Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Linksys Etherfast BEFSX41 Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
Author: Vikki Lipset Review Date: 10/17/2002
Model Number: BEFSX41 ($119)
Fueled by the demand for secure telecommuting, Virtual Private Network (VPN)
features are appearing in many low-cost routers. Linksys' latest offering--the
a VPN endpoint, a Stateful Packet Inspection (SPI) firewall and a host of other
security features into an easy-to-use, affordable package.
Supports up to two IPsec tunnels
URL and time filtering
Time-based access control can't be limited to specific ports
Can't e-mail alerts of unauthorized access attempts
Doesn't include printed manual
The BEFSX41 is a four-port 10/100 switch that allows you to share a high-speed
Internet connection among all the computers on your network. The four ports
on the rear of the device automatically detect 10BaseT or 10/100 connections,
and are auto-sensing for whether they are straight-through or cross-over cables.
Unfortunately, Linksys doesn't include a printed manual, but they do provide
a Fast Start poster that gives simple and clear instructions for connecting
the router and configuring it and your PCs. I had my network up and running
in minutes. You'll find a PDF version of the user's guide on the CD that comes
in the box, along with a Router Setup Wizard. The CD sleeve instructs you to
run the Wizard before you hook up the router, but I found it easy enough to
set everything up by following the directions in the Fast Start poster. (Mac
users won't have a choice, since the Wizard only works with Windows.)
The BEFSX41 supports Universal Plug and Play (UPnP), so systems running Windows
XP should be able to identify and configure the router automatically.
The router's controls are configured through your Web browser. Once you log
on, you'll find tabs to set up a firewall, VPN, filters, forwarding, and logs.
The BEFSX41's URL filtering feature allows you to block access to Web sites
using either URL keywords or file extensions. The router can also block any
proxy server contact, Java and ActiveX, and a time filtering option allows you
to prevent outgoing or incoming traffic at specified times. It's too bad that
you can't limit the time filter to specific ports, though. (The Web and time
filters are configured from the Firewall tab and are only available when Advanced
Firewall Protection is enabled.)
Port filtering is configured from the Filters tab. From here, you can create
up to 20 filters to restrict specific users' incoming or outgoing access; you
can deny or allow services for up to five MAC addresses and one IP address (or
range of addresses). This is also where you'll activate the router's remote
access (specify the port you want to use for this) and remote upgrade features.
The BEFSX41 supports Stateful Packet Inspection (SPI), which automatically
detects denial-of-service (DoS) attacks. You can also set the router to ignore
pings from the Internet (Block WAN Request on the Filters tab). The BEFSX41
held its own against several online port scans and other security checks; my
tests found no open ports or other network vulnerabilities.
A firewall log tracks any suspect activity, including intrusion attempts and
internal attempts to access blocked sites. The router can also keep system,
access and VPN logs (you must enable the log feature first, however); you can
either view them online, or with the free LogViewer software, which you can
download from Linksys. If you opt for the latter, you can enter the IP address
of the PC running the software and the router will send updated logs to that
computer. Unfortunately, the BEFSX41 lacks the ability to e-mail alerts of unauthorized
The router functions as a VPN endpoint; you can define up to two IPSec tunnels.
Once you have configured a tunnel, you can hit Connect to use it, and then click
the Summary button to determine if the connection was successful. The Keep-Alive
feature (in the Advanced Settings) automatically reestablishes dropped connections.
The Linksys BEFSX41's simple setup and extensive feature set makes it a good
choice for anyone who needs a secure connection to a remote network. And with
a street price hovering around $80, it's a great value, too.