Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
D-Link Wireless Access Pont
Author: Tim Higgins Review Date: 1/25/2001
- No throughput hit when using encryption. - Good antenna system
- User's manual can be confusing. - No LAN monitoring capability - Windows only setup
One external, moveable position, "diversity" antenna
Hardware reset button
The D-Link DWL-1000AP (AP) is well-priced 802.11b Access Point (Bridge) in an attractive package. At first glance, it looked like your average inexpensive 802.11b Access Point, but my testing yielded a few pleasant surprises!
The AP does not have an HTTP (web browser) administration interface, and uses SNMP for management. D-Link supplies a Windows-only AP Manager for setup, so if you don't have a Windows 98/NT/2000 or Me PC handy for setup, then you'll need to find another product!
Configuring the AP can be as simple as plugging it in, since it comes set up as a DHCP client, that is, it will pick up an IP address from a DHCP server on your LAN.
The 1000AP and companion USB or PC client cards actually come set to the same default ESSID ("default") and with WEP off. The clients also default to Infrastructure mode, i.e. use with an Access Point. So you have a fighting chance of not having to touch any settings to establish a basic connection. A first!
The AP settings are not password protected. But you can lock an AP, which protects its settings from change until you press the reset button on the AP.
If you don't have a DHCP server, then you need to use the Wireless LAN AP Manager, which you install from CDROM. (Click on the screen shots below for a full sized view.)
The AP Manager doesn't seem to be able to read any status information from the AP, only write it. AP setup information is stored in a ".apc" file on the machine that runs the AP Manager. The AP Manager doesn't automatically open the last .apc file used when you start it, either. I found this to be confusing, since I expected to see the status of the AP (and the information that I wrote into it) when I opened the Manager.
With this utility, you can scan for AP's or set an AP's IP address info if your network doesn't have a DHCP server available. Once you're connected, you can set the ESSID, channel number, and "Community string" (used for SNMP management) for the AP.
The first time through the AP Manager's setup wizard, I was unsuccessful in getting things set up, mainly because the Manager could not find the AP. Once I manually assigned an IP address to the AP, (using the MAC address found on a label on the back of the AP) the wizard worked fine.
Tip: If you have a DHCP server on your LAN and the AP Manager can't find your AP, try the following:
1) Quit the Wizard.
2) Click the "Network Preferences" button in the Manager, then click on the "Auto Add Local Networks" button. An IP address should appear as shown in the screen shot below.
3) Power cycle the AP, then press and hold the AP's reset button for about 5 seconds. Wait about 10 seconds or so, then have the Manager scan for AP's again and you should find the AP.
Documentation was a mixed bag. The printed manual (and D-Link gets points in my book for providing printed manuals...) looked pasted together and was in need of update. Screen shots in the manual didn't match what you saw on your screen and some features in the Manager weren't explained in the manual. I recommend using the HTML pages accessed by the "Network Basics" button on the CDROM's auto-start screen for setup, but use it with Internet Explorer. I couldn't view anything in the "Wireless Topologies" topic with Netscape 4.75. The nicely done "How do I share the Internet wirelessly" video on the CDROM should prove helpful to first-time networkers to run through the various networking steps, but it doesn't get into the details of the setup screens themselves. You'll still need to use the printed documentation for that.
As a final documentation note, I could only get the CDROM to run on my CD RW drive. The CD looked like a CDR and I guess my older CDROM drive couldn't get a good enough signal off it.
The AP supports 40 bit WEP encryption, and you can set one key, either as 10 Hexadecimal characters, or using a "passphrase". The AP User Manual isn't very helpful for setting up WEP, so see our WEP help page if you need help.
The AP also has Access Control, a feature not commonly found on low-cost Access Points. You can control which wireless clients can access your LAN by using their MAC addresses (not their IP addresses).
What's not to like?
As is all-too-common among inexpensive Access Points, the AP completely lacks network monitoring capabilities. You have no way of knowing:
As previously noted, you can control which wireless clients can access your AP. But since you can't see who's using the AP, you don't have an easy way to grant/deny access. You also can't do any packet filtering, so you can't control the services that users can access. Finally, remember that the AP Manager can't read the setup information from an AP, either.
The results in all 4 conditions were very consistent, and neither the fastest, nor the slowest of 802.11b products I've tested. But the numbers don't tell the entire story. The signal levels in Conditions 3 & 4 were higher than with most PC card clients that I've tested and I found that throughput didn't change when I moved even farther away from the AP. Even more surprisingly, when I enabled 40 bit WEP encryption on both the AP and USB client, throughput stayed the same! I even checked this under Condition 4 and again, there was no throughput degradation using WEP!
My explanation for the good signal levels is the use of a better antenna (a moveable little arm) in the USB adapter, and the use of two antennas in the AP (see below). My guess about the lack of WEP throughput degradation is that it's due to the AP's design, which has a processor from NoWiresNeeded inside. I haven't seen this component in any other of the APs I've looked at, so this may be the AP's "secret sauce".
I was pleasantly surprised by the 1000AP. It's priced in line with competing products, has a decent setup utility, and even has an Access Control feature that most inexpensive Access Points lack. The package is attractive and can be screwed down on either a horizontal or vertical surface. Peeking inside, I found it actually has a second fixed position antenna in addition to the external swivel mounted one, and as noted in the Throughput testing, I suspect this helps to achieve better signal levels and therefore better performance.
If you don't mind puzzling your way through setting it up, the DWL-1000AP looks like a pretty good buy!