The cybercriminals must pass your router to deal damage. We show you how to set up your router securely and hack your hackers. The router in the home network is usually little attention as long as it only works. Here you play wireless router a crucial role in the protection of your equipment and data at home. A badly secured router offers attackers the opportunity to get into your home network and do unpleasant things. In addition to spying out various access data, criminals are also more and more often used for remote-controlled attacks from the Internet. Specific targets on the Internet are bombarded with so many requests until the attack target has to cease service. This is referred to as denial of service or DoS attacks. Secure your router as best as possible. We will show you the most important protective measures.
TIP 1: Keep your router up to date with firmware updates
The firmware is the operating system of your router and similar to Windows for the notebookDevice protection for Smartphone and Co. already from 2,49 EUR mtl. or the PC. No operating system is infallible, which is why Microsoft always updates its Windows versions with automatic updates. Responsible router manufacturers also proceed by providing updates for the firmware of their routers. You should upload these firmware updates to your router, as the device can be vulnerable to known security vulnerabilities known as Internet exploits. Most router manufacturers now offer an update function in the web menu of the router. This indicates whether your router has a current firmware version. With one click you can download this version and install it on the router. This is why you should take a look at the router's web menu at least once a month.
Some manufacturers, such as AVM in its Fritzbox models, already offer an automatic update function. Here, the router performs security-critical firmware updates independently, unless you have made a different setting in the router menu. Remember: Your router is the gatekeeper between the Internet and your home network with all the devices connected to it. Who runs it with an outdated firmware is a high risk.
TIP 2: Assign a secure password
Always back up the access to the router menu using your own password. Many manufacturers continue to equip their router models in the factory settings with unsafe, so-called default access data. Very often admin is used as user name and password as password. All default access data combinations for any router model are available on the Internet for retrieval. This allows any attacker who is already in your home network to get access to such a router in a few moments. Caution: Malicious programs that you have caught on a PC or smartphone can also search your home network for vulnerabilities, such as a poorly secured router.
Therefore, assign a secure access password to the router menu. This password should be composed of digits, uppercase and lowercase letters and must be at least 10 digits. If possible, change the frequently given admin user into an alternate username. Many router models have now replaced the default password with a password generated individually for each router. This password is usually printed on the bottom of the router housing. If there is no roommate access to the router menu, it is recommended to replace this individual password with a router password.
TIP 3: Protect WLAN against unwanted users
Since a WLAN router also functions outside your own four walls and can be addressed by any WLAN client within range, you should always secure the wireless connection of your router. To do this, use the WPA2 encryption, which is already pre-set in all half-way routers. Some WLAN routers use a combination of WPA (TKIP) and WPA2 (AES). If possible, change this setting to WPA2. WLAN clients with WPA (TKIP) are already deprecated. In addition, the WPA (TKIP) encryption method is not as secure as WPA2.
Use a strong WPA2 password to secure access to your wireless network. This WPA password should be at least 20 digits, also composed of digits, uppercase and lowercase letters, and not in the dictionary. Also, always use your Wi-Fi guest network if you want to provide your visitors or your friends with an Internet connection. As a rule, the network is separate from your devices in the home network and has its own SSID (WLAN name). Encrypt your guest network with WPA2 and password, and turn it off as soon as your guests have left.
TIP 4: Deactivate WPS router PIN
For the wireless integration of your WLAN clients, you can simply use the practical WPS method instead of the low-level password input. The encrypted WLAN connection is simply done by pressing a WPS button on the router and the client. In addition to this very convenient button-press or push-button method, WPS also supports the so-called PIN method in which, instead of the long WPA2 password, only a short router PIN is entered into the client or a short client PIN is entered into the router . Unfortunately, the WPS router PIN method is vulnerable in many WLAN routers and can therefore be cracked with appropriate tools. Some routers offer the possibility to explicitly disable the security-critical (router) PIN method. If you are not sure, disable WPS in the router menu completely after you have set up your WLAN clients on the home network.
TIP 5: Use security diagnostics in the router menu
Some manufacturers equip their routers with a comprehensive diagnostic function that gives the user an overview of all security-relevant settings in the router. This allows you to quickly determine which options in the router menu may need to be changed.
AVM's current Fritzbox models list under diagnosis / security, among other things, whether the firmware is still current, the access to the router is password-protected or which port forwarding routines are set up on the router. At the end of the list, it is even shown which user has logged on to the Fritzbox last time and which rights have been assigned to the individual users and if the user management is activated in the Fritzbox at all.
Asus is still one step further with its router security rating, which is found in the router menu under General / AiProtection / Network Protection. After clicking on Check, all security-relevant settings are listed and can be fixed if necessary by clicking on Save routers. However, if you need certain port forwarding or a (secure) remote access to your router urgently, should be selective.
TIP 6: Unlock remote access only under certain conditions
Speaking of remote access to the router: Most users will make settings in their router anyway only if you are registered at home in the home network. If this also applies to you, leave the remote maintenance access in your router deactivated. Then nobody can access the menu of your router from the Internet.
If you still want to access your router remotely, you should do so using a secure SSL connection. Almost all router models allow remote access via an SSL-encrypted HTTPS connection and not via the unencrypted HTTP. There are still isolated router manufacturers whose remote maintenance can only be handled via the HTTP protocol. The username and password are sent to your router menu in the plaintext over the Internet. In such a case, you must always refrain from remote maintenance.
Since the remote access to your router is usually via an unsigned SSL certificate from the router manufacturer, your browser will warn you of an unsafe connection when you first call the router menu from the Internet. In order for the SSL access to work, in this case, you can hit the warning of your browser in the wind and open the "unsafe" web page anyway. If your router still supports other access services such as Telnet or SSH, which you probably will not use, leave it disabled in principle.
TIP 7: Switch off the control of the port enable via UPnP
Various home network devices, such as network hard disks (NAS) or game consoles, also require certain port forwardings or releases in the router for accesses from the Internet. The necessary settings in the router firewall are complicated. For this reason the UPnP protocol was developed, which regulates these settings almost automatically. NAS or game console then communicate via UPnP directly with the router and tell him which ports the router should open at which time. UPnP is therefore extremely comfortable and user-friendly.
However, this protocol also allows any, possibly malicious client on the home network to "configure" the router's firewall at will, such as malicious software on a connected PC or smartphone that sends instructions to the firewall of your router. The control over UPnP has already been activated for many years in the factory in almost all router models. Anyone who wants to close these negligible security holes should disable UPnP. Only AVM currently provides a solution to this problem.