Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Arescom EZ Rider Pro Internet Access Router
Author: Tim Higgins Review Date: 6/2/2000
Reviewed: Arescom EZ Rider Pro
Cable / DSL Internet Access Router
built-in 56K modem with "auto-rollover" capability.
- Can forward port ranges.
slow for broadband.
- Insecure default WAN settings.
- Cannot place one computer completely outside firewall.
- Can open up to 64 single ports in firewall.
- Can "auto-forward" up to 64 sets of TCP or UDP port
ranges through firewall.
- Can control access via filter function by IP and
TCP, UDP, ICMP port.
RIP 1 & 2
(List / Street)
$309 (Manf direct price only)
Basics The front of the unit contains all indicators including:
56K Carrier Detect
Three LAN Link/Tx (one for each port)
Three LAN 100/Rx (one for each port
The rear of the box contains all connectors, including:
1 RJ45 for the WAN,
3 LAN and 1 shared uplink, RJ45
1 DB9 female serial console port
2 RJ11 for the 56K modem connection
There's also a Link/Std switch for the WAN port so that you can connect
to whatever you need to without a crossover cable. Note that there
isn't a hardware reset/reboot button, but this function is provided in
the software admin interfaces.
The router comes with a Get Started User's Guide,
10 foot UTP cable, RJ11 phone cable and Software CD. The CD contains
the Windows-only EZ Rider manager installer, Apps notes, datasheets, and
PDF copies for the Get Started and more complete Software User's guides
(which you can also download
from this page). Arescom also throws in demo versions of
PC Anywhere, Little Brother, and other assorted goodies.
A model (the EZ Rider) without the built-in modem and rollover
capability is available for $229 (manufacturer's direct price).
The EZ Riders can be purchased from the
Arescom Web site, Fry's, and a network of VARs.
The EZ Rider Pro can be set up a number of ways. If you have
a Windows machine on your network, you can use the EZ Rider Manager setup
application, but it doesn't give access to all the features that the web-browser
interface does. The most complete feature access is through the command
line interface, which is available via Telnet through the LAN, WAN, or serial
Console ports. I used the web-browser for my setup.
The router powers up with the LAN DHCP server enabled, which allowed
me to easily connect to the built-in admin webserver at 192.168.1.1,
just by setting my computer's TCP/IP properties to obtain an IP address
automatically (or from a DHCP server). However, when I tried to
access the web, I couldn't, so had to go hunting for the proper settings.
The browser admin interface is fairly extensive, but could be better
organized. It also seemed oddly focused on dialup settings for a
cable/DSL router. Take a look at the screen shots below for some
examples (click on them to open another window with a larger view).
The category names are a little confusing and some common and useful
information that you may need is missing, such as your ISP's DNS server
information when you have the WAN port set as a DHCP client, and the MAC
address of the WAN port (which many MediaOne/RoadRunner users will need
to get the router installed). Some information / features are available
only through the command-line interface, such as the ability to clone
the MAC address ( set interface e[thernet] 1 mac >)
or set a syslog server (set system syslog).
The EZ Rider Pro also had some interesting defaults. NAT routing
was disabled and the WAN port was not set to be a DHCP client,
the opposite of what many users need to just plug in the router and go.
Changing the defaults on these two items would probably prevent a few
tech support calls!
The firmware upgrade method is worth mentioning.
TFTP and FTP clients are built into the web-browser interface,
but you'll need to be running an FTP or TFTP server on some
machine on your network in order to use this upgrade method. I re-flashed
the firmware as part of my testing but used the EZ Rider Manager's firmware
upgrade feature, since I didn't have any servers handy.
The EZ Rider Pro's default setup could place unsuspecting users at risk
for getting their LAN computers cracked into.
warning! Please follow the User Guide's instructions and
change the router pages' password during your initial setup.
The admin features of the router are accessible from the WAN side of
the router by default via both Port 80 (HTTP Web Browser) and Port 23
If you don't change the admin password to a strong
password, you may find uninvited "guests" in your
Note that the EZ Rider does not expose the NetBIOS ports
or other common ports. But by having the admin ports open to the
WAN, and with no instructions on how to close the ports, Arescom is exposing
EZ Rider customers to unnecessary risk of LAN intrusion, or worse!
Features The feature that most interested me in the EZ Rider Pro was the integrated
56K modem and auto-rollover to a dialup connection. This feature did work,
taking about a 60-90 seconds from the time I unplugged the WAN connection
and hit my Browser "Load" button, to when the router started to
dial. When I plugged the WAN connection back in, the EZ Rider Pro
dropped the dialup connection about 30 seconds later. The only control
you have over this process is whether it's enabled or not.
The router's port mapping and forwarding abilities are better than the 10 or
12 single ports that most of the routers in this class provide. You can
forward up to 64 individual ports and 64 more port ranges through
the EZ Rider Pro's firewall. You can also set the router to log
to a syslog client on your network. (See
this page if you need a Windows syslog client.)
Here's the bad news. The general feeling of this router was sluggish
and unresponsive. It seemed like it had to think about any data
request, with pauses of 5-10 seconds between a browser click and a page
load start, for example.
I wasn't able to complete my usual throughput test on the router.
It would start the download (after the usual pause) then hang at some
point before the download was even half way done. From the information
in the Windows file transfer box, I estimate the speed of the router to
be somwhere around 1Mbps, give or take 0.2Mbps or so.
The EZ Rider Pro's "don't have"s are typical for
this class of router:
No content filtering.
No time-based access control
No support for the RoadRunner TAS login protocol
No IPSec Client passthru support
Note that the router does not have PPPoE capability, but you can
contact Arescom for Beta firmware that adds this capability.
In a word, disappointing. Even after numerous email
exchanges with helpful Arescom Tech support people, I was just not able
to get satisfactory performance from this product.
Given the slow performance, relatively limited availability, higher
price, and insecure default setup of the EZ Rider Pro, there are better