Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
3/23/01 Corrected comment in Wireless Performance section about ORiNOCO card.
WAN Ethernet Link
WAN Ethernet Act
LAN Ethernet Link/Activity (4X)
LAN Ethernet Full/Collision (4X)
LAN Ethernet 100 (4X)
One RJ45 10BaseT for the WAN
Four RJ45 auto sensing 10/100BaseT LAN
one RJ45 Uplink port shared with Port 4
Tech Helper CD
printed Quick Installation sheet
Two dipole antennas ("RP-TNC" type connector)
100-240VAC Power supply
Antennas are external and removable
Has Hardware Reset switch
Has Uplink port
For all you Linksys fans out there, the real wireless Linky has arrived (as opposed to the WAP11). The W11 checked out pretty much as I expected, but if you're planning on using WEP encryption, there are a few things you need to know.
Setup & Features
The W11's firmware is based on a variant of the 1.37 release and should be fairly bug-free for most users. Note that I didn't check to see if the W11's firmware has the game-server hosting fixes, so if that is important to you, proceed at your own risk!
Since the W11 has all the features of a normal Linksys router, so I won't go into them here (see this review if you need more info about the router itself).
The main difference from the non-wireless Linky in the W11 is the incorporation of the 802.11b Access point features. The W11, like other Linksys wireless products is based on the Intersil PRISM II chipset. The radio is built into the box, but there are two external monopole antennas, attached via "RP-TNC" type connectors.
You access the Wireless features via the main Setup screen (shown below - click on a screen shot for a full-sized view).
Nothin' fancy here, although there's a nice feature that lets you shut off the wireless radio if you don't need/want it on.
If you're planning to use WEP encryption, you should know two things:
Only 40/64 bit WEP is supported (contrary to the information in some of the Linksys literature and in the User manual that came with the product!). This is clear in the screen shot below that shows that you can enter up to four 10 character (Hex) keys. (See this page if you need help understanding WEP.)
Enabling WEP degrades throughput by about 50%. See the Wireless Performance section for the numbers.
Tip: Be careful when enabling/disabling WEP that you don't click on the Wireless Disable function. I did...more than once!
Tip: When you change any WEP settings, be sure you click on the Apply button on the bottom of the Setup page, or your settings won't be saved!
Similar to other wireless routers, the W11 comes up short on wireless network monitoring features. Here's what you don't get:
ability to tell how many wireless clients are using the network
the MAC or IP address of clients
the state (active, roaming, etc.) of clients
You also can't control which wireless clients can access your W11, but you can use Filters to block Internet access to certain services, since wireless clients are treated the same as Ethernet-based clients. This means your wireless clients will also get traffic logging, port forwarding, and everything else that Ethernet-based clients get.
I ran the usual QCheck test suite on the W11, using a Linksys WPC11 PC card as the wireless client, and a Windows PC as the other LAN client.
Both clients are on the LAN side of the router, so these tests do not include the router's performance.
Here are the results:
(Tests run with: - WEP encryption DISABLED - Tx Rate: Automatic - Power Save disabled) [Ver 1.37.t1 router firmware] [Ver 0.29 4b PC Card firmware]
Comments: The Linksys WPC11 card seems to take a lot of heat in our Reader Opinions section for poor range, but the numbers above show typical 802.11b performance. Both Condition 3 and 4 locations had the card's Link light intermittently flashing, indicating loss of network connection, but the throughput numbers were still good. I suspect that sustained throughput in those locations would have been lower, however.
The WPC11's Configuration Utility signal quality indicators were basically useless, showing no signal while tests in Conditions 3 and 4 were being performed.
Enabling WEP produced a 50% throughput hit, knocking best case performance down to about 2Mbps. I also checked WEP using a Lucent-chipset based ORiNOCO Gold card and the card connected fine with WEP enabled (although it had the same 50% performance hit as the Linksys card).
The high Data Loss % for the Condition 1 UDP streaming test was puzzling. This test has AP and Client card about 6 feet from each other, so maybe this was a signal overload problem?
I also used Qcheck to test the W11's routing performance:
[Tests run with Ver 1.37t1 firmware]
Qcheck Transfer Rate (Mbps)
[1Mbyte data size]
Qcheck Response Time (msec) [10 iterations 100byte data size]
Comments: Nice routing speed (even faster than the regular 4 port Linky), but the W11 definitely didn't like the UDP WAN-LAN streaming test. The test tended to lock up the router after the second run, requiring a router reboot to get data flowing again. Curiously, outbound (LAN-WAN) streaming was fine.
I think Linksys is going to put some pressure on SMC's Wireless Barricade with the W11. Although it doesn't have the Barricade's built-in print server or support for dialup WAN connection, the W11 does have one more switched 10/100 Ethernet port (plus an Uplink connector), and costs up to $40 less, depending on how good a bargain-hunter you are. That, plus Linksys' cover-the-Earth distribution network almost guarantees that the W11 will be a best-seller!
It also looks like Linksys doesn't want the WAP11 non-routing Access Point to hang around for long, since they've street-priced the W11 only about $10 more, and the W11 is definitely easier to set up and use.