Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Umax/Maxgate UGate Plus Cable/xDSL Internet Sharing Device
Author: Tim Higgins Review Date: 4/1/1999
Great little box if you're tired of hassling with Proxy/NAT software or have
larger LANS to share.
11/21/00 Added IPsec passthru support info.
11/13/00 Removed mention of email feature, which was
removed from firmware some time ago!
7/27/00 LAN connection now is autosensing 10/100 BaseT.
5/25/00 Info updated to show RoadRunner TAS login
3/20/00 PPPoE is now supported.
1/24/00 Corrected "exposed computer" information.
Only one computer can be exposed at a time.
UGate Plus(UGP) is a Ethernet to Ethernet NAT-based router in a package
smaller than your average paperback book. It comes in one version that supports
an unlimited number of users. Throughput is rated at 2-2.5Mbps.
There's not a lot to the box. It has one 10baseT RJ45 jacks for
the WAN, one 10/100BaseT jack for the LAN, a couple of indicator lights,
a reset/reboot button, a power input jack, and two dipswitches used to
re-initialize the unit. The unit is powered by a small external
it doesn't function as a VPN (PPTP) server although
one VPN (PPTP) client machine is now supported. It will
also support IPsec passthru with firmware 6.5R1c or higher.
Owners of existing UGate Pluses can download a new firmware update
utility and new firmware. Go
here for more info.
Installation and troubleshooting hints for the Ugate Plus can
be found here.
You can get the UGP User manualhere
in PDF format.
Installation is relatively easy, with only one catch. The UGP's
settings are accessed by a computer configured with TCP/IP and running
any web browser. The default IP address of the UGP is 192.168.0.1,
a common address setting (and the one that I recommend in my LAN setup
If any computer on the LAN that you connect the UGP's LAN port to
has an IP address of 192.168.0.1 assigned, you'll get an address conflict.
You'll need to either change the address of the conflicting computer,
or temporarily unplug it from the LAN until you use another computer to
reset the UGPs address to one that doesn't conflict.
Once you get past this, installation consists of:
plugging your LAN into the UGP LAN port
plugging your cable or DSL modem into the UGP WAN port
setting up the WAN port
setting up the LAN port
The LAN port can run a DHCP server to provide your LAN clients with their
TCP/IP address, Gateway and DNS information. The WAN port can either
function as a DHCP client, or you can configure it manually, whichever
your ISP requires.
Important!If your ISP locks your service to a specific
Network card (like MediaOne here in the Boston MA area), you'll have to
call them and give them the MAC address of the UGP. If you don't
do this, the UGP won't be recognized by your ISPs DHCP server and you
won't get a network connection.
The UGP can handle just about any network configuration you can come
up with. It can co-exist with other DHCP servers and routers (it
has a static routing table you can configure).
5/25/00 The UGP now has RoadRunner TAS login support.
You can remotely administer it via web browser (it has password protection).
Since it's a NAT-based router, you get firewall protection from any unwanted
inbound traffic. The UGP, however, offers a variety of ways for
you to control what gets in and out of your LAN:
The "Special Applications" feature
allows you to specify outbound and inbound ports numbers (or range
of numbers) that UDP or TCP traffic can pass through.
The "Virtual Servers" feature provides
an easier way (than opening up specific port numbers using the "Special
Applications" feature) to allow users outside your LAN to access
servers on your LAN. The most common server types (WWW, POP, Telnet,
News, etc) just require checking a checkbox and filling in an IP number
of the computer running the server. There's also a provision
for defining your own types of "Virtual Servers".
Finally, you can use the "Exposed Computer"
option to effectively place one computer at a time on your LAN outside
the UGP firewall, allowing complete Internet access.
Control yourself! The UGP provides a flexible set of outbound access controls:
You can define access groups that consist of specific
workstations and assign different privileges to each one.
You can filter common applications/services (FTP, News,
You can define your own UDP or TCP packet filters.
There isn't provision, however, for filtering by time periods.
There are a few things that the UGP won't do:
It won't function as a Virtual Private Network (VPN)
It doesn't support traffic logging.
It doesn't provide content filtering.
So, I'm sure there are some of you asking, "Why would I want to
spend $140 for something that I can get for about $40?" (since that's
what the average Proxy or NAT program that runs on a Windows box costs).
After living with this little guy for a few weeks, I'll
give you one word:
For a small home-based LAN of a few machines, and
that has a computer-knowledgeable person around on a regular basis, a
software Proxy/NAT solution works fine. Yeah, so you have to reboot the
Proxy/NAT machine on a regular basis, that's normal for Windows anyway,
Not with the UGP. Once you set it up, it just
works, and with good throughput too! I definitely would
recommend the UGP to small businesses and users with reasonably large
LANs (more than 3-4 machines). No more calls from users/clients
saying that they can't access the internet. Ahhhh, bliss!
On the other hand, if you're handy with *nix and have a
spare 486 or better computer around, by all means go for setting up a
*nix based router. Just don't call me if you can't get it to work!