Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
2Wire HomePortal 100
Author: Tim Higgins Review Date: 4/5/2001
connected. Now what?
Opening holes in your firewall can compromise your LAN's security if done
Once your shared connection to the Internet is up, you may need
to get things other than web browsing and email working, such as web phones,
games or servers. For you, the HP100 has its "Hosted Applications"
feature. This is port mapping, but with a very nicely designed interface
and much of the nasty work handled automatically. As you can see from
the screen shots below (click on them to see a larger view), you set the Hosted
Applications by choosing a network client by name and choosing from an extensive
pick-list of applications. If your application isn't in the list, you
can set the mapping yourself, but only one port at a time. You
should also tell 2Wire, because they've made the list updatable by clicking
on a link in the Hosted App window, and they'll be expanding the Hosted App
list for popular applications.
I was curious about what 2Wire did for the tough apps like NetMeeting
and Direct X games, which require many ports to be opened. I was surprised
when I saw only one port listed for each of these apps! 2Wire said
that they actually write "Application Layer Gateways" for complex
maps, which do the heavy lifting. The simple single port Hosted Apps I
tried all worked, but I didn't try any of the more complicated stuff.
So I can't comment on how well 2Wire does at achieving their goal of making
one of the toughest parts of Internet sharing easy.
I ran a few TCP port scans for common server and Trojan ports
on the HP100 and didn't come up with anything open. On the other hand,
none of my scans were picked up in the MDC's Security log, either. The
log can be cleared, but not saved, emailed, or sent to a syslog server.
not to like?
Although 2Wire's management interface is better than many others,
it has its share of quirks and missing features...
Browser Bugs: I used both Netscape 4.75 and IE 4.72.3110
(the one that comes with Win98SE for my testing and found differences between
them. You won't see the "Access shared files" hyperlink
on the "Networked Devices" display in Netscape, but will in IE.
for all frames of the window when I tried to access the MDC with IE, but
Netscape was ok. The Help screen index displays in IE, but not in
Sticky Network: I did some moving around of Network
clients during my testing, but try as I might, I couldn't get rid of the
icons for the no-longer functioning devices. They at least were "greyed
out" and the 2Wire console didn't nag me about them.
No Status: Other than the big steadily glowing LEDs
on the front of the 2Wire box, you have no idea of whether traffic is really
moving, or whether devices are even linked. The Ethernet connectors
on the rear of the box have Link and Activity LEDs, but the HomePNA and
USB jacks have none. Nothing to help you in the Home Portal Monitor
display either. This needs work, folks.
No Admin password: Seems like a glaring omission to
me! Anyone on the LAN side of the router can bring up the HomePortal
web screen by typing http://172.16.0.1/ into their browser
No Remote Administration: If you're not on the LAN
side of the HP100, you won't be able to access either the HPMonitor or even
No Real Time : You can't set the time of day in the
HP100, so all logged events are timed relative to the last boot-up.
If you've used other routers, you may be looking for some features that you're
used to. Here's what you won't find:
Access Controls: No way to keep users from accessing
Content Controls: You'll have to find another way to
keep objectionable material from being accessed from the net.
Static Routing: You can't set static routes to communicate
with other routers' subnets if you have them.
DHCP Disable: You can't shut off DHCP and you can only control the
private IP range (but not the number of clients) that's handed out
via the MDC
VPN Server support: You won't be able to host either PPTP or IPsec
servers on your LAN. 2Wire says that PPTP client passthru presently
works and the IPsec client passthru will be supported in a firmware update
that is due out in a few weeks.
You should also know that the two USB "A" (rectangular) connectors
(described as being for "peripheral support") currently can't be used
for anything. The one "B" connector isn't supported for the MacOS,
The HP100 blew right though my manual file transfer test, which
maxes out at about 5.0Mbps. So I had to rely on my trusty netIQ
Qcheck utility to give me the real story, which was blow-my-socks-off
(Tests run with 220.127.116.11 firmware)
[10 iterations 100byte data size]
This puppy SCREAMS in either direction, whether it's TCP, UDP
streams, or whatevah. 'Nuff said!
Update 1/10/01: The HomePortal
100 price has been cut to $199, so it's an even better deal now!
2Wire packs a lot into its stylish box for $200, but is it worth
it? I tried to assemble an equivalent box from separate products, just
to do a sanity check on pricing, and came up with the following (pricing data
was from Pricegrabber
on 10 Jan 2001):
NETGEAR RT314 router
(for its speed and ports)
NETGEAR PE102 HomePNA2.0 to Ethernet bridge (less $ than
NETGEAR EA101 USB to Ethernet adapter
This tells me that 2Wire has done their pricing homework. They've certainly
done their bandwidth homework, since the HP100 is now the fastest router
tested to date! If the firmware that handles their Hosted Applications
is solid, that would be another advantage over many competing boxes who either
can't get it right or who forward a smaller number of ports.
Since 2Wire pumped up the hype volume as high as they did, I really felt they
had a lot to live up to, and for the most part, they did. But they'll
need to improve the feature set and keep an eye on the competition who are starting
to roll out their multi-flavored port products, too!
Bottom Line: If you're looking for a blazing fast router that can handle Ethernet,
USB or HomePNA2.0 connections out of the box at a competitive price, the HP100
is definitely worth a look!