Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
The 3Com HomeConnect line is finally making its way to market
after a few false starts. The first two products are the Home Ethernet
Gateway and the Home Wireless Gateway (HWG), which we'll take a
look at in this review.
The HWG is a 3 port 10/100 switched router that you can
think of as having a fourth port that's an 802.11b wireless Access Point.
This means the HWG will route both Wireless and Ethernet clients simultaneously
to share an Internet connection and share files and printers. The wireless
portion is WiFi certified and supports 40bit WEP encryption.
I found the HWG to be an attractive, well-made unit, but lacking
many features offered by competitive products. A detailed look follows.
Wireless LAN Link/Activity
WAN Ethernet Link
3 LAN Ethernet Link/Activity
printed User Guide
printed "Installation Map"
UTP normal cable
100-120VAC Power supply
Fixed position, Integrated (non-removable) Antenna
in Access Point
Has Hardware Reset switch
NO Uplink port or Normal / Crossover
switch for LAN Ports (see this
page if this concerns you!)
The HWG is OS neutral with all setup and administration functions
done via web browser, including firmware upgrading. (See
the screen shots below to get a feel for the Admin interface.
Click to see a full-sized view). 3Com did a nice job with
this interface, using a question and answer format for the basic
setup, and hiding or exposing settings depending on your answers.
This is intended to reduce networking novices' confusion, and
I think it must might work!
Like most browser-based router admin interfaces, the HWG's admin
features rely heavily on Java. It's possible that Linux users
might have problems administrating the HWG.
It comes with set up as a DHCP client on the WAN
side and with its LAN DHCP server enabled, so all you need to
do is connect a client set to obtain its IP address info automatically
and you should be able to access the Admin screens without problem.
Getting connected to your BSP (Broadband Service
Provider), should be straightforward. PPPoE is supported
for DSL users and @Home users can set the Host Name. You
can't enter a Domain Name, however, so you'll have to enter that
info manually into your LAN clients, rather than getting it automatically
from the LAN DHCP server. (3Com plans to fix this in an
upcoming firmware release.) ATT Broadband customers who
are MAC address authenticated will have to call in their MAC address,
since the HWG doesn't allow the WAN MAC to be changed. (3Com has
no plans to fix this in an upcoming firmware release right now.)
Tip: You'll find the WAN MAC address in the System
Test report output. (Scroll down since it's near the end.)
The default IP address of the HWG is 192.168.2.1,
but this can't be changed! So if you're adding the
HWG into an existing LAN, you may have problems if the other LAN
devices aren't flexible in their IP address setup. (3Com plans
to fix this in an upcoming firmware release.)
The HWG has an interesting mix of routing features. The
Router Comparison Chart has the full story, but I'll point out
some important features here. Let's start with the pluses:
PPTP, IPsec, and L2TP client passthru for multiple
clients is supported
NOTE: You can have only one VPN client per VPN "terminator"
or server. (See this
page for more info.)
access to Web, Mail, News, FTP, and Telnet can
be set for each client IP, including Time of Day controls
a "hacker pattern inspection and blocking"
firewall that 3Com says protects against IP spoofing, Land
attack, Ping of Death, Smurf, and other nasty exploits
The HWG has a Security Log page, but I couldn't get
it to show any evidence of the multiple port scans that I ran against
My port scan of commonly used ports got a response
from Port 80 (HTTP) (a bad thing), but I couldn't access the Web
server on my test machine behind the HWG (a good thing).
On the minus side, however, you'll be missing many
features that users of inexpensive routers have come to expect:
you can't change the HWG IP address or anything
on the LAN DHCP server, except enable/disable it
there is no user controllable port mapping,
and no "DMZ" function either. 3Com says that
they've built in handlers for common applications such as
Quake, Netmeeting and other applications that will allow them
to work behind the HWG's firewall. Adding user controllable
port mapping is on 3Com's "to do" list, however.
Access control ("Client Privileges")
is limited to the five common applications listed above, and
you can't block all Internet access for a client. 3Com
plans to add user defined ports in upcoming firmware.
There's no traffic logging and the Security
Log feature can't be saved or sent to a syslog or SNMP daemon.
There's also no ability to send email alerts of a "hacking"