The Limited Times

Now you can see non-English news...

Security checklist for wireless routers: How to make your home network secure

2020-09-26T09:08:43.576Z


Even if the WLAN is already running, there are a few things to do to optimally secure the router and network. The WLAN encryption requires special attention.


Icon: enlarge

This also applies to WLAN routers: a secure password is the best protection

Photo: Andreas Martini / c't

Seal the web interface

Almost every modern router comes with an assistant that queries some of the most important settings and configures them in one go.

Depending on the manufacturer, the wizards leave different gaps.

First make sure that the configuration password set at the factory has been changed.

The manufacturers usually attach it together with the WLAN settings to the bottom of the case, where unauthorized persons can easily take a picture.

But if you know the access data to your router, you can do whatever you want - abuse WLAN password and VPN access, manipulate Internet access restrictions and the like.

If possible, activate the automatic firmware update.

This means that the router uses the latest firmware even if you are away for a long time.

WiFi precautions

If possible, activate the control package protection (PMF).

Then change the wireless network name and the key of your WLAN (WLAN password).

This is also recommended if the manufacturer delivers its devices with individual settings, because these are usually attached to the router so that they can be read and misused by anyone who has physical access to the router - for example, wine-loving partygoers.

Icon: enlarge

If the outdated WPA2 has to remain switched on, the following applies to the security of the WLAN password: Length is more important than any special character rules.

Photo: c't

With WLAN routers that only use the outdated WPA2, the encryption can be cracked using a brute force attack.

To do this, attackers record the WLAN traffic for a while and then take the data with them to a PC with a lot of computing power.

Whether the crack succeeds quickly or is canceled after days due to hopelessness depends on the length of your WiFi password.

Use 20 to 30 characters if you have to use WPA2 in your WLAN because of older devices.

If all of your devices already support WPA3, switch off WPA2 if your router allows it.

Use guest network

Separate your trusted devices from those visitors bring along and also from smart home and IoT devices by assigning guest WiFi to these groups.

Also set a long WPA2 password for the guest network and change it from time to time, because some visitors tend to pass on WLAN passwords.

Restrict the guest WiFi to certain services, such as surfing and emailing, to avoid the hassle of unwanted file sharing.

Not without TLS

If you operate a server that can be accessed from the Internet, make sure that it only communicates via TLS-encrypted protocols.

Because the web interface of some routers can also be accessed from the Internet, the associated traffic should also be encrypted (HTTPS).

If you are the only one who has access to the server from outside, it is better to use an encrypted VPN connection to the home network.

Many routers are suitable as VPN servers.

WPS only as required

The WPS function makes the coupling of new WLAN clients much easier because you only have to press the associated buttons on the router and client.

However, only switch this function on when required.

Otherwise, third parties can gain access to your network without your knowledge if they have physical access to the router.

Some manufacturers use the UPnP function to automatically set up port forwarding from the inside using their devices.

This saves time, but if the UPnP function is permanently activated, imported malware can also use UPnP to drill holes in your router's firewall.

If possible, disable this feature or limit it to individual hosts if your router allows it.

When all the steps are done, export the router configuration so that in the event of a router failure you can continue with a replacement device without having to set up a new one.

Icon: The mirror

Source: spiegel

All tech articles on 2020-09-26

You may like

Trends 24h

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.