Routers are computers without a keyboard or screen. But it's easy to forget that they need to be protected against attacks from the network too. For those in a hurry, this video summarizes everything. But if you want more detailed information, you will find six important tips below on how to protect your Wi-Fi router.
To carry out the tips below, you must call up the configuration settings of your router.
Router configuration settings und login
How it works with Speedport-Routers
Enter http://speedport.ip in the address bar of your browser. > Always close all other Internet pages that are open on your computer. > (1) Enter the router's password. You can find it on the back or underside of your device. > (2) Click on Login.
How it works with Fritzbox-Routers
Enter fritz.box in the address bar of your browser. Always close all other Internet pages that are open on your computer. > Enter the router's password (not the Wi-Fi password), if you have assigned one. > Click on Login.
1. Change the router password
Many manufacturers ship their routers with pre-configured passwords for administration with their routers in order to enable quick and easy plug and play. The Speedport routers from Deutsche Telekom are also equipped with device-specific, secure passwords for the website on which you make the router settings. Nevertheless, these passwords should be changed immediately during commissioning. It is also advisable to change the password from time to time. For a good password, use upper and lower case letters in combination with numbers and special characters. Read more about passwords in our guide book “Digitally secure”
2. Perform software updates
Enable your devices whenever automatic software updates are possible. This function is called "Easy Support" at the Telekom Speedport routers. It is already activated from the start for all Speedport routers. The updates not only fix errors in the device software, but also close security gaps.
3. Set up encryption
The most important measure to protect your Wi-Fi is encryption. Most Wi-Fi systems use the secure WPA2-PSK encryption method. The latest models even support the new and more secure WPA3 mode. There you can often select a so-called transition mode “WPA2 / WPA3”. Sounds complicated, but it protects - and we'll show you how to set it up. If you only use your WLAN password yourself and choose a particularly long and therefore secure password when setting up your router, you will not usually need to change it frequently. Read more about passwords in our "Secure digital" guide.
How it works with Speedport Routers
Log in (see above) > (1) Netzwerk (“Network“) > (2) WLAN-Einstellungen (“Wi-Fi-Settings“) > Name und Verschlüsselung (”Name and encryption“) > Verschlüsselungsart (“Encryption type“) > (3) Select WPA2 or if possible WPA2/WPA3 > [Optional] (4) WLAN-Schlüssel verändern (“Change Wi-Fi key“) > (5) Speichern („Save“)
How it works with Fritz!Box Routers
The WI-FI radio network of your Fritz!Box is already protected from unauthorized access in the factory settings by the secure WPA2 + WPA3 encryption and an individual Wi-Fi network key. In order to be able to establish a Wi-Fi connection to the Fritz!Box, this network key must be entered manually on the Wi-Fi device (e.g. computer, smartphone, game console).
Log in> (1) WLAN (“Wi-Fi”) > (2) Sicherheit (“Security”) > Verschlüsselung (“Encryption”) > (3) WPA Modus (“WPA mode”) > WPA2 + WPA3> (4) Enter any password between 8 and 63 characters in the input field WLAN Netzwerkschlüssel ("WI-FI network key") > Übernehmen drücken (“Apply and press enter”).
4. Control active functions of the router
Enable security features: Depending on the model and manufacturer, devices offer a number of security features. Study your device's documentation and turn on such features. This includes the built-in firewall or functions to protect against denial of service (DoS) attacks.
Disable features you don't need: Current routers often offer a variety of features (e.g., remote access, media player, UPnP) that can serve as a gateway for attackers. If you do not use such services, then you should disable them. In particular, the Universal Plug and Play service (UPnP) allows devices on your home network to change your router's configuration without your intervention. This standard is a bit older, and it doesn't provide much security. Devices in the home network can, for example, expose themselves to the Internet in this way and are then accessible worldwide and thus vulnerable to attack. Therefore, you should definitely disable a UPnP function of your router if this function is available. Some manufacturers allow you to restrict the use of the UPnP service at least to individual devices in the home network. If you absolutely need UPnP, then make sure to enable this additional protection if it is available on your device.
5. Specify which devices are allowed to have access to your Wi-Fi
In order to protect your home network as best as possible, you can set up access restrictions in addition to WPA2 encryption. This means: You can determine which Wi-Fi-enabled devices are allowed to access your Wi-Fi network. With this function, you can also see which devices already have access to your Wi-Fi and deny individual access if necessary.
How it works with Speedport Routers
View connected devices
Log in > (1) Netzwerk (“Network) > (2) Verbundene Geräte (“Connected devices”) > (3) Art der Darstellung auswählen (“Select the type of display”) > (4) + (5) Die Liste ist nach Anschlussart sortiert (“List is sorted by type of connection”).
Set up access restriction
Log in > (1) Netzwerk (“Network”) > (2) WLAN Einstellungen (“Wi-Fi Settings“) > (3) WLAN-Zugriff verwalten („Manage Wi-Fi access“) > (4) Zugangsbeschränkungen („Access restriction“) > (5) Nur bestimmte Geräte im WLAN zulassen („Allow only certain devices in the Wi-Fi“) > (6) Bekannte und erwünschte WLAN Geräte auswählen („Select known and the desired devices“) > (7) Speichern („Save“).
Log in> (1) Network> (2) WLAN settings> (3) Manage WLAN access> (4) Access restriction> (5) Only allow certain devices in the WLAN> (6) Select known and desired WLAN devices> (7) to save
How it works with Fritz!Box Routers
Log in > (1) WLAN (“Wi-Fi”) > (2) Sicherheit (“Security”) > (3) Verschlüsselung (“Encryption”) > (4) WLAN-Zugang beschränken (“Restrict Wi-Fi access”) > (5) WLAN-Gerät hinzufügen oder über die Kreuze entfernen (“Add Wi-Fi devices or remove them using the X’s on the right”) > (6) Übernehmen (“Apply”)
6. Set up guest access
Keep an eye on who can access your home network. All users of your home network, e.g. friends who are visiting, use your identity to navigate the internet and can use the services of your network operator configured for your internet connection. They also have access to all local resources in their home network, for example to your photos stored in an open network drive. Therefore, you should only allow people or devices that you trust to use your home network. Many newer routers, for example the Speedport Smart from Deutsche Telekom, offer a "guest access" separate from the home network in addition to the private Wi-Fi, which you can offer your guests at a party, for example. Guest access requires its own password and can also be switched off or time-limited independently of your private Wi-Fi. So you don't have to share your private Wi-Fi password.
How it works with the Speedport Smart Router
Log in > (1) Netzwerk (“Network”) > (2) WLAN-Einstellungen (“Wi-Fi settings”) > WLAN-Gastzugang (“Wi-Fi guest access”) > (3) WLAN-Gastzugang verwenden (“Use Wi-Fi guest access”) > (4) Aktivitätszeitraum festlegen (“Set the activity period”) > (5) Automatische Gerätetrennung aktivieren (“Activate automatic device disconnection services”) > (6) WPS-Anmeldung deaktivieren (“Deactivate WPS log-in”) > (7) WLAN-Name (SSID) und WLAN-Schlüssel für Gäste festlegen (“Define WLAN name (SSID) and WLAN key for the guest network) > (8) Speichern („Save“)
How it works with Fritz!Box Routers
Log in > (1) WLAN (“Wi-Fi”) > (2) Gastzugang (“Guest access”) > (3) Gastzugang aktvieren (“Activate guest access”) > (4) Namen des Gastzugangs festlegen (“Set name for the guest network”) > WPA2 + WPA3 als Verschlüsselung wählen (“Select WPA2 + WPA3 as encryption”) > WLAN-Netzwerkschlüssel vergeben (“Assign Wi-Fi network key”) > (5) Übernehmen (“Apply”)
7. Regular change of the IP address
Regularly changing the IP address makes it more difficult for website operators to log your activities on the Internet (tracking). This function is available on most Speedport routers in two protection levels. If possible, choose protection level 2 for the best possible protection, which means that your Telekom IP addresses are reassigned every 96 hours between 2 a.m. and 5 a.m.
How it works with Speedport Routers
Log in > (1) Internet („internet“) > (2) Internetverbindung („Internet connection“) > (3) Telekom-Datenschutz („Telekom Data Protection“) > (4) Stufe 2 auswählen („Select Mode 2“) > (5) Speichern („Save“)
(6) For further information you can click on the links on the right-hand side
How it works with Fritz!Box Routers or older Speedport routers
Manually:
Completely disconnect the router from the power supply for at least ten seconds.
Or
Log in > (1) Internet („internet“) > (2) Online Monitor („online monitor“) > (3) Neu verbinden („Reconnect“).
Automatically:
Log in > (1) Internet (“internet”) > (2) Zugangsdaten (“Access details”) > (3) Verbindungseinstellungen ändern (“Change connection settings”) > (4) „Zwangstrennung durch den Anbieter verschieben in der Zeit zwischen“ auswählen („Select the forced disconnection option and select a time frame“) > (5) Übernehmen („Apply“)