Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Nexland Pro800Turbo Internet Security Appliance
Author: Tim Higgins Review Date: 6/23/2001
- First consumer-priced router to support two Ethernet WAN connections - Very flexible VPN pass-thru handling - Auto fail over to backup serial port or alternate WAN port
- Access to logs requires SNMPv1 tools (not provided) - Awkward firmware upgrade and configuration backup procedures
100, 10, Duplex for each of eight LAN ports
Two RJ45 10BaseT for the WAN
Eight switched RJ45 auto sensing 10/100BaseT LAN
One DB9M serial port
printed "Quick Start" guide
printed User Manual
null-modem Serial cable
CD with manual, browser, & utilities
one normal UTP cable
120VAC Power supply
Has Reset switch
NO Uplink or Normal / Crossover switch for LAN Ports (see this page for more info)
Nexland's PRO800Turbo is the first consumer priced router to support two Ethernet WAN ports. Nexland says they're flying off the shelves and from what I found, I can see why!
Two ports better than one?
Aside from the dual WAN port related features, the PRO800T's feature set is the same as the PRO400's. You can refer to that review for the details, since I won't be repeating them here. Instead, I'll focus on what you can do with those two WAN ports!
The two screens on the right pretty much cover the configuration options for the PRO800T's dual WAN ports. Ports can be set to one of three modes: Normal, Backup, and Off. Off disables the port entirely so that the router can be used in networks with only one WAN connection.
When you have two WAN connections, you'll set a port to either Normal or Backup mode. With both ports set to Normal mode, WAN requests (and their responses) are balanced between both ports. You can adjust this balance (default is 50%) on the Expert Level screen and the PRO800T also keeps an eye on FTP and other large data transfer requests to keep the data flowing in the fastest way. If one of the WAN ports drops its connection, the other port will be temporarily switched to take 100% of the load. The programmed balance setting will be restored when the port's connection comes back up.
If you have broadband service from two different suppliers, you may want to use the Backup WAN mode. This will keep a WAN port idle and use it only as a fail-over backup if the Normal port goes down. While we're talking about backup, the PRO800T also has a serial port that you can attach a dialup modem or ISDN Terminal Adapter to. So if both broadband connections go down, the PRO800T will switch to this "Analog" backup port to keep you connected, switching back when a WAN port comes back up.
Tip: If you want to use a dialup or ISDN connection as your primary network connection, that's fine, too. Just don't connect anything to the WAN port and check the "Enable" box on the Backup/Analog/ISDN page.
More dual port goodies... and the fine print!
There are a few other tricks that the PRO800T can do that might not be obvious at first glance. Like the other members of the PRO family, you can have the built-in DHCP server reserve certain IP addresses for specific LAN clients (by their MAC address). You can also bind LAN clients to a PPPoE session if your BSP provides multi-session accounts.
But the PRO800T also lets you bind a host to a specific WAN port (or let it be accessed via either WAN port). This means that if you're running a WEB, FTP or other server, you can either run one service per WAN port (and IP address or domain name) or make the service accessible from either port. The first option is handy if you're hosting servers for multiple domains. The second option expands the bandwidth available for a specific service, as long as you have a way to direct users to both WAN IPs.
By now you may be thinking "Great! Where do I sign up?". Before you do, however, let's make sure you understand what the PRO800T won't do:
It won't give you a faster connection If you've used connection binding products before, you can just skip this bullet. But if you think that you'll get a twice-as-fast connection and be able to out-frag your gaming opponents, you'd better read this info from Page 2 of Nexland's User manual:
Any single download on the network will not be able to exceed the maximum bandwidth available on a single WAN but the overall effect of this binding is that the entire network experiences vastly improved performance. The more computers you have, the greater the performance increase you’ll notice over a single Internet connection.
This means that if a user starts a file download with two 1Mbps WAN connections available, the user will only see a maximum download speed of 1Mbps. A second user could also start a large file transfer and they'd also get a 1Mbps download speed, since they'd be assigned to the second WAN.
It's probably obvious, but you won't get lower ping times either.
You can't control bandwidth on a user or application basis You can't, for example, assign 5% of available bandwidth for streaming audio, or any other application. You also can't give Johnny's computer just enough bandwidth for email, but not enough for enjoyable web browsing. You can, however, bind clients to a specific WAN port. This could let you assign your servers to one BSP and your LAN users to another. You can't do this assignment for application ports, however.
You can't control bandwidth on a time-of-day basis
You may be disappointed with these restrictions, but if you try to find another hardware router with any sort of connection binding capability, you'll pay at least three times the PRO800T's price, and get a much harder to understand user interface!
That's about it for the feature summary, let's see if it delivers the goods in the performance department!