Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Multi-Tech SOHO RouteFinder VPN Internet Security Appliance
Author: Ronald Pacchiano Review Date: 4/5/2002
Models #: RF550VPN
Let's say you are an information technology manager for a small
NY company looking to setup a branch office in NJ with 10 people
onsite, four of which will be telecommuting on a bi-weekly basis.
Both the branch office and the telecommuters need to have access
to the NY servers. The data stored on these servers is sensitive
and must be kept secure. However, upper management doesn't have
much capital available to fund this project (big surprise). Your
job is to accomplish all of the desired objectives and do it on
a shoe string budget.
Today this once intimidating project can be performed by anyone
with a minimum of network experience and modest financial resources.
Thanks for this modern day simplicity can be accredited to products
like the Multi-Tech Systems SOHO RouteFinder VPN Internet Security
Appliance. The RouteFinder not only meets all the project objectives
above, but with the product's price dropped to $179, it won't burst
any IT budget.
- Secure VPN capability
- Excellent feature per dollar ratio
- Quick and Simple Web-based Management
- Automatic Backup Internet Connectivity
- DHCP Reservation requires a known MAC address
- need for 3rd Party client software
The SOHO RouteFinder VPN Internet Security Appliance (Model RF550VPN)
from Multi-Tech Systems is foremost an Internet router that connects
to your Cable or DSL modem and provides up to 253 users with shared
Internet access. A 50 MHz, 32-bit RISC processor, 16MB of RAM and
1MB of Flash ROM provide the RouteFinder with a solid hardware platform
and a built-in firewall with VPN functionality round out the package.
An integrated 10/100 4-port auto-sensing switch makes it easy to
connect users or additional network equipment. The system is configured
through a web-based management console from either a PC on the local
LAN or from a remote workstation. The RouteFinder supports a variety
of protocols including TCP/IP, RIP-1, RIP-2, Network Address Translation
(NAT) and PPPoE.
As the name implies, this product has the ability to generate multiple
Virtual Private Network (VPN) tunnels between offices or remote
users. The advantage of a VPN is that it is far less expensive and
could be implemented much quicker then dedicated site-to-site leased
lines. Data transmitted over a VPN is protected by a number of security
protocols including IPSec, 168-bit 3DES (Triple Digital Encryption
Standard), Internet Key Exchange (IKE) and Stateful Packet Inspection
One of the nicest features of this router is its fault tolerance
capability. An onboard serial port allows you to configure an analog
or ISDN modem to work as a backup in the event your primary internet
connection goes down. This minimizes downtime and keeps your users
Installation and Configuration
Installation of our RF550VPN was extremely easy. My DSL modem uses
a dynamically assigned IP Address, so I was up and running almost
immediately upon connecting our line. If your ISP uses PPPoE or
if you have a static IP address, then you'll need to point your
web-browser to the RouteFinder's IP address, login and launch the
Setup Wizard. The Wizard will guide you through the router's configuration
options. The menu interface is one of the best I've seen. It's quick,
attractive and most important, functional. Among other things, the
RouteFinder configures virtual server settings (a.k.a. port forwarding),
static and dynamic routes, LAN and WAN filtering, monitor system
diagnostics and many more.
Once the RouterFinder has been configured, you'll need to reconfigure
your workstation with either a static IP address or rely on the
routers DHCP abilities. DHCP is enabled by default so getting your
workstations up and running should be a snap. One Thing I found
particularly annoying is the fact that you need to associate a MAC
address with every IP address you want to reserve. This means you
could only reserve an address after you've assigned it to a PC or
The RouteFinder performed very well on the grc.com Shields Up test
and appeared to be completely invisible to port scanners. An Intruder
Detection Log also monitors and reports any IP address that attempts
to probe the system. Unfortunately the system administrator is not
automatically notified of unauthorized access attempts. The only
way to monitor this information is to actually log into the router
and take a look at the log. E-mail notification, like that in the
similar NetGear FV318, really should have really been built in.
The RouteFinder can filter both LAN and WAN traffic. Access control
settings can be applied to either individual systems or IP ranges.
However, if you're looking to filter content by category or keyword,
you'll be disappointed. The RF550VPN has no such ability, nor can
it be configured to track WAN usage. Also, while I was able to change
the password for the routers administration account, I couldn't
add any additional accounts to the system. At the very least I would
have liked to have had the option to rename the current Admin account.
The most attractive feature of the Multi-Tech is its ability to
create a Virtual Private Network (VPN) connection between two or
more sites. VPNs can be implemented in both LAN-to-LAN and client-to-LAN
configurations. The Multi-Tech can take advantage of two types of
VPN protocols. It can either pass PPTP (Point-to-Point Tunneling
Protocol) traffic or has built in support for IPSec. Like the NetGear
FV318, the RouteFinder will pass PPTP traffic, but you'll need to
configure a Remote Access Server (RAS) to connect and authenticate
If a RAS server isn't in your budget, configure the VPN using the
more secure IPSec protocol. The router supports a variety of security
protocols; including Internet Key Exchange (IKE), DES and 168-bit
3DES encryption. IKE is a protocol negotiation and key exchange
protocol that is part of the IPSec protocol suite specified by the
Internet Engineering Task Force (IETF). IKE allows VPNs to automatically
negotiate IPSec Security Associations (SA) during the creation of
a VPN tunnel. The Security Association between two systems is based
on the SPI, and includes the Destination Address Range, IPSec Gateway
Address, Encryption Method, Encryption Key, and Authentication Key.
For client-to-LAN connectivity, you'll need to get hold of 3rd
party VPN client software. Multi-Tech doesn't bundle one with the
router, but recommends the SSH Sentinel Pilot from SSH Communications
Security. It can be downloaded free at www.ssh.com. Other clients
like Nortel Contivity, Checkpoint, Axent or SafeNet should also
work. The RF550VPN can support up to five simultaneous IPSec tunnels.
The documentation is better then most of the products we've looked
at recently, but it could have done a slightly better job walking
you through the VPN remote client setup. Missing information cost
us time when trying to configure the SSH client software. The only
other product with similar features at this price point that I'm
aware of is the SnapGear Lite+, but that product was tougher to
While the RouterFinder is far from perfect, it is an excellent
value for the money. It's easy to install, configure and administrator
and most of the features can be setup by a person with a moderate
amount of networking experience. Its no-nonsense design gives one
the impression of a serious networking device; which is kind of
refreshing when compared to the fancy designs of some of the other
routers in this segment. And if you can't afford to be offline,
the automatic internet backup connection could be just the insurance
you're looking for. So if you're in need of a high-tech router but
can't afford the high-tech price, then consider checking out the
Multi-Tech RouteFinder VPN.