Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
MutliTech RouteFinder DSL/Cable Router
Author: Tim Higgins Review Date: 12/5/2000
- COM port supports both PPP dialup Internet connection and dial-in
- Good logging and hack protection
- Very Limited support for non-Windows management
- No port range forwarding
4/26/01 Revision 4.48 firmware
adds IPsec passthru,Netmeeting support, and other fixes.
page for the ReadMe and download info.
"Link/ACT", "100", and "FDX/COL"
for each of 4 LAN ports
"DATA" (activity) and "DCD" (carrier
detect) for Serial COM port
"Link", "RxD", "TxD" for WAN
One RJ45 10BaseT for the WAN
Four switched RJ45 auto sensing 10/100BaseT
RS232 Serial DB9F
System CD with manuals, drivers, software
Power Supply (100-240V "brick")
printed RF500S RouteFinder Quick Start Guide
DB9M to DB25M serial cable
Hardware Reset switch
Uplink or Normal / Crossover switch for LAN
If you've been looking for a way to dial into your shared broadband
connection and didn't want to spend the money to install WinNT
MultiTech's RouteFinder DSL/Cable router (RF) may just
be the ticket. There are other Ethernet to Ethernet routers
that include a serial COM port, but the RouteFinder is the first
to let you use that port either as an alternate WAN connection
method, or as a full-featured Dial-in Remote Access Server
(RAS)! Got your attention? Let's see if it's the
one for you.
I'll tell you right off that if you're not going to use a Windows
(95/98/NT/2000) computer to setup and administer the RF, then
you're going to have a tough time. There is no web interface,
and although there is a Telnet admin Interface, it doesn't
give you access to everything that the Windows "Manager"
program does. It also gives you none of the monitoring capabilities
of the "Monitor" program. I've included a few
screen shots below to give you a flavor of two programs.
RF ships with no administration password, so be sure
you set a
strong password while configuring the router.
You can see all the screens and get the complete info on the
RF's capabilities by downloading the User's
Guide from the MultiTech support site (1.3Mb PDF file).
The site also has links to the latest
firmware and other info. You can download either
of the above from MultiTech's
FTP site, too.
The tools have a lot of depth, and I encourage you to explore
all the screens and/or read the User's manual (the printed Quick
Start Guide doesn't even scratch the surface of what's in the
RF)! However, there were a few things that I had to ask
MultiTech to help me hunt down, so I'll pass them on to save you
DHCP Release / Renew: Use the Monitor
program "Terminate Connection" button.
Port 1 is the Ethernet WAN port. Port 2 is the serial WAN
"DMZ" or "Exposed" computer:
Enable IP Mapping in the Manager program, and enter
zero as the port number to map for the IP address of the
computer that you want to be completely outside the firewall
WAN IP info: You'll find it in the Monitor
Program's Event messages.
The logging capability is pretty good, showing traffic,
system events (boot, DHCP leasing, etc. and attacks). You
can save a snapshot of the logs to text files, or autosave to
an Access database on a schedule you can set, from every 1 to
24 hours. I also found the RF's firewall to be locked down
pretty tight, and the attack detection really worked. It
detected and blocked a UDP flood Trinoo attack and the port scans
that I threw at it.
The RouteFinder is the first router in its price class to offer
dial-in RAS, and it's pretty full-featured. Take a look:
You can assign a specific IP address or let
the DHCP server handle it
Set TCP/IP or IPX/SPX prototols and set the
IPX/SPX frame type
Set PAP or CHAP Authentication, using either
a list you define or a RADIUS server. You can also disable
You can set Main, Backup, and Accounting RADIUS
The serial port settings are pretty complete too,
as the screen shot below shows. The installer comes with the setup
profiles for a number of popular modems. You can control
idle timeout, auto reconnect, and dialing retries, too.
The RAS feature worked reliably, connecting me each
time I dialed in.
bad for speed either
The RouteFinder didn't disappoint for speed, either. Take
Although it's not the fastest router we've tested, it's more
than adequate for most cable and DSL connections. (Remember,
a router that can route faster than your Ethernet connection doesn't
do you much good!)
Although it has some great features, there are still some features
that the RouteFinder lacks:
No port range or triggered port mapping
IPsec VPN is currently not supported
4/26/01 Revision 4.48 firmware adds IPsec passthru,Netmeeting
support, and other fixes.
No remote administration
Not a long list, but if you need the above features,
you'd better look elsewhere.
MultiTech has come out swinging with the RouteFinder! A
four-port switched router with a good feature set, decent speed,
dial-in RAS (that no one else has...yet!...), and on-line priced
as low as $140! If you're ok with Windows-only setup
and administration, it's definitely worth a look!