Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Sonicwall SOHO Internet Security Appliance
Author: Tim Higgins Review Date: 9/29/2000
- Excellent logging and alert features - Very good Access controls, including Time - Very good Content controls
- Slower than less expensive products - No port range forwarding - No "DMZ" - Expensive feature upgrades
1/11/01 - Port range mapping and other improvements have been made in version 5.1.0 and higher firmware. See this page for Release Notes.
Check this page for a summary of the SOHO's capabilities.
WAN: Link, Tx, Rx
Link & Activity for each WAN port
One RJ45 10BaseT for the WAN
Four RJ45 auto sensing 10/100BaseT LAN (one is wired for Uplink)
5.0 Firmware addendum
printed User's guide
CD with PDF versions of manuals, utilities
Wall mounting bracket
Hardware Reset switch
It's taken me long enough to review one of the products that helped to establish the category of inexpensive routers, but after enough reader requests (and procrastination), I finally dug into this very feature-rich product.
The good news is that if you've been unhappy with the limited feature offerings of many of the products in this market, you're gonna love the SOHO. It has a lot of what you've been looking for: a secure firewall with excellent logging, report and alert functions; extensive access control and content filtering features; and even a One-to-One NAT feature that lets you share more than one public IP address with firewall protected clients.
What's not so good news, though is the slower speed and more limited port forwarding capabilities of the SOHO. For that story, however, you'll have to read on....
Warning! This is a looonng review. If you have specific interests, go to the bottom of the page and use the links to take you where you want to go.
Setup and Basic Features
The SOHO comes with a printed quickstart guide and user manual, and a Java-based setup wizard that makes setting up easy. A companion CD is also included that contains PDF versions of these and other docs. The CD also includes utility software, copies of the Adobe Acrobat reader, Netscape browser, and router firmware. All the PDF documentation and more is located at the SonicWall FTP site. The SonicWall support Web site also has an extensive FAQ file, which you can either search or browse.
As I said, the setup wizard makes setup easy, but you'll need to assign a static IP address in the 192.168.168.X range to the computer that you use for setup because the SOHO comes set with an IP address of 192.168.168.168 and the LAN DHCP server turned off. The SOHO also doesn't come with the WAN side set to be a DHCP client, so there's little chance of doing a "plug-and-go" installation. The wizard forces you to set a admin password as part of the setup, but doesn't do any checking to make sure that the password is a strong one.
Once you get set up, you'll need to reset the IP address of the computer that used for setup and the Sonicwall tells you this clearly as the wizard finishes up its work. You can play with the setup Wizard via the SonicWall Web site so I won't bother with any screen shots, and just give you some key setup features:
The SOHO can handle single or multiple Static IPs, single dynamic IP, or PPPoE WAN connections.
It does not have any special support for RoadRunner TAS login
It does not handle WAN Mac address cloning or changing (MediaOne and other MAC address authenticated users should note that the router serial number is its WAN MAC address.)
You can enter Domain and Host Names, for @Home setup
As you work you way through the Management Interface menus, it seems like the feature set just goes on and on. After working with the SOHO for a few days, I found that although it has lots of features that other less expensive products don't have, it lacks some features that you may expect to find. So before we dig into the extensive feature set, let's take a look at what you'll be missing:
DMZ: Also known as "default server" in some routers, this feature allows you to place one LAN computer completely outside the router firewall. You won't find this feature in the SOHO, since SonicWall's focus is security (they do call the product an "Internet Security Appliance" after all...) and they feel that this is an inherently insecure way to allow WAN traffic past the firewall. See the Access section of the review for what the SOHO does provide for getting traffic through the firewall.
Port Range Forwarding: You can set access rules on up to 128 single TCP, UDP, or ICMP ports (more on this later), but you can't forward port ranges and you won't find triggered port maps either. Instead SonicWall has built special handling into the SOHO for NetMeeting and other applications that require special port handling.
WAN address "loopback": If you have LAN based servers that you set as Public servers, you'll have to reach them via their private LAN IP address from LAN side machines.
10/100 switched LAN ports: The 4 LAN ports are 10BaseT only and they are repeated, not switched. In other words the LAN side is a four port 10BaseT hub. Note that port number 4 is hard-wired as a crossover port, so you'll need to use a crossover cable to connect a normal LAN client, i.e. a computer to that port. Although a short crossover cable is provided with the SOHO, it seems an odd design choice.
Bummed? Don't be. There are plenty of features to get your LAN securely connected to the net. Let's start by looking at the Access controls.