Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Asanté FriendlyNet VR2004C VPN Security Router
Author: Joseph Moran Review Date: 9/1/2002
Model Number: VR2004C ($169)
At its most basic, a given broadband router will perform its functions equally
well in a residential, home office, or even a (small) business environment.
That doesn't mean, however, that the router is equally suited to all three scenarios,
and if you're not careful, you could find yourself deploying a router that has
a bunch of stuff you don't need for a home network, or worse, using a router
that doesn't give you the information and control you need in a business environment.
Asanté Technologies equipment is no stranger to large corporate networks, and
they want you to know that the FriendlyNet VR2004 is designed for businesses
(albeit small ones) rather than home networks, and the unit's features and capabilities
list would certainly bear this out.
So does the price--at $165 on the street, the FriendlyNet VR2004 is certainly
one of the more expensive routers of its kind in the marketplace. Let's take
a closer look and see if this router's premium price is justified.
Complete LAN and WAN filtering
Can act as IPsec endpoint
E-mail alerting only notifies about blocked sites, not intrusion attempts
Documentation is sloppy
Physically, the Asanté is a non-descript white box. This plain veneer belies
the routers abilities. For example, check around back and you'll see the first
sign that this is not your run-of-the-mill-router-- a COM port for modem backup.
(They also include a COM indicator light on the front so you can see when the
modem has kicked in, assuming the slow speed hasn't already given it away.)
I've said it before and I'll say it again: Broadband connections are awesome,
but their reliability is often less than optimal. That being the case, if you
are relying on yours for anything other than sports scores, you'll want to have
a modem backup in case your connection goes south on you. That's doubly true
if you're running a business off one.
Also, call me old fashioned, but cheers to Asanté for including a bona fide
manual with their router. You can always print out the PDF manual you get with
most products, but 80 some-odd 8 ˝ x 11 pages gets a little unwieldy, and the
VR2004's manual is the size of a TV Guide (but only half the number of pages).
On the other hand, Asanté could have done a better job verifying the manual
information. I found parts where information was misleading, one part where
it was incorrect, and one where it was missing altogether.
Log into the router's administrative console, and you will be presented with
a clean and attractive set of controls divided into four categories, plus a
Setup Wizard and Help section. (Alas, the help is not really context-sensitive,
but essentially just an FAQ.) The interface looks a lot more polished than most
I've seen, and it even includes a graphical animated page showing the connectivity
status of the devices WAN, LAN, and COM ports.
You can't run your business on pretty pictures, though, and the Asanté doesn't
sacrifice substance in favor of style. Businesses are typically going to want
more information about and more control over what users are doing. You get both
with the VR2004.
Work your way through the configuration settings and you'll find a rich set
of features that you won't always find in similar products.
Security and Access Control
The VR2004 URL filtering feature lets you block access to Web sites based on
text strings. It doesn't, on the other hand, block IP addresses, but if you
pre-resolve your forbidden URLs and enter the IP addresses into the filter as
keywords, they'll be blocked too.
The VR 2004 also offers LAN and WAN filtering, so you can allow or block traffic
flowing in or out of the router by source address, protocol type, and port number.
You can also set a default so that traffic is either passed or dropped by default.
We subjected the VR2004 to a variety of online port scans and simulated attacks,
and the router handled them all with aplomb.
Incidentally, the VR-2004 can function as an IPsec endpoint, not just a passthrough,
so you can use the VPN feature without having a separate IPsec server behind
Alerts and Logging
The VR2004 alerting and logging capabilities look really good at first, but
upon closer inspection, a weakness emerges. The unit logs various kinds of security
events as well as attempts by internal users to access blocked Web sites. You
can view the logs on line (but the internal memory can only store 15 entries),
or have them e-mailed to you immediately when an event occurs or on a scheduled
basis. Or at least, that's what I thought.
However, only internal attempts to access blocked sites, not intrusion attempts
are e-mailed (though both are logged). It seems to me that knowing that someone
tried to get to a forbidden site is less newsworthy than an external attack.
Asanté says more complete alerts will be available via future versions of the
Another minor annoyance was that the e-mail server field requires your SMTP server's IP address
not a fully qualified domain
name (FQDN), which wasn't specified in the admin console or the documentation.
On a positive note, the VR2004 has the ability to download the logs to a logging
server, something you rarely see in this class of router. That's good news,
because the router can only store 15 log entries in RAM, and they fill up (and
thus begin to overwrite) quickly.
All in all, the Asanté VR2004 has an impressive list of capabilities that make
it a good choice as a business-oriented broadband router. If it had a print
server, it would be almost perfect. As it stands, I'd recommend it without reservation
were it not for the inability to log intrusion attempts. Hopefully, this is
a feature Asanté will add quickly.