Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
ZyXEL ZyWALL 10 Internet Security Gateway
Author: Tim Higgins Review Date: 9/13/2001
The information on the '10's VPN support is a little fuzzy.
PPTP client passthrough is supported, but the number or sessions
and sessions per servers aren't specified. It also looks
like you can have a PPTP server on your LAN, as long as you set
up an SUA and firewall rule. It's not clear whether IPsec
is supported at all.
The '10 provides a number of methods to control
the Web sites that can be visited by LAN users:
by subscription list (Cyber Patrol's CyberNot
by type of data, i.e. ActiveX, Cookies, Java
Applet, Web proxy
Trusted / Forbidden domain list (up to 32 domains)
URL keyword (up to 64)
The filtering can be enabled by time of day, using
one settable time range. If you go to the Telnet interface,
however, you can also set the days of the week that the filtering
Attempts to access blocked sites result in a "Please
contact your network administrator!" message, which I like
better than just having the browser hang. Even nicer would
be the ability to change the message, but that's not provided.
You can, however, via the "Exempt Zone" feature,
define 32 IP addresses ranges that can be exempted from the Content
filters, or limit the filtering to only those ranges.
When registering for the Content Filter list, use the Free
link. According to ZyXEL, this will give you a free 6 month
subscription to the list. After 6 months, you'll need
to use the icard link to renew your subscription. Note
that ZyXEL may decide to charge for the Filter list subscription
at some point, although it's now free.
Logging, and Other Features
The '10 supports the RIP-1, RIP-2M, and RIP-2B
dynamic routing protocols and you can set the unit to send only,
receive only or do both with its routing information. You
can also set up to 8 static routes and also tell the '10 to not
include a route in its RIP broadcasts.
Logging results for firewall and content filtering activity
can be viewed on two different browser screens. Detailed
logging to a syslog server (go
here for information on obtaining Windows and MacOs syslog
clients) is also supported and can be set to include logging
of each outbound request, but you'll need to set this up via the
are time stamped, but the stamps won't make any sense unless
you use the Telnet interface to set the date and time.
Strangely enough, there's an option to automatically use a Daytime,
Time, or NTP server (you provide the IP address) on router boot
to set the time and date, but it's disabled! ZyXEL
has made this harder than it needs to be, given that the routers
that they OEM to NETGEAR automatically get the date and time
on boot and allow you to set your time zone via the browser
I ran the Qcheck suite to test
routing performance. I ran my normal WAN-LAN and LAN-WAN tests
with results shown below:
V324(WA.2) | 8/8/2001
Transfer Rate (Mbps)
[1Mbyte data size]
Response Time (msec)
[10 iterations 100byte data size]
Comment: No problems encountered and UDP performance
is improved from what I measured for the P312. Plenty
fast for most broadband connections.
The ZyWALL 10 provides plenty of bang for the buck, and I suspect
that experienced users will get more out of it than newbies.
ZyXEL has done a lot of work on the user interface, but the '10
has enough quirks and controls missing from the browser interface
that I'd say that they're still not where they need to be for
the average user. However, it's still worth being on your
short list of candidates if you're looking for a full-featured,
Stateful Inspection router.