Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Umax/Maxgate UGate 3300 Cable/DSL Wireless Sharing Router + Print Server
Author: Tim Higgins Review Date: 2/27/2001
Model: UGate 3300
- Supports 64 & 128bit WEP - Built-in Windows/LPR print server with Bi-directional support - Good range and throughput (without WEP enabled)
- Only one LAN port - 50% throughput decrease with WEP enabled
MaxGate's 3300 is a single LAN port broadband router with built-in print server and 802.11b wireless Access point. It turned in a respectable performance in our testing, but has some issues that you should be aware of before you buy...
The 3300 sports a browser-based web administration interface that's differently organized than the interface on previous products (click on the screen shots to your right for a full-sized look). I had to hunt around for some items, but found most everything I was looking for, with a few notable exceptions. It looks like MaxGate has dropped the following things from the 3300's capabilities:
support for the RoadRunner TAS login protocol
ability to enter a Domain name for the LAN DHCP server
They've also moved the ability to change the WAN MAC address to a hidden page at http://192.168.0.1/mac.htm. Neither omission is fatal and can generally be worked around, but the features are conspicuous in their absence, given that MaxGate had provided these settings in past products.
Since I've previously reviewed the UG3200 and 3200P, which have similar routing capabilities, you can see those reviews for more details on what the 3300 can do in that department.
I should note that the URL Filter (up to 50 strings) and Logging features that I saw in the pre-release UG3200P seem to have made their way into the 3300. These are welcome additions, even though I'd like to see better logging capability, including support for detailed logging via either syslog or SNMP.
Having checked the LPRcompliant, printserver feature in the UG3200P, I skipped it this time (see this is you need more info). The admin interface doesn't show anything about the printserver or printer status or settings.
The 3300's wireless capabilities come via an 802.11b radio card inserted into a PCMCIA slot in the rear of the router. The card is based on the Intersil PRISM II chipset and has "WL11000-1" printed on it. That, along with the FCC ID, shows that it's made by Eumitcom, a popular OEM for other manufacturers' 802.11b parts and products. There's no installation process for the card, other than inserting it into the 3300 before you power it up.
All of the 3300's wireless settings are accessed via one screen. Both 64 and 128 bit WEP encryption is supported, and up to four 64 bit or one 128 bit keys can be entered. A nice feature not usually seen on 802.11b routers/Access Points in this price range is the Access Permissions setting. This is not the same as the Access Control routing feature, but instead controls whether a wireless client is allowed to connect to the LAN at all. Control is via MAC address, and you can block or allow everyone, or allow up to 20 specific wireless clients to connect.
Too bad though, that MaxGate didn't add wireless network monitoring capabilities to the 3300. You can see (via the Device/LAN status screen) the IP and MAC address of all DHCP clients connected to the 3300, but you can't tell which clients are the wireless ones. You also can't see the state (active, roaming, etc.) of clients, nor can you access any Network statistics (error rate, packets sent/received, etc.).
I expected the 3300's routing performance to be similar to that of the 3200 and 3200P. What I found was surprising:
[Tests run with Ver 1.0 Release 14 firmware]
Qcheck Transfer Rate (Mbps)
[1Mbyte data size]
Qcheck Response Time (msec) [10 iterations 100byte data size]
Comments: Since Qcheck requires opening ports in a router's firewall or placing a LAN client in DMZ, I usually get to see whether doing this affects routing throughput. In the 3300's case, I found a 25% throughput hit when putting a client in DMZ or forwarding ports to it. The 3300 also had a difficult time keeping up with the 500Kbps UDP streaming test, as is shown by the high Lost Data % (although it didn't lock up like other routers have on this test).
Even without forwarding or DMZ, I found the 3300 to be slower than the 3200, although perfectly adequate for most broadband applications.
Wireless testing was done using a Zoom ZoomAir PC card as the wireless client, and a Windows PC as the other LAN client. Both clients are on the LAN side of the router, so these tests do not include the router. Here are the results:
(Tests run with: - WEP encryption DISABLED - Tx Rate: Automatic - Power Save disabled) [Ver 1.0 Release 14 firmware]
Comments: Wireless speed was surprisingly consistent among all four test conditions. I was even able to get a signal and useable throughput in a spot that most other wireless clients fail to pull a signal in. It appears that the "paddle" style antenna on the 3300's radio card doesn't put it at a disadvantage vs. products with larger, or "rabbit ear" antenna designs. On the negative side, however, is the 50% throughput hit that comes when WEP encryption is enabled. I found the same reduction in either the 64 or 128bit WEP modes.
I originally used a Lucent-chipset-based ORiNOCO Gold PC card for my testing, but had to abandon it when it failed to connect to the 3300 with WEP encryption enabled. I've run into this problem with two other products (the SMC Wireless Barricade and D-Link DI-713, and it took a firmware update from SMC to fix it and D-Link still hasn't addressed the problem. The 3300 worked fine with the ZoomAir card with either 64 or 128bit WEP enabled, however.
The 3300 gets MaxGate onto the 802.11b playing field with what's essentially an extension of their UGate 3200P platform (minus six of the 3200P's LAN ports) that has decent wireless performance...as long as you don't use WEP encryption. It's unclear what MaxGate wants to do on that field, however, given that they show no sign of sourcing 802.11b Client products.
Although the routing throughput differences from the 3200P are puzzling, they probably won't bother most users. What's more likely to be a problem are the WEP related issues. A firmware upgrade will most likely solve the Lucent WEP compatibility problem, but the WEP throughput hit may not be as easily solved.