Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Nexland Pro400 Internet Security Appliance
Author: Tim Higgins Review Date: 4/3/2001
Model: PRO 400
- Very flexible VPN pass-thru handling
- Auto failover to backup serial port
- Access to logs requires SNMPv1 tools (not provided)
- Awkward firmware upgrade and configuration backup procedures
4/4/01 Added RIP2 and L2TP info
LAN Tx/Rx - Error
100 Link/Activity for each of 4 ports
10 Link/Activity for each of 4 ports
Duplex for each of 4 ports
One RJ45 10BaseT for the WAN
Four switched RJ45 auto sensing 10/100BaseT
One DB9M serial port
printed "Quick Start" guide
printed User Manual
null-modem Serial cable
CD with manual, browser, & utilities
one normal UTP cable
120VAC Power supply
Has Reset switch
NO Uplink or Normal / Crossover
switch for LAN Ports (see this
page for more info)
Nexland's PRO400 is a 4 port 10/100 switched router with strong
VPN passthru capabilities, and a number of features that people
who run Internet accessible servers on their LANs will appreciate.
I found it to be a pretty solid box, but not without a few little
The PRO400 has browser based administration, with the
admin server located at 192.168.0.1. Its
internal LAN DHCP server comes enabled, so you just attach
a computer set to be a DHCP client (obtain IP address
automatically), either reboot or do a DHCP Release/Renew,
fire up your web browser, enter the IP address above and
you'll be in business.
Most users will need to access only the
Main Setup page to get on the air. This
page allows you to set being a DHCP client, or
enter PPPoE login info. Host and Domain names
are supported for @Home users, and the WAN MAC address
can be set to whatever you like for those users who need
this ability. If you have a static IP, you just
go to a second screen to enter that info.
The Status screen gives you an overview of the
PRO400's setup. The "Disconnected" Connection
Status indication shown in this screen shot was somewhat
confusing, given that I was successfully connected to
the Internet at the time! A check with Nexland revealed
the error to be due to my test setup (I test all routers
behind my LAN master router, and it wasn't responding
to the "Are you alive" test that the PRO400
uses to determine whether to trigger the analog backup
port), but will be corrected in a future firmware release.
The PRO400 has a serial port that supports
an auto-backup feature. If the Ethernet-based WAN
connection goes down, the PRO400 will automatically trigger a
session via the dialup or ISDN device attached to it and get you
back on the air. When your broadband connection comes back
up, it will drop the dialup/ISDN connection and switch back over
If you want to use a dialup or ISDN connection as your primary
network connection, that's fine, too. Just don't connect
anything to the WAN port and check the "Enable"
box on the Backup/Analog/ISDN page.
Port Mapping: The PRO400 has a rich feature set, with plenty of ways to
forward ports through its firewall. Check the router chart
and screen shots for the details, and you'll see both static port
and port range mapping and triggered
port range mapping ("Special Applications").
WAN "Loopback" is even supported on all LAN machines,
except for the machine that is running the server that you're
trying to reach.
It also has the ability to identify LAN machines by MAC
address and reserve IP addresses in the LAN DHCP table,
assign the machine to an Access (port filter) group, and
bind it to a specific PPPoE session (only useful with
multi-session PPPoE accounts).
If you need to control who has access to what services
on your LAN, the PRO400 provides a full range of port
filters. You can choose from a selection of pre-made
filters or roll your own TCP or UDP filters.
Other stuff: Advanced users will appreciate a few other features that Nexland's
included in the PRO400. There's a built-in Dynamic DNS
client that will work with your DynamicDNS provider of choice
(go here for more
info) so that you don't have to run any client software on any
of your LAN machines.
The ability to set Static Routes is useful
for using the PRO400 in multiple-router LANs. The RIP2
dynamic routing protocol is also supported, but can't be disabled.
Finally, the adventurous user may want to explore
the Expert Level screen shown below.