Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Panasonic Concourse Networking Gateway
Author: Tim Higgins Review Date: 6/27/2001
- Extremely fast, robust, routing and bridging! - Includes HomePNA2 and Ethernet LAN ports - Wireless support can be added
- Ethernet LAN is 10BaseT, single port - Wireless is not 802.11b compatible - Single port forwarding only & no DMZ
Has "Hub/PC" switch for LAN Port (see this page for more info)
Panasonic's first entry into the Home Networking market, the Concourse Networking Gateway, will cover the Gateway/Routing requirements for many users with throughput to spare. Gamers, teleconferencers, and users with advanced needs may find it lacking, however. The full report follows...
Out of the box, the HGW200 gives you two ways to build your LAN. First, there's a single 10BaseT Ethernet port. This comes with a Hub/PC switch to make it easy to attach either a single computer or connect a hub or switch for attaching more than one Ethernet based machine. Second, if the thought of running CAT5 cable through your home makes you queasy, Panasonic has included a HomePNA2.0 LAN connection. This option lets you use your existing telephone wiring to connect your computers together [for more info on HPNA networking, see this page]. Note that both the Ethernet and HPNA methods can be used at the same time.
If that's not enough flexibility, for about $150 you can add an optional wireless networking card and build your network without wires. Panasonic has chosen a bold, but lonely path for this option, however, using Sharewave's Whitecap protocol instead of the more common 802.11b or HomeRF wireless standards. This technology is supposed to have better performance for multimedia, i.e. streaming audio or video applications, but at the cost of incompatibility with any other existing wireless products. Since this is an optional (and unique) feature of the HGW200, we'll be covering the Whitecap wireless capability in a separate review.
The HGW200 has browser based administration, with the password-protected admin server located at 192.168.0.254. Its internal LAN DHCP server comes enabled, so just attach a computer set to be a DHCP client (obtain IP address automatically), either reboot or do a DHCP Release/Renew, fire up your web browser, enter the IP address above and you'll be in business.
Most users will need to access only the Basic Setup page to get on the air. This page sets up the HGW200's WAN connection and allows you to choose being a DHCP or PPPoE client, or entering Static IP address info. Host and Domain names are supported for @Home users, but the WAN MAC address can't be changed in case your BSP uses that method to authenticate you.
The built-in LAN DHCP server can be disabled and you can change its base address, start and end addresses (32 address limit), and subnet mask. You can also disable the "IP Masquerade" (NAT) sharing function of the HGW200 and use it just as a router. But you can't enter Static routes and RIP1 routing info is sent only to the WAN side of the device.
Panasonic kept the routing feature set to a minimum in the HGW200. The limitations will probably not bother someone who just wants to share a broadband connection for email, web browsing, file downloading and other simple tasks. But gamers, tele/videoconferencing, and users with more advanced needs may find that the HGW200 comes up short.
They did include the ability to forward 10 port ranges through the firewall (with the ability to select TCP, UDP, or both protocols). They also included a Ping feature for testing network connectivity, Status and Usage Data pages (that require some networking savvy to decipher), and the ability to Restart or Clear the router to factory defaults.
But if you're looking for other features, here's a list of what you won't find:
DMZ - you don't have the ability to place one computer completely outside the firewall, which may be required for using applications such as NetMeeting, gaming, or other applications that you can't get to work through the firewall.
Access Controls - you can't control who can access the Internet or what services they can use.
Content Controls - you can't control the type of Web sites that users can visit
Logging - you can't see any information on who's accessing what through the gateway, or attempts to "probe" your network
Alerts - you can't get an email notice of attempts to access your network or other nasty attacks
VPN - as far as I can tell, PPTP or IPsec VPN connections are not supported
Remote (WAN) Administration - You can't access the Admin pages from the WAN side of the router, only from any machine in the same LAN subnet.
While checking for Remote Admin capabilities, I ran a port scan and found that Port 80 (HTTP) would respond to the scan. No valid HTTP response was issued and I couldn't access the admin page, but this would probably mean that the HGW200 wouldn't achieve "Stealth" status when tested via ShieldsUP or other security check programs.
That's it for the feature summary. Let's see what happens when we put it on the performance test bench!