Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
SMC 2682W Wireless Bridge
Author: Tim Higgins Review Date: 8/1/2001
- Simultaneously supports AP and bridge functions (Bridge Master mode only) - Supports 64 and 128 bit WEP
- No LAN monitoring capability - No MAC address filtering or association controls - Windows only setup - Minimal documentation - 30% throughput decrease with WEP enabled.
One RJ45 10BaseT Ethernet
One DB9M "RS-232" port.
Printed User's Guide
100-240V Power supply
One Moveable position, detachable dipole antenna, RP-TNCconnector
Hardware reset button
SMC's 2682W is a good start on a lower cost 802.11b Wireless bridge, but it needs some work on its administration features before I'd take the plunge...
Tip: If you don't know the difference between an Access Point and a Wireless Bridge, read this article first!
The 2682W is essentially an SMC2652W in a different colored box with firmware that adds the wireless bridging functions to the Access Point features of the 2652W. You can read the 2652W's review if you need a review of the setup and administration features of the 2682W. Just ignore the comments about the browser and WEP related problems, since it looks like SMC has fixed them in the 2682W.
What SMC hasn't fixed, unfortunately, is the feature set of the administration interface and the AP/bridge itself. You still don't have any monitoring features, so you can't tell:
I found myself wishing for some indication of whether or not I was making a connection with the other Bridge box while I was fiddling with the 2682W's various modes. The only thing that saved me was the scan feature in the Windows-based Bridge Configuration Utility, which showed me the bridges that it found. At minimum the web interface needs to be able to show a MAC address list of clients that are either connected or trying to connect to the unit.
A major omission is MAC address based association controls. This is the ability to limit connection to the Access Point to only those radios that are on a list of allowed MAC addresses. Given all the press that 802.11b's security problems have gotten over the past few months, and the fact that less expensive 802.11b wireless routers and APs are now available with this feature, I was surprised to see it missing from the 2682W. It's particularly important to have in bridging products due to the nature of the data traffic that they handle!
Bridging the gap
The 2682W supports three modes of operation:
The first and last modes are pretty straightforward. You use the Access Point mode when you want the unit to just communicate with wireless clients. The Bridge Slave mode is the setting that you use for the "remote" end of your wireless bridge. A Slave will communicate only with a Master, bridging data traffic between its wireless and Ethernet ports. The Bridge Master mode, however, is a little more interesting!
You can have only one Bridge Master in your network, but it can both communicate with wireless clients that are within its range and also communicate with one or more Bridge Slave units. The ability to simultaneously serve as a Bridge and Access Point is handy, but I found myself wishing that the Slave units could also talk to clients within their range. That capability would let me extend my wireless LAN's range without having to run CAT5 cabling to connect APs together. Unfortunately, that sort of "repeater" capability is found only in higher priced "enterprise grade" products... at least for now. (See the Wireless Bridges and Repeaters article for details.)
I used netIQ's free QCheck utilityto gauge the 2682W's performance. Tests were done with the following setup:
Local End: Windows 98SE PC connected to a 10/100 switch port. 2682W set to Bridge Master mode connected to another port on the same switch.
Remote End: Windows 98SE laptop connected to a 2682W in Slave mode via a PC Card Ethernet interface. Qcheck console run on this machine.
Comments: The 2682W seems like it's somewhat underpowered. At a top transfer rate of 3.3Mbps, the 2682W isn't the fastest 802.11b AP/bridge out there, and using either 64 or 128 bit WEP will reduce throughput by approximately 30%. UDP streaming performance shows that the bridge is dropping packets at a 500kbps stream rate, which I think is the first time I've seen this in an 802.11b bridge.
Another first is the fact that enabling WEP also affects Response Time (ping) and UDP streaming! Response time was only slightly affected decreasing to 8msec average and 13 msec maximum, but UDP streaming performance seemed to take the same 30% hit that the Transfer rate took. I measured 322kbps and 36% error with WEP turned on.
I did a quick check with one unit running in Master mode to make sure that it would also talk to a wireless client, which it did. I didn't run any measurements, other than to confirm that data transfer speed between Master and Slave units dropped while I downloaded a web page with the wireless client, indicating bandwidth sharing.
When I spoke with SMC at this year's Networld+Interop show, they indicated that the 2682W, paired with their long-range antennas and cable kits would be more money than the average home networker would want to spend, and would be more suited for the "enterprise" market.
Fair enough, but I think SMC has some work to do before they'll have a product ready for the demands of that marketplace, and here's my list:
Add Monitoring - At minimum the user needs to be able to see a MAC address list of clients that are either connected or trying to connect to the unit. Signal strength, ESSID, and other information on each station would be nice.
Add MAC address filtering / association control - This is fast becoming a standard feature for 802.11b equipment since 802.11b networks need all the security help they can get!
Fix the interface - Either change to the better designed Windows-based SNMP manager that the 2655W has, or beef up the browser-based interface so that it stands alone. The Windows-app / web browser combo is just a strange combination!
Improve the performance - A bridge must run WEP enabled for enhanced security and the 2682W doesn't seem up to the task.
On the other hand, SMC could just drop the price to match Linksys' WAP11, which has just been upgraded with bridging capability, and come out with a real enterprise-grade AP/Bridge. But add repeater capability to that one, please!