Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
The DI-604 Express EtherNetwork Broadband Router is the newest residential
gateway from D-Link. A quick glance down the list of features exposes nothing
out of the ordinary, though the DI-604 does boast above-average capabilities.
Where the DI-604 really captures your attention, though, is its price – it
costs only $59 MSRP, and under $50 on the street. No, that is not a misprint.
I'm not sure if this is evidence of D-Link's technological prowess or indicative
of a new trend in ultra-low priced routers that don't give up features. Maybe
it's a little bit of both, but I almost don't care. To be able to get a router
of this caliber at this price is good news for all.
Superb access control and security features
No uplink ports
Setup and Installation
The D-Link presents a very clean and attractive tabbed interface for its administration
console. Everything is accessible with five tabs and five buttons.
The DI-604's Setup Wizard supports dynamic or static IP address (or PPoE) assignment
on its WAN port, and as with most broadband routers nowadays, the D-Link didn't
have any difficulty automatically synching up with my RoadRunner cable modem
connection, rendering the wizard superfluous.
In addition to the admin account, which can view and change all router settings,
you can also define a "user" account, which can view, but not modify
the router configuration. I'm not really sure how a user account like this might
be useful, but it can't hurt.
The DI-604 is probably the most compact and attractive (if a router can be
considered attractive) unit I've yet seen -- even the AC adapter is smaller than usual. It measures a mere 1 x 5.5 x 4.5
(HxWxD) and the case is made of metallicized plastic. The status lights reside
behind a smoked plastic window, and all the ports are located on the rear.
Speaking of the ports, they auto-detect 10 or 100 Mbps speeds, but they don't
sense whether they are connected to a PC or another switch or hub, and there
is no uplink button. Therefore, if you need to accommodate more than four clients
via another device (not unlikely, even in home networks), you'll need to buy
(or make) a crossover cable.
D-Link only offers a one-year warranty on the DI-604. A longer warranty would
be preferable, but they do throw in 24 hour a day, 7 days a week technical support.
One of the most notable features of the DI-604, particularly at this price,
is content control. Even better, you can schedule it to prevent access at different
days or times of day.
The ability to schedule is an oft-repeated theme throughout the DI-604. In
addition to being able to schedule content controls like domain and URL filtering,
you can schedule such features as Virtual Servers and firewall rules.
Some other nice touches include the ability to save your router settings to
a file on your hard drive, and the inclusion of a link to check for router firmware
upgrades, saving you the trouble of having to peruse D-Link's site manually
to look for them.
The DI-604 has the ability to log a variety of events, including attacks and
dropped packets. The router can also e-mail logs to an administrator, though
this feature is concealed under a button labeled "Log Settings."
Access Control and Security
With its $50 price tag, you might expect the DI-604 to skimp in this area,
but on the contrary, it excels by offering a full complement of access control
and security features.
For starters, you can deny computers on the LAN access to the Internet, and
you can specify clients by IP or MAC address.
The unit also supports both URL filtering (using only keywords) and domain
filtering. Unlike some routers I've tested, the controls are thorough enough
to not allow circumvention by entering the IP address directly. If you attempt
to ping a forbidden URL to get the address, it will be resolved, but entering
it into the browser will result in nothing but a terse message telling you you're
blocked. The ping request itself even times out.
The DI-604's firewall, rather than being a rudimentary on or off choice, actually
lets you specify rules for incoming and/or outgoing traffic, based on all the
appropriate variables like traffic type and port numbers.
It's worth reiterating that any of the aforementioned access control and security
feature mentioned here can be scheduled by day or time of day (and very granularly,
in five minute increments). You can even schedule things like virtual servers,
to limit your exposure when you don't need to have certain ports open to the
The D-Link DI-604 packs a lot of features into its diminutive chassis. It would
have a lot going for it even at twice its price, but at less than $50, it's
practically a no-brainer. I doubt you could find a more complete residential
broadband router even if you were willing to spend more, but really, why should
Unless you need major integrated features that the DI-604 lacks, (like a print
server, modem backup, or wireless LAN) you won't need to look much further than
this D-Link router.