Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
With so many SOHO routers on the market today it can sometimes
be difficult to pick the right one for you. Sometimes the easiest way
to make this decision is to first get a clear understanding of what your
needs are. How many users are ultimately going to need access to it? What
type of connection will you be using: DSL, Cable modem or ISDN. Is the
protection of a firewall important to you? What about VPN support for
remote users? Many routers today will perform most of these functions.
However, if you need one router that will let your small business share
its DSL or Cable modem connection with up to 45 users, provides solid
firewall protection and gives you the ability to configure a secure VPN
tunnel to a remote office or offsite users for relatively low cost, then
the Netgear FR318 and FV318 Cable/DSL Routers with integrated firewall
and VPN functionality could just be what you've been waiting for.
Detailed logging and alerts via email
Supports up to 45 users
Subscription based content filtering
Street prices are close to 1/2 the list price
VPN Client is available only through 3rd party software
Can't control access or filtering by user
started is straightforward. Once you've got PCs connected to one of the
units, launch a browser and go to IP address 192.168.0.1. DHCP is enabled
by default so your workstation should see the router right away (as long
as it's set to automatically obtain an IP address). Once connected, the
router's configuration wizard will start automatically.
Next choose your password and time zone. Specify your Internet connection
type (Static IP, Dynamic IP, or PPPoE ), enter your Host and Domain name,
restart your router and all PCs on the LAN, and you should be ready to
browse the Web
in the number of VPN tunnels they provide (more on that later). Both
are based on a NetARM RISC processor and provide Internet Access Sharing
capability through an integrated 10/100 8-port switch. Auto-sensing ports
let the unit detect your connection speed automatically and remove the
need for a crossover/straight through switch. The FR318 can share your
Internet connection with up to 8 users. Up to 20 users could share that
same connection when using the FV318 linked to another switch. If your
network needs continue to grow, both routers could be upgraded to support
as many as 45 users. Again, the built-in DHCP capabilities let the router
handle all of the client IP assignments.
A router is useless if it doesn't know how to talk with other routers
so the 318s support a variety of routing protocols including TCP/IP, RIP-1,
RIP-2, PPPoE, and PPTP. For added security the 318s also support IPSec
and Network Address Translation (NAT) routing. Encryption is key in preventing
data interception and the 318's come with a powerful set of security protocols;
Digital Encryption Standard (DES), Internet Key Exchange (IKE) and Stateful
Packet Inspection (SPI). SPI continuously examines incoming data packets
and is pivotal in defending against Denial of Service (DoS) attacks such
as Ping of Death, SYN flood attacks and Teardrop. The 318's also supports
168-bit TripleDES (3DES), arguably one of the strongest commercially available
encryption algorithms on the market today.
business network administrators will like the two products' logging and
reporting capabilities. The router reports on what Web sites have been
visited and how much bandwidth is being used on a per service basis (HTTP,
DNS, ICMP, etc.) or by IP address usage. Logs can be configured to collect
data on anything from System Errors, blocked Web sites, dropped TCP connections
and even network attacks. If desired, the router can notify the administrator
of these events by e-mail.
Other options available are time-of-day usage limits and the ability
to restrict access to Web sites of questionable content by either keyword
or through the CyberNOT subscription service. Specific features like ActiveX,
Java and cookies can be blocked. Blocking those components made a big
difference when browsing sites associated with Web-rings. Pop up windows
were noticeably decreased and made browsing the Web a much more enjoyable
experience. Until recently, many of these features were only available
in high-end routers.