Fritz! Box security: this is how you protect your router properly

All-round protection in 20 minutes

The Fritz! Box as a cost trap and gateway for hackers and malware? At the latest when the phone bill turns out to be too high, it becomes clear that the router must also be protected. We explain the most important settings for your home network.

The Fritz! Box runs wonderfully ex works. You give the router 20 minutes yours Attention, you can also set up protective measures against hackers, malware, costly phone calls and data loss. We explain how this works in this article.

Foreign phones on the network

After the major attack on all Fritz! Box customers, now is a good time to react and secure the entire box – so that you won’t be affected next time.

Briefly about the current problem: Due to a security hole, hackers could set up telephony devices on the Fritz! Box and initiate chargeable calls to a special number. If not already done, first find out whether your hardware is affected. A list of AVM manufacturers can be found here. You should also go to "Telephony / Telephony Devices" Check whether foreign, unknown devices have nestled – if so, create a complete backup for the purpose of preserving evidence "System / Data".

countermeasures

Then you should carry out two measures: Get the latest version of Fritz! Box OS from AVM and install it via the Fritz! Box interface at "System / Data" – you should of course create a backup of the current system beforehand, just in case. Second, change all your passwords on the Fritz! Box, check the following places to see if you have set passwords:

Internet / Shares / Dynamic DNS
Internet / approvals / VPN
Internet / MyFRITZ!
Home network / storage (NAS) / online storage
Home Network / Media Server / media sources
WLAN / Security
WLAN / Guest Access
DECT / base station / application
System / Push Services / Sender
System / Fritz! Box User / User
System / Fritz! Box user / registration in the home network

In the area "WIRELESS INTERNET ACCESS" there are some security-related settings, starting with the home page "radio network". By default, the name of the WLAN is visible to everyone, which makes automatic registration of new devices easier. If only the permanently installed devices access it, the visibility turns off – especially useful if your wireless network is around "fritzbox_schmidt" or similar means that third parties can then easily see when you are online.

On the same page below, the registration of new devices can be removed by changing the setting "limit Wi-Fi access to the known Wi-Fi devices" activated. If this is too restrictive for you because guests sometimes want to surf with their smartphones, activate it under "guest access" a separate WiFi access. This guest access is through the profile "guest" protected, which, among other things, blocks content that is harmful to young people via a BPjM filter. In addition, guest access can be deactivated automatically after a specified period of time. Speaking of: the point "timing" is intended for saving electricity, but also in terms of security, it is a good idea to switch off the WLAN at night or during working hours, for example – what doesn’t work cannot be hacked.

Under "WLAN / Security" you should make sure that the default "WPA encryption" is set – "WEP encryption" is extremely unsafe and should no longer be available as an option. Use a good password, preferably consisting of special characters, numbers and letters. Changes to the tab "WPS quick connection" and deactivates them – registering new devices at the push of a button without entering a password is convenient, but insecure and is rarely required. Finally activated under "System / events / wireless / index.html" the logging of registrations and de-registrations, so that in case of doubt you have some more data for analysis – in any case it does no harm. You can find out more about WLAN encryption in our background article.

Home network and internet

As with WLAN, the Fritz! Box offers guest access for LAN. Once you get this under "Home Network / Network / Network Settings" activated, you can safely allow guests to connect devices directly to the yellow socket on the back of the Fritz! Box. Connected in this way, guests can go online, but not access your home network. It is equally important to set a password under "System / Fritz! Box user / registration in the home network", so that your painstakingly protected Fritz! Box cannot be reconfigured by everyone in your local LAN.

In the area "Internet" there is only one setting that you should deactivate if necessary: Under "Internet / releases / Fritz! Box services" you switch off access to the Fritz! Box via the Internet – unless you want to access the Fritz! Box settings on the go. Even if access is deactivated, the port forwarding of the Fritz! Box remains active and the home network can be reached from the Internet, just not the Fritz! Box interface. The NAS that you want to access from the Internet remains unaffected.

A tip for users of the Fritz! Box Cable: Some DSL providers almost miss you a fixed IP address – the usual forced separation after a day is not always the case with cable DSL. In order not to be constantly on the move with the same IP in the network, because this makes it easier for you to identify, you should now and then manually "Reconnect" under "Internet / Online Monitor" click. But be careful: This does not necessarily guarantee a new IP, for example, NetCologne sometimes insists on the same address for weeks.

Telephony and users

Telephony doesn’t sound like a threat, but it is one of the few ways that hackers can do financial damage. Check out regularly "Telephony / Telephony Devices" to find out whether there are any unknown devices. A good general precaution is to block special numbers or long distance calls "Telephony / call handling / Barring", unless you need them regularly.

Under "System / Fritz! Box users" you should set up user accounts unless you are the only LAN user. Limited third best of all is access to NAS content – connected USB disks and online storage. You should reserve the Fritz! Box settings for yourself. You also control the release of telephony functions (voice messages, fax, call list), the authorization to control smart home devices or use VPN connections.

Set up LED alarm

For an exciting function you call the point "System / buttons and LEDs" on. There you define the behavior of the info LED on the Fritz! Box, for example "Device logged on to the WLAN guest access – LED lights up". It is not that size Throw, but another small building block in your security concept – if the LED flashes without you allowing a guest access, someone has gained access and you have to act. Significantly more important: switches to the rider "keylock" and locks the buttons on the Fritz! Box, i.e. the WPS and DECT buttons, via which devices can be connected to the network without a password, after all, you will not be constantly setting up new devices.

Two last recommendations: Make sure that the Telnet access to the Fritz! Box is switched off or deactivate it over the phone with the code # 96 * 8 *. Unless you have activated it, it should not be active. And apart from the Fritz! Box, you shouldn’t forget one thing above all: protection against malware. Make sure that your antivirus solution also includes network drives in the scans if you have set up online storage or USB disks in the Fritz! Box – by default, network drives are often not taken into account.

By the way: The Fritz! Box also masters safety in the sense of child safety with time and content restrictions, read here.