Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
3Com OfficeConnect Cable/DSL Secure Gateway
Author: Brien M. Posey Review Date: 12/12/2002
The 3Com 3CR856-95 Cable/DSL Secure gateway is a standard product designed
to act as an Internet connection sharing device and as a firewall. Although
it is lacking some of the more advanced features typically found in such products,
it still does a nice job.
Nice configuration wizard
Automatically detects and connects to the Internet when possible
Very dim lights
Finicky with DNS settings
The 3Com 3CR856-95 gateway has most of the standard features found on similar
devices offered by other companies. Included in these features are a NAT based
firewall, a DHCP Server, DMZ support, VPN Support, and a handy Web based interface.
Setting the unit up involved attaching it to my DSL modem and to my primary
switch via Ethernet patch cables. Once powered up, the first thing that I noticed
is that the lights on the unit are very dim. I initially connected the unit
at about 9:00 AM when the morning sun was beaming into the room, and was unable
to even tell whether the unit was receiving power because of how dim the LEDs
Like most other Internet connection sharing devices, the unit uses the 192.168.x.x
address range. Therefore, I simply configured one of my PCs to act as a DHCP
client, opened Internet Explorer, and entered the unit's IP address.
When the unit's Web interface screen appeared, I received the standard password
prompt. What happened next though was a surprise -- The unit launched a configuration
wizard. This is the first time that I've seen a configuration wizard on an Internet
connection sharing device. What I really liked about the wizard is that it asked
all of the pertinent questions without any unneeded extras. I simply answered
four or five questions and the unit was ready to go.
Shortly before completing the configuration wizard, the unit tried to automatically
detect my Internet connection. My connection uses PPPoE, and the unit was unable
to connect because it didn't have my password. However, the wizard's very next
question asked for my PPPoE username and password. After entering this information,
the unit automatically began speaking with my ISP.
Now, it was time to get onto the Internet. Try as I might, I was unable to
access a single Web site. I checked the Status and Logs screen, and everything
looked to be in order. My ISP had assigned an IP address, DNS Server address,
etc. The Internet Settings screen has a spot where you can enter the addresses
of your DNS servers, but the screen indicates that these addresses are optional.
Just for kicks, I went ahead and manually entered my DNS server addresses. After
doing so, the Internet connection began to work.
To check performance, I went to http://www.dslreports.com/stest and
ran the speed test. In the area where I live, my ISP only offers DSL speeds
of up to 384Kbps (upload and download). The DSL Reports speed test reported
an upload speed of 324Kbps and a download speed of 304Kbps. Its like the unit
probably performs much better than this though, as my tests were conducted during
peak Internet usage hours.
The device's primary access control mechanism, aside from password protection,
is something called PC Privileges, found on the Firewall screen. It allows you
to grant or deny permission to access the Internet based on a PC's IP address.
A nice feature of this is that you can configure the device to allow a specific
PC to have Internet access, but only for a specific service such as E-mail,
Web, FTP, or NNTP. You can even permit or block access to all ports except for
a series of ports that you specify.
The PC Privileges feature worked just the way that it was supposed to in my
tests, but I did notice one interesting potential problem, because it is based
on IP address rather than MAC address. This is fine in an environment that uses
static IP addresses, but one of the unit's main features is a DHCP server. Does
it really make sense to control access based on addresses that could change
tomorrow? The unit also allows you to permanently associate a PC with an IP
address assigned by the DHCP server, but it seems like that this defeats the
purpose of using.
Other security features on the OfficeConnect include VPN support and a firewall.
While I found both of these features to be adequate for most home users, they
did seem to be somewhat lacking. For example, it supports PPTP and IPSec-based
VPNs, but not L2TP.
Likewise, the firewall was lacking features such as port forwarding. The PC
Privileges section that I described earlier was the main mechanism for controlling
the firewall. It would have been nice to have a screen allowing you to open
or block ports on a global basis. The closest that the unit comes to such a
mechanism is support for triggered maps.
One nice feature is automatic hacker detection. It looks for specific patterns
of activity. If these patterns are detected, then the hack attempt is automatically
blocked. The unit is capable of detecting Denial of Service (DoS) attacks, and
some other common types of attacks.
To test the unit's firewall's capabilities, I used the ShieldsUp!! utility
found at http://grc.com. The firewall performed
exactly as it was supposed to, with no obvious vulnerabilities.
The 3Com OfficeConnect Cable/DSL Secure Gateway seems like a decent product,
and is most appropriate in a home environment, since it's lacking some of the
advanced features typically found for offices. Any home user would be very happy
with this unit and its performance. But not many home users will be happy with
the price when similar products are less than half of what the OfficeConnect