The router is not only the small box that gives access to the Internet. Through software errors or incorrectly configured interfaces, the domestic router can also become the gateway to hacking and thus to the security risk.
There is no absolute security against hacker attacks, but every user can significantly improve his protection against the misuse of his Internet and telephone connections. The Federal Office for Information Security (BSI) provides tips:
1. Keep the operating system up to date
Also, a router has an operating software. Updates bring new functions and plug security gaps. Therefore, if possible, you should enable automatic updates in the router menu or check for updates regularly on the settings page of the router.
2. Switch off remote access
Many routers offer, for example, to connect connected hard disks to the Internet. This handy feature can be an attack point for attackers and should be disabled in the Settings menu, as well as all unused functions of a router. A security test of the specialist portal “Heise online” shows which remote access options are active on the router.
3. Configure wireless router using a cable connection
Even if it is more convenient with WLAN – to set up before the first commissioning and for all maintenance work you should connect your computer to the router by LAN or USB cable.
4. Change the WLAN password immediately
Preset WLAN passwords are insecure, they can be guessed and cracked. Therefore users should assign their own complex password with at least 20 characters. If it is not changed, there is a risk that attackers can read out the password specified by the manufacturer, for example with the help of special apps. When changing, you should also check if secure WPA2 encryption is enabled.
5. Change administrator password
The password used to enter the device’s sensitive setup menu is often the same for many or all routers from a manufacturer. Or the password protection is not activated at all. Here you have to set an individual, secure password.
6. Change the network name
Users should give their WLAN a new network name (SSID) because the default is often manufacturer name and device type, which could be exploited by unauthorized users. The new SSID should have no relation to the owner of the Internet connection, ie, no surname, street, place or similar.
7. Call up the settings menu via https
The router menu can be accessed with any browser by entering the address specified by the manufacturer, such as 192.168.2.1 or fritz.box, in the address line. However, one should make sure that the menu is accessed via a secure connection. This is recognizable by the abbreviation “https”. While the settings are made, no further internet pages should be opened for security reasons.
8. WPS PIN off
“Wi-Fi Protected Setup” (WPS) is a standard for the simple setup of an encrypted WLAN network. WPS with a PIN that can be read on a sticker or a display on the device, but can be cracked quickly and should be switched off.
9. Do not start WLAN around the clock
Simple but effective is the security principle of disabling WLAN when it is not needed – at night, in the case of prolonged absence or on holiday. For what is not connected can not be attacked. In addition, many routers in the setup menu offer practical time circuits.
10. Also safe on the road
With free Wi-Fi, users are now able to surf in public, for example in hotels, cafés or department stores. Be careful, however, if there are several similar entries in the list of available networks. Previously, the magazine warns “Computerbild”. Fraudsters could offer their own hotspots with such names to get confusion with passwords or other private data. Therefore better ask the provider, as the correct WLAN is called.