Isolated from the outside: this is how you protect your home network from attacks
4. Use https but not WPS
Two final tips: If you make settings on your router, you usually open the interface via a browser by entering either the router’s IP address or a standard address like “fritz.box” in the address bar. The connection to the router is then made like a website via the “Hypertext Transfer Protocol”, or http for short. You can tell by the first four letters of each web address. http is a protocol vulnerable to external attacks.
It is safer to use https, which simply stands for “Hypertext Transfer Protocol Secure”. The data is thus transmitted securely. In order to use this protocol for data transmission between your terminal and your router, you just need to make sure that the address in the address line of the browser starts with “https” instead of just “http”. For example, you would then need to enter https://192.168.0.1 when accessing your router by IP address.
WPS stands for “Wi-Fi Protected Setup”. This is a feature that allows you to add a device to the WiFi network. This is usually done by pressing a WPS button on your router and corresponding terminal. The two devices will then connect automatically.
This still needs to be confirmed with a PIN code, which is usually printed on the back of your router. It’s not safe, because PINs and passwords written down somewhere are the easiest to steal. In general, you will rarely use the WPS function of the router. We therefore recommend that you deactivate them via the router interface and only activate them when you really need them.
5. Pack insecure devices into their own network
In addition to classic end devices such as PCs, laptops, smartphones and tablets, more and more household appliances are network or even Internet-enabled. Each of these devices is therefore an additional point of attack, but one should not expect the same security standard from a coffee machine manufacturer as from a router manufacturer.
There is a trick to prevent attackers from accessing your home network through poorly secured smart home devices. Do not connect these devices to the WLAN that you also use with your other end devices, but to a second WLAN network. Each router now usually offers a guest network, which, as the name suggests, is actually for guests.
This can be configured in the router interface so that devices connected to it have access to the internet, but not all other devices on the network. Your smart coffee machine can be attacked this way, but attackers cannot access your home server or PC from there.
However, there is an exception: if you have a home automation center that can be controlled via WiFi, it must be connected to end devices (otherwise they could not be controlled) and home automation devices (otherwise you could not control via it). This must therefore be set in such a way that it can communicate with both networks. However, smart home hubs are generally well protected against attacks as the heart of the system.