Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
30 August 2001 - There's a helpful
article by Glenn Fleishman over on O'Reilly's
Wireless Devcenter that describes a WAP11 bridging
setup that the author set up. Worth a read! [Thnx
UPDATE - Looks
like Linksys has updated their WAP11
firmware (1.4f.8) and Management utilities. Should
help fix the problems that many people have been having in trying
to upgrade to the new wireless bridging features.
for the updated info. [Thnx Peter Bellew!]
Wednesday, 29 August
2001 - Intel announced their 802.11b
based AnyPoint Wireless II product family today at their
Developer Conference. The product family consists of USB
and PC card wireless adapters, and the Intel
Wireless Gateway. All the products are WiFi
certified and support 128 bit WEP encryption.
Online pricing for the USB
card are running about $125-$140 and
$105 to $120 respectively, with availability
in 1-2 weeks. The Wireless Gateway
consumer version won't be released until October,
according to the press
release, but Intel says you can order the "business
use" version now (although Pricegrabber is showing
none in stock). [Thnx Jim Spitaels!]
- SOHOware is running a promotion on their
router and wireless product lines. Check the prices, there are
some pretty good deals!
- Looking to test your Tribes2 skills
over the Labor Day weekend? The D-Link / VitalStream
/ Sierra Labor Day Tournament will be your
last chance for this summer. Sign
up here if you're interested!
a "strategic alliance agreement" between the two companies.
They'll work together on interoperability testing,
and will jointly develop software for integrated
installation of their products. 2Wire is also going to
market D-Link's Wireless, HPNA, and other network adapters in
addition to their own. Sounds to us like 2Wire is deciding
to focus on their core routing products and let D-Link get you
- Is 802.11a stuff really as fast as it's
being hyped to be? Take a look at this story
from 802.11Planet, which describes how an Atheros
reference design that's being shown around performed
in a quick-and-dirty evaluation.
Tuesday, 28 August 2001
- No, we're not taking the week off, but a lot of folks are!
So excuse the lack of a lot of news these past few weeks!
Monday, 27 August 2001
- ORiNOCO officially announced their RG1100
Residential Gateway and a number of wireless networking
packages that bundle it with their USB client, PC card
client, or both. As we reported a few weeks ago, the RG1100
is essentially the RG1000,
without the dialup modem and with 128bit WEP
encryption. Both products support IPsec passthrough
for VPN operation and client roaming among
multiple gateways. Online
prices are averaging about $220 for
the 1100 vs. about $250 for the 1000, and the
products are also available through electronics retailers and
Saturday, 25 August 2001
- The problem that we posted a few weeks ago about the Xircom
Handspring Springport module and SMC7004AWBR
Wireless Barricade router not being on speaking terms
has a solution. Download SMC's 1.93k2 firmware
and your problem should be solved! Go
here for the download.
- Sonicwall has released version 18.104.22.168
firmware. Among the fixes are compatibility w/ T-DSL
PPPoE services, VPN enhancements, and support for monitoring
events/alerts w/ SMTP. Go
to Sonicwall's Web site for the download. [Thnx Zachary
Thursday, 23 August 2001
- That crazy guy, Bob Cringely, has yet another
DIY broadband plan. This time it's for rolling
your own DSL.. almost. Check out this
- Ever want to see what the deal is with one of those "Internet
Appliances"? Well, TigerDirect
is clearing out 3Com Audreys for $90!
It's actually not a bad little web terminal for that
price and can connect either to your dial-up ISP (as long as
it's not AOL or Compuserve) or buy a 3Com USB-Ethernet adapter
(the only one that works with Audrey) and connect her up to
your Ethernet LAN. No returns... of course! We're sure that
someone has (or will) hack these for more fun, so let us know
if you've seen something! [Thnx Alan Woodman!]
- SMC has released a V1.2 driver
and client utility package for their 2662W Wireless
USB adapter. It will be up on their Web site in a few
days, but you can download them right now from us [driver]
Wednesday, 22 August 2001
- MultiTech's RouteFinder Wireless Router/Access Point
is the first of its kind to include a dialup RAS
that allows you to dial in to access your shared broadband connection.
Interested? Then read
Tuesday, 21 August 2001
- SMC has released Version 1.30 firmware
for their Barricade
7004ABR router. They also have a new
PTR program that will help users of certain
HP printers. Go
to the Help page for the download and ReadMes.
- Ever vigilant PN correspondent Monty Solomon sent in a link
to a WiredNews
story on AirSnort. Although not
quite a load-and-go application, AirSnort enables anyone with
a PRISM2 based 802.11b card, Linux
2.4 kernel based system, and wlan-ng
drivers to guess a network's WEP key after passively (no transmissions
required) gathering between 100MB-1GB of data.
The program's creators-- Jeremy Bruestle and Blake Hegerle--
based it on the recent
paper by Scott Fluhrer, Itsik Mantin and Adi Shamir,
and according to the WiredNews article, created the basic version
in about 24 hours.
- SMC has confirmed that they have a minor
virus infection problem. The non-destructiveEek(b)
boot virus has recently been found on a small number
of the Driver / Utility disks that are included with their SMC2632W
802.11b PC card. Any anti-virus software with
virus definitions updated since last April should be able to
catch and remove the virus. The virus does not
affect the installation or operation of the card at all and
is not destructive!
Monday, 20 August 2001
- We've updated our info about getting the Linksys routers to
work properly with FTP. Go to the Help
page for the info. [Thnx Ian Boyd!]
- USR has a 1.23 firmware update
for their USR8000 router available.
We've added the download link and ReadMe info to the Product
Friday, 17 August 2001
- Wonder what Bluetooth networking is like?
So did we! But after testing out 3Com's Wireless
Bluetooth PC Card, we're a little wiser. You
can be too if you read
- SMC has released AP14g7 firmware
and version 1.6 AP manager for their 2655W
Access Point. It fixes a bug where the AP keeps losing
its IP address and also adds a security feature that locks
out the "ANY" ESSID commonly used by wireless
sniffers. Go to the SMC
Support site for the download.
Thursday, 16 August 2001
- Nexland's released V1 Rel3X firmware
for their ISB router line. The release includes support
for multiple H323 (Netmeeting) clients. Go
to their Support site for the download. [Thanx Paulo
Wednesday, 15 August 2001
- SNAPgear is a brand-new entry into the crowded
SOHO router field, but they've got a pitch
that may get your attention. Check
out our review to see what they've got!
- Actiontec announced they've started shipments
of an 802.11b Mini-PCI card. The card
is Wi-Fi certified, fits a Mini-PCI (Type IIIA)
interface, and supports 64 and 128bit WEP encryption.
More details in the press
Update! The card is only
available to OEMs... no retail!
Tuesday, 14 August 2001
- A correction to our item last Friday on ORiNOCO's
upcoming RG-1100 Gateway. We were correct
about the elimination of the dialup modem, but didn't catch
the fact that it supports 128bit WEP vs. the
RG-1000's 40 bit. Pricegrabber's
listing it at $230, but no one has it in stock
yet. [Thnx Phil!]
- ZyXEL has a number of specials running
in their online
store until the end of August [from
dslreports via Scott Keen]
- SMC's sent us 1.93k2 RELEASE firmware
for their SMC7004AWBR wireless router.
This release fixes the problem between the router and older
2Mbps 802.11b cards. Go
here for the download.
Monday, 13 August 2001
- Version 1.2 of LinkLogger (a Windows utility
for the Linksys BEF family of routers) is now available. This
version adds three new reports and other features. Go
to their Web site for more info.
- News of this interesting little gadget just popped into
our inbox. LiveWave's CC-100-LE Encoder/Server
is a complete video encoder/server in a 6in X 6in X 2in box
weighing under 2 pounds. LiveWave is selling a bundle
that includes the encoder, software, and a Panasonic video-conferencing
type camera for $5000 until this
Weds Aug 15. Go
to their Web site for details.
- BestBuy is running a few Linksys
deals this week. Prices include $15 mail-in rebate
[Thnx Monty Solomon!]:
- Buffalo Technologies has released Version
1.5 software for their AirStation
line. Included are support for the new USB client
adapter and 128bit WEP. Go
to the BuffaloTech site for the download. [Thnx Matt
Saturday, 11 August 2001
- We have a 1.20 BETA distribution for the
troubled SMC7004ABR router. A reader
reports that it fixed a lot of the problems he was having.
Go to our Help page
for the download. [Thnx Dan!]
- CompUSA has a couple of deals running [Thnx
Friday, 10 August 2001
- ZyXEL has released new firmware
for their P310, P312, P314, and ZyWall
10 routers. Go
to the Help page for the download info. [Thnx Scott
Klassen & David Smith!]
- Received a few more details on the ORiNOCO Fall 2001
Software release features. IPsec client
pass-through support has been added to the RG-1000
Gateway product. Installer support for Win
XP has also been added. By the way, the RG-1100
that the RG-1000 readme mentions is just an RG-1000 without
the V.90 dialup modem included.
Thursday, 9 August 2001
- Linksys has sent us 1.39.3 BETA firmware
for their 1,4 and USB port routers that addresses
the security vulnerability that we posted news
about on Tuesday. Go
to the Help page for the download.
- The ORiNOCO Fall 2001 Software update is
now available via the normal
Web site, instead of just the FTP server. The
ReadMes say that it fixes the WEP key entry problems
in the Summer 2001 release.
- Looks like ORiNOCO is gearing up for a Fall
2001 software release, which will include a fix for
the WEP key entry
problem. If you really can't wait a few days for the
official posting, go
here on their FTP server, and navigate to the folder
that describes your product and OS. Then look for a folder titled
"R7.2fall2001". Not all products
have one, though, so no complaining if you can't find one! [Thnx
- If you're trying to use one of the new Xircom Handspring
Springport 802.11b wireless modules with an SMC7004AWBR
wireless router, you're going to have problems
connecting. No work-around is available
at this time. [Thnx Dennis Revelotis!]
Tuesday, 7 August 2001
- Pretty rosy outlook for Linksys! According
News.com article, Linksys has 57%
of the low-end router and 28% of the wireless
- If you have an older version of Linksys
router firmware, there's a security vulnerability you
should know about. See our Help
page for more info.
- The ZoomAir 11Mbps wireless PC card is a
good performer at a fair price. Read
our review to see why we think so!
- Well, folks, we're not in Kansas anymore... at least not
when it comes to WEP encryption. Read
this paper, published last night, which
describes how a summer intern's project at AT&T
labs implemented the Fluhrer, Mantin, & Shamir
WEP attack and actually recovered a 128 bit WEP key.
Project from start to finish took about a week! [Thnx Monty
Monday, 6 August 2001
- It appears that Marius Milner's 802.11b "war
driving" application, NetStumbler, has
its own Web site now. Also looks like you can
download NetStumbler instead of having to email Marius
to request it. (You may have to try a couple of times before
you get a successful download.) [Thnx Brian Barrera!]
- Linksys recently released a free
upgrade for their WAP11 Access Point
that adds wireless bridging capability. Does a $200
802.11b wireless bridge really work? Read
the Encore Review to find out!
Sunday, 5 August 2001
- We like to think PracticallyNetworked's got some of the savviest
readers around and they've come through again on the
new WEP security issue that we reported on yesterday.
Brian Barrera sent a link to an EE
Times article that has a good description of the new
findings and their significance. Monty Solomon also sent
a link to the actual "Weaknesses
in the Key Scheduling Algorithm for RC4" paper
that's started this latest brouhaha. (A July draft of the paper
in PostScript form is also available here.)
Thanks to you both!
Two interesting (and disturbing) issues that pop out of the
- while the previously described WEP
attack required the attacker to transmit to get a response back
from the network to be attacked, the new method is entirely
passive and doesn't require any transmission!
- the attack scales linearly
with the number of WEP bits. The article quotes
15 minutes for a 40 bit attack, which would make about 50 minutes
to break a 128 bit WEP code!
Saturday, 4 August 2001
- Here we go again! A Reuters report yesterday said there's
a new paper out that says 802.11b's WEP security is
totally useless. It contends that WEP
keys can be obtained quickly and by methods employable
by users other than encryption experts. However, we haven't
been able to find the paper itself (or references to it) to
get the details. Here's the CNET
version of the story. [Thnx Eric McIntyre!]
Thursday, 2 August 2001
week's I, Cringely column has an interesting take on
Internet security, Windows XP's raw
sockets feature, and a certain company in Washington
state! Worth a read!
- We've added a few new cool links to our Tools
section, including a free network protocol analyzer
(packet sniffer). Check it out!
- Nexland let us know that their ISB
Pro series routers passed router compatibility testing
with the Cisco VPN Concentrator 3000 series
of equipment. Nexland had to develop new firmware
to get the job done, but the firmware is available as a free
download for existing customers. Press
- The HomeRF 2.0 standard hit a new milestone
today with the announcement of a demonstration of the ability
to support voice calls without affecting data bandwidth.
The demonstration, which consists of a voice call from a Siemens
cordless handset through a Proxim Voice Data
Module (VDM) gateway to a standard phone line, validates
the HomeRF voice technology from the silicon through the system
architecture. The HomeRF 2.0 standard can handle four dedicated
channels of high quality digital voice and 10 Mbps data transmissions
in a single wireless protocol. View
the Press Release (PDF).
Wednesday, 1 August 2001
- SMC's 11Mbps EZ Connect Wireless Bridge can
talk to wireless clients as an Access Point
while it also wirelessly bridges to a remote
LAN. But is it the answer to your networking needs?
Read our review
and find out!