A secure password is a prerequisite for a secure WLAN network.
(Photo: picture alliance / Florian Schuh/dpa-tmn)
If routers and WLAN are not secured, all connected devices are at risk, and so is data stored on them. ntv.de shows how to protect your home network from hackers in a few steps.
Last May, a warning from the German Federal Office for Information Security (BSI) about a vulnerability called FragAttacks caused a big fuss, as practically all WLAN devices were affected, especially routers. Hackers can not only access the affected devices through the gap, but may also be able to carry out other attacks on the network. The widely used Fritzboxes were also affected, but manufacturer AVM has since secured all routers and accessories that are still supported with updates, most recently including some devices that are more than five years old.
At "FragAttacks" it is a vulnerability that gives hackers a lot of work to do. However, it is often much easier for them to penetrate networks because many users do not secure their routers at all or do so inadequately. In the worst case, they can then grab information from connected devices or even take them over. ntv.de shows how to protect routers and WLAN from attacks.
Anonymous WLAN name
A first step is to change the name of the network (SSID) in the router’s user interface and choose an anonymous term for it. While this doesn’t directly protect a network, it makes it a bit harder for hackers to target, especially in apartment buildings. In the factory settings, they also get info on the router used, where they may know unclosed security holes and how to exploit them.
– With a Fritzbox, you can reach the user interface by typing "fritz.box" enters. Then you can go to WLAN – wireless network – wireless network name change the SSID.
Protect router access
After you have renamed the SSID, you should change the default password or set it up so that you can access the router to change settings.
– You can change the password of a Fritzbox under System – Fritz!Box users – Users.
– A secure password is as long as possible and consists of letters, numbers and special characters that do not make sense.
– If possible, do not use a WLAN connection to change the router settings, but connect the computer via LAN cable instead.
– If you are done, end the session before you continue surfing. Access to the user interface usually remains open and you will be logged out after a certain period of time. With the Fritzbox this is 20 minutes.
Use two-factor authentication
If offered, you should enable two-factor authentication. This means that in addition to entering the password, confirmation is required to change critical settings, e.g. by means of a PIN sent via SMS.
– With a Fritzbox you can also use a connected phone or the Google Authenticator app. The setting can be changed under System – FRITZ!Box user – additional confirmation.
Change WLAN password
It is especially important to change the WLAN password (SSID password). The preset combination is usually written on the back or bottom of a router and is therefore anything but a secret. Sometimes it even consists only of zeros or ones, which is the very first thing every attacker tries out.
– Here, too, it is important to choose a password that is as secure as possible, even if it can be annoying to enter long, complicated combinations the first time a new device is connected.
– In the menu of the Fritzbox you change the WLAN password under WLAN – Security – Encryption – WLAN network key .
Select highest WLAN encryption
The best password is of little use if the WLAN connection is not encrypted or not encrypted well enough. Therefore it is important to set the best possible protection here.
– The most common method is WPA (Wi-Fi Protected Access), which determines how router and WLAN device negotiate a common key for the connection.
– The original WPA is now outdated and is no longer secure. The current standard is WPA2, the best encryption is WPA3.
– In the settings of the router there is often an option that automatically selects WPA or WPA2 for older WLAN devices. It should not be used. If there are still devices in the household that can only do WPA, it’s time to get rid of them. They don’t get any updates (for a long time) and are a big security risk for themselves.
– The checkmark should be set to WPA2 or WPA2 or WPA3.
– In the menu of the Fritzbox you change the WPA settings under WLAN – Security – Encryption.
Update firmware
How to use the example "FragAttacks" it is essential for the router security that its software is kept up to date and that available updates are installed regularly.
– It is best to activate automatic updates so that you do not miss them.
– In the Fritzbox user interface you can find the corresponding settings under System – Update – FRITZ!OS version respectively – Auto-update.
WPS not permanently active
WPS (Wi-Fi Protected Setup) is a convenient thing. Because it saves the input of the WLAN password when connecting new devices. Especially the PIN method is not very secure. The router creates a short code, which you then enter on the WLAN client.
– You don’t have to give up comfort completely, but you should deactivate WPS as long as you don’t need it.
– WPS-PBC (WPS-Push-Button-Configuration) is basically considered safe. Pressing physical buttons on router and WLAN device one after the other. However, theoretically a visitor can do this quickly if he is unobserved for a short time.
– By default, the Fritzbox uses WPS-PBC. To turn it on or off, in the settings go to WLAN – Security -WPS Quick Connectg.
Set up guest access
Maybe guests can be trusted, but not necessarily their brought devices, which may have unnoticed malware on board. That’s why it’s better to give them their own WLAN access, which allows them to connect to the Internet, but not to access the home network.
– With a Fritzbox you can find the corresponding settings under WLAN – guest access. Here you have to private wifi guest access The second option is to set up a public WLAN hotspot, where the transmission is basically unencrypted.
Activate time switch
If you don’t need WLAN, you can also turn it off. This saves some power and the network is not vulnerable to attack. You can press a button on the router each time you want to do this or activate a timer that switches the network off or on at certain times.
– The time switch of the Fritzbox can be controlled via WLAN – Time switching to. Practical: You can determine that the radio network is switched off only if no WLAN device is active any more.
Using MAC filters?
It is often advised to activate the Mac address filter of the router. Here, the access of each new device must be allowed, even if the owner enters the correct password. At first glance, this seems to be a logical measure, but hackers only have a weary smile for it. The filter keeps at most neighbors in radio range from playing password guessing games. If you have set up a secure password, as recommended above, a Mac filter makes no sense and only makes things unnecessarily cumbersome.
– Who would like to filter nevertheless, goes in the Fritzbox surface to WLAN – Security – Encryption. There you can find the corresponding settings under the list of all previously approved devices.