.
As you can see from the example of "questionattacks as you can see, it is essential for router security that its software is kept up to date and that available updates are installed regularly.
– it is best to enable automatic updates so that you do not miss them.
– in the fritzbox user interface you can find the corresponding settings under system – update – FRITZ!OS version respectively – auto-update.
WPS not permanently active
WPS (Wi-fi Protected Setup) is a convenient thing to do. because it saves the input of the WLAN password when connecting new devices. especially the PIN method is not very secure. The router will generate a short code, which you can then enter on the WLAN client.
– you don’t have to give up the comfort completely, but you should deactivate WPS as long as you don’t need it.
– WPS-PBC (WPS-Push-Button-Configuration) is generally considered secure. You press physical buttons on the router and WLAN device one after the other. However, theoretically a visitor can also do this quickly if he is briefly unobserved.
– the fritzbox uses WPS-PBC by default. to turn it on or off, go to the settings and select WLAN – security -WPS-quick connectiong.
Set up guest access
Maybe guests can be trusted, but not necessarily the devices they bring with them, which may have unnoticed malware on board. That’s why it’s better to set up your own WLAN access, which allows you to connect to the Internet, but not to the home network.
– with a fritzbox you can find the corresponding settings under WLAN – guest access. Here you have to private WLAN guest access because the second option sets up a public WLAN hotspot where the transmission is basically unencrypted.
if you don’t need WLAN, you can switch it off. This saves a bit of power and the network is not vulnerable. you can press a button on the router every time or activate a timer, which switches the network off or on at certain times.
– the time switch of the fritzbox is controlled via WLAN – timeout to. Practical: you can specify that the wireless network is only switched off when no WLAN device is active.
use MAC filter?
it is often advised to activate the mac address filter of the router. Access to each new device must be allowed, even if the owner enters the correct password. At first glance, this seems like a logical step, but hackers will only be able to smile. The filter keeps at most neighbors in radio range from playing password rates. If you have set up a secure password, as recommended above, a mac-filter makes no sense and only makes things unnecessarily complicated.
– who would like to filter nevertheless, goes in the fritzbox surface to WLAN – security – encryption. There you can find the appropriate settings under the list of all devices approved so far.