Corporate Responsibility

How to set up a secure Wi-Fi network

  • Share
    Two clicks for more data privacy: click here to activate the button and send your recommendation. Data will be transfered as soon as the activation occurs.
  • Print
  • Read out

Cybercriminals exploit wireless networks with inadequate connections, such as Wi-Fi connections from routers, to search or hijack connected devices such as computers, smartphones, tablets, game consoles, and smart TVs. 

Illustration: Sicheres WLAN einrichten

Securely set up your Wi-Fi network.

Cybercrime is not always aimed at merely copying data from a PC or using it to their advantage. If your own network is infiltrated in this way, it can also be used without your knowledge as a starting point for criminal activity. For this reason, you should always protect your Wi-Fi network from unauthorized access.

sicheres-wlan-en

Threats that loom

Cybercriminals can attack the devices connected to an inadequately protected network or, in a worst-case scenario, log in to the connected devices. They can also plant malware or redirect and record (log) data transfers, which puts confidential information into the wrong hands. What is more, they can use the network as a base for their criminal activity. This can extend all the way from targeted attacks on other servers as part of what is known as a bot network to offering illegal downloads.

Step by step to a secure Wi-Fi network

  • Enable the automatic update function for your router software. In principle, a router is nothing but a computer, but one with special tasks. It needs software known as firmware to work. If there is no automatic update function, search regularly for updates with the built-in function in the router’s user interface menu and install them as soon as possible.
  • Enable Wi-Fi encryption. Without active encryption, any tech-savvy user can record and use the data being transferred on the network. The latest routers offer a choice of different encryption standards: WEP, WPA and WPA2. Always choose WPA2 (Wi-Fi Protected Access 2). This standard is the most advanced of these choices and therefore the only one that offers security. If your router does not offer this encryption, check to see if the manufacturer of your router offers a firmware update. If it does not, choose a router model that supports WPA2 encryption.
  • However, encryption only helps if you use a strong network key, in other words a password for the Wi-Fi connection. As with other passwords, the length of the key and alternation in its characters both have an effect on security, so use a strong password (link) here too, and make it different from the one to access the router (user interface). For example, Deutsche Telekom’s Speedport line of routers offer individual, strong passwords as part of their factory settings.
  • Most routers immediately prompt you for a password to protect access to the router, i.e. to its user interface, when you start it up. If you do not do this right when you install it, do it immediately afterward. Give it a user name that only makes sense to you and use a strong password. Some router models do not allow the name to be changed or do not display the name at all. In such cases, just set a password. This will prevent unauthorized parties from changing the router settings and the access data for the Wi-Fi network.
  • Assign a name for your Wi-Fi network that does not permit conclusions to be drawn about your internet provider or the router being used. If hackers can draw conclusions about the router model or the provider, they can search online for commonly known vulnerabilities and then use them to their advantage. Avoid names that refer directly to your house or name or conflict with other network names nearby. This network name (SSID = service set identifier) can be public. In the routers, this may be called “Broadcast” or “Publicize”. The idea that the network is more secure if the network name is hidden is a myth, because the network is broadcasting and can therefore also be scanned, regardless of whether or not the network name is visible.
  • Restrict access to devices known to you, such as computers and smartphones. Every device in a network has its own unique media access control (MAC) address. Every router offers the option of allowing only devices whose MAC addresses are saved in the router to connect to that router. If another unknown device whose MAC address is not saved in the router tries to connect, it is automatically stopped.

Setting up a Wi-Fi network for guests

sicheres-wlan-fuer-gaeste-en

If a user logs on to a Wi-Fi network with the correct network key, its computer becomes part of the network as a whole. That also goes for guests to whom you give the Wi-Fi network key. Even if other systems such as network drives or printers have additional protection, the guests can still see them. 

Setting up a Wi-Fi network for guests is a convenient alternative to disclosing the network key, which consequently has to be changed regularly.

It works exactly like the main network and has its own key. It is important for the guest Wi-Fi network to set up a direct connection with the internet only, rather than allowing users to see the devices connected to the home Wi-Fi or home network

  • Routers in the Fritzbox product line from the manufacturer, AVM, offer a separate function for guest access. Setup involves just a few steps. You activate the function and assign the network a name and a key. You can then print a slip that tells guests how to set up access.
  • If you are using a router from Deutsche Telekom’s Speedport series, your guests can use the “WLAN to Go” function. Your router then works like a public hotspot

How to find the MAC address

If you want to increase the security of your network by restricting access to known devices, you will need to find the MAC address for these devices.

This is how you find the MAC address in Windows

  1. Click Start and then Run.
  2. Enter CMD in the command line and click Enter.
  3. Now enter IPCONFIG/ALL and press the Enter key. 
  4. Under Wireless LAN Adapter Wi-Fi, you will see the MAC address (for example, 00-01-26-79-01-85) listed next to the Physical Address sub-item.

This is how you find the MAC address on a Mac

  1. Open System Preferences and then Network.
  2. From the list of interfaces on the left, click the network connection with the adapter for which you want to find out the MAC address.
  3. Then click Advanced ... and finally Hardware. There you will find the MAC address.

On your iPad or iPhone, the MAC address will be called the Wi-Fi address. This is how you find it

  1. Open Settings.
  2. Tap General.
  3. Then tap About.
  4. Now you can view the Wi-Fi address.

With an Android smartphone, follow these steps

  1. Open Settings.
  2. Tap Wi-Fi.
  3. In the next dialog box, tap the Configuration icon.

What is secondary Wi-Fi liability?The term “secondary Wi-Fi liability” always comes up in connection with an unsecured or open Wi-Fi network. 

This refers to the view of many German courts that the operator of a connection is liable for the actions of users. If internet access is used, for example, to share music files with others, the owner of the connection can expect to be fined if they are found out. 

At long last, German legislators have clarified this by amending the German Telemedia Act. This allows both companies and private individuals to open their networks without worrying about being prosecuted for the unlawful acts of their users. With one exception: if the Wi-Fi network was purposely set up to share material (video or music files etc.) that is protected by copyright.

Further reading

FAQ