Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Netgear RP114 Cable/DSL Web Safe Router
Author: Tim Higgins Review Date: 3/25/2001
- Fast - Keyword content filtering with scheduling - Email-able logs
- Port filters (access controls) hard to configure & require using Telnet interface.
4/11/01 New firmware adds port range forwarding [see Review].
3/28/01 Corrected info on Hardware Reset Switch (it has one).
3/27/01 Port range forwarding update info added.
Link/Activity, for each of four LAN ports
100 BaseT for each of four LAN ports
Link for the WAN port
Activity for the WAN port
One RJ45 10BaseT for the WAN
Four RJ45 auto sensing 10/100BaseT LAN
CD with PDF copy of User guide and Applications Notes
one page printed Installation Guide
one UTP Normal cable
120VAC power supply
Hardware Reset switch
NO Uplink or Normal / Crossover switch for LAN Ports, but ports are auto-MDI/MDI-X sensing (see this page for more info).
The RP114 is essentially an RT314 in a box about one-third the size, with schedulable, keyword-based content filtering, and email-able web-traffic logs.
The RT314 has been a very successful product for NETGEAR, and the RP114 is a nice incremental improvement from it. Although the feature set is essentially the same as the RT314 (read the review hereif you're unfamiliar with what the 314 can do), the circuit board has been redesigned so that it's about one-third the size of the RT314's. To achieve the size reduction, the serial COM port has been dropped and all connectors except power have been moved to the front panel, with the indicator lights integrated into each jack. I liked the design (with all the testing I do, I have a preference for front-panel accessible jacks), and the size and layout reminded me more of NETGEAR's four port hub or switch than a router.
As noted above, all LAN ports are auto-MDI/MDI-X sensing. This means that it doesn't matter whether you use a straight or crossover cable, or whether you daisy-chain to a normal or uplink port -- the LAN ports will automatically adjust! Very handy!
NETGEAR's ZyXEL based routers have slowly evolved from a DOS-like interface available via Telnet, to web browser based administration. The 114's firmware is based on the recent 3.24 version firmware, which gives you access to most everything you need to adjust, including Port Forwarding.
4/11/01 The RP114 now supports port range forwarding via new firmware (go here for download info).
Alas, if you want to get to the Access controls (or Filters as NETGEAR calls them), you'll still have to Telnet into the 114 and wrestle with an interface that a novice networker should never have to see. (Visit our Help page if you find yourself at a loss for how to program the Filters.)
Shame on both NETGEAR and ZyXEL for taking so long to get an easy-to-use port filtering user interface into their products!
The Content Filter related screens are shown below (click on any for a full-sized view). You can enter up to 255 keywords, and if anyone attempts to bring up a Web site with any of the keywords contained in the URL, they'll get a page with "Blocked By NETGEAR".
I like this feature, since it tells the user what's happened instead of having their browser just hang.
Logging is tied to the Content Filter feature and you're supposed to have keyword blocking enabled (which it is by default) in order to log web access. I found, however, that logging worked with or without the Enable Keyword Blocking box checked on the Content Filter-Keyword page.
You can email the logs to one user, and set a schedule for when they're emailed. Note that the 114 automatically tries to find a time server (NTP) when it boots up. Once it finds one, it automatically sets the 114's real-time clock, so that all log entries will be properly time-stamped (assuming you properly set your time zone).
You can also access the logs via the browser interface as shown above. This interface keeps 128 log entries. Note that the 114 will send logs to a syslog server if you have one. You'll just have to set this up via the Telnet interface.
One last Content Filter related feature is the Trusted Device. Enter the IP address of a LAN computer and the Content Filter rules won't be applied and Web site visits won't be logged either. Only one IP address gets this exalted status, however!
My trusty qCheck suite revealed the following about the RP114's performance:
Qcheck Transfer Rate (Mbps)
[1Mbyte data size]
Qcheck Response Time (msec) [10 iterations 100byte data size]
Comments: Speed aplenty for most any broadband user. UDP streaming performance showed that 500kbps is about where the router starts not being able to keep up with the packet rate.
I've seen the lower-transfer-rate-with-DMZ-enabled issue on other routers. No big deal unless you have very fast uplink speed on your broadband connection!
As long as you can live without the serial console COM port, the RP114 will do everything the RT314 does and more...and take less space doing it! No word from NETGEAR on their retirement plans for the 314, but with the 114 on-line priced only $10-$15 above the 314 (and probably costing less to manufacture!), I wouldn't be surprised to see the 114 soon take its place.