Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Netgear Cable/DSL Firewall Router
Author: Tim Higgins Review Date: 3/12/2001
- Fast, stateful inspection firewall, with full browser administration - Detailed logging and alerts via email - Built-in four port 10/100 switch
- Base model supports only 8 clients - No remote administration - Can't control access or filtering by user
Those of you who follow the inexpensive router market know that NETGEAR tapped SonicWall last Fall (instead of ZyXEL) as their development partner for their new router line. The FR314 is the first fruit of their joint labors and although it's not a SOHO2 for $250, it does have many of the features that have made SonicWall one of the most highly regarded routers available.
Most of the FR314's network setup can be done from one screen. Unlike the SonicWall products, the 314 comes with its LAN DHCP server enabled, so all you need to do is connect a computer whose TCP/IP is set to obtain its IP info automatically and you should be able to log right into the admin pages at 192.168.0.1.
Most users will find all they need in the 314's setup capabilities, but there are some things you should know about, as detailed below:
The FR314 can handle single Static IP, single dynamic IP, or PPPoE WAN connections.
It does not have any special support for RoadRunner TAS login
It does not handle WAN Mac address cloning or changing (MediaOne and other MAC address authenticated users should note that the router serial number on the General > Status page is its WAN MAC address.)
You can enter Domain and Host Names, for @Home setup, but the Host Name naming ability goes away if you use the NAT with Fixed Address Network Addressing Mode
The base 314 supports 8 users maximum. An 8 to 20 user upgrade is available for $79, and a 20 to 45 user upgrade will cost you an additional $99. (See this SonicWall Tech Note that describes how the number of "users" is counted.)
The FR314 has an impressive list of features. But before we dig into what you get, let's take a look at what you'll be missing:
DMZ: Also known as "default server" in some routers, this feature allows you to place one LAN computer completely outside the router firewall. You won't find this feature in the FR314, due to its SonicWall heritage.
WAN address "loopback": If you have LAN based servers that you set as Public servers, you'll have to reach them via their private LAN IP address from LAN side machines.
The 314 also doesn't have any of the SOHO's "Advanced Features" that are detailed on this page.
With that out of the way, let's look at what the 314 does give you!
Filtering (or Content Controls):
The FR314 has quite an array of Content filtering features. Here's the list:
You can individually choose to block ActiveX, Java applets, Cookies, or access to WAN based Proxy servers
You can have the filtering active only during a certain time of the day (just one range) and certain days of the week (one range), or all the time
You can enter lists of "Trusted" and "Forbidden" domains
You can enter a list of keywords to filter. If the keyword is contained in a URL, access to the site will be blocked.
You can subscribe to CyberPatrol's CyberNOT content filter list for 6 months ($49) or 12 months ($99) and set the FR314 to update the list automatically once a week (or manually download the list).
Note that these content filters apply to all users. Unlike the SOHO, you can't establish lists of users with different privileges.
Access Controls: The 314's Access page presents you with a list of common services that you can allow or block, just by checking or unchecking a box. You can also quickly set up a "Public LAN Server" just by entering the server's IP address.
If you don't see the service you need, you can add a service, specifying TCP, UDP, or ICMP protocol and the port or range of ports the service uses. NETGEAR even gives you a list of predefined popular services you can choose from.