Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Farallon NetLINE Broadband Gateway
Author: Tim Higgins Review Date: 11/13/2000
basic router with good feature set
- Can handle triggered port mapping
than similarly priced products
- Expensive for what you get
CDRom with PDF copy of User guides, and other
one page printed Quick Start Guide
one normal UTP cables
Hardware Reset switch
NO Uplink or Normal / Crossover switch
for LAN Port (see this
page if this concerns you!)
oldie, but goodie.
Farallon's latest addition to their NetLINE product line, the Broadband
Gateway (BG), is pretty much a Maxgate Ugate Plus with minor cosmetic
differences, but with official support for both Windows and MacOS users.
Both routers, by the way, look like they are sourced from Sercomm.
Firmware is not the same as the Maxgate, with the BG having a higher
revision number and different screen layouts. Although I expect
that you'll be able to upgrade the firmware via TFTP clients that Farallon
will supply, there is no mention of firmware upgrade capability in the
User guide, and there are no firmware files or upgrade information posted
on the Farallon
Support Web site.
Even though the BG has an older design, its capabilities
are comparable to many newer products':
The "Special Applications" feature
allows you to specify outbound and inbound ports numbers (or range
of numbers) that UDP or TCP traffic can pass through. You can also
specify an outbound trigger. (Go
here for an explanation of how "Triggered Maps"
The "Virtual Servers" feature provides
an easier way (than opening up specific port numbers using the "Special
Applications" feature) to allow users outside your LAN to access
servers on your LAN. The most common server types (WWW, POP, Telnet,
News, etc) just require checking a checkbox and filling in an IP number
of the computer running the server. There's also a provision
for defining your own types of "Virtual Servers".
Finally, you can use the "Exposed Computer"
option to effectively place one computer at a time on your LAN outside
the BG's firewall, allowing complete Internet access.
Opening holes in your firewall can compromise your LAN's security if
The BG also has a flexible set of outbound access controls:
You can define access groups that consist of specific
workstations and assign different privileges to each one.
You can filter common applications/services (FTP, News,
You can define your own UDP or TCP packet filters.
There isn't provision, however, for filtering by time periods.
Things that the BG won't do are typical for routers in this class.
It doesn't support logging or content filtering. and although it does
support PPTP clients, you'll be out of luck if you try to use IPsec clients
on the LAN, since it lacks IPsec passthru capability.
enough for ya?
I put the BG through my throughput tests, just to make sure
I hadn't missed anything, and I'm glad I did:
(Tests run with 7.0 Release 01 firmware)
[10 iterations 100byte data size]
LAN-WAN routing speed is 3-4 times slower than WAN-LAN,
so you wouldn't want to run a server behind the BG. I also found
that if you set a computer as the "Exposed Computer" (same
as "DMZ computer" on other routers), the WAN-LAN performance
on that computer drops to the slower LAN-WAN speed for all net access.
The UDP stream test indicated that the streaming performance degraded
sharply above 200kbps or so.
The BG is a good basic router that will serve many people
very well. Although it's slower than current designs, many broadband
connections don't run much faster than 1 to 1.5Mbps, so can't benefit
from a faster router anyway.
The good news is that the router's firmware has been fairly
stable. The bad news is that for about the same money (or less,
depending on rebates), you can get faster routers, some with built in
hubs or switches. Perhaps realizing this, Farallon bundles a "Get
25% off selected hubs or switches from Farallon" coupon in with the
BG. But frankly, I'm puzzled that given the present generation of routers
that are available, that Farallon would try to break into the market with
a previous generation "me too" product that isn't aggressively