Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
The performance boost comes from the Texas Instruments ACX100 wireless chipset used to provide 802.11b compatibility along with an enhanced 22 Mbps mode (AKA 802.11b+), when used with similar hardware. Like other products based on this TI chipset, the 2404WBR provides an additional 256-bit level of WEP encryption.
There's more to like than to dislike about the Barricade, and SMC has included a number of features focused on security and ease of administration.
On the other hand, one immediately obvious shortcoming of the Barricade is the presence of only three switched LAN ports rather than the more customary four. Typically, when a router omits a fourth port, it's because the presence of something like a printer port or serial port for dial backup puts real estate on the rear of the unit at a premium. That's not the case here -- there's nothing on the back but LAN ports. The SMC does have two wireless antennas, one on either side of the unit. They do tilt and rotate but are fixed to the unit and can't be removed.
The Barricade's EZ 3-click Installation utility is Windows only, although it does support any version from Windows 98 through XP. If you don't like going to the movies and having to watch advertisements before even the previews have started, then you won't appreciate the ads for other SMC networking products that are displayed as the software initially configures the router. Perhaps as penance for making you sit through the ads, the utility will allow you to register the router as well.
Once past the utility, you're free to configure the SMC via the browser interface. You've got to hand it to SMC for the quality of the interface. It's as attractive, functional, and logically organized an administration console as any I've seen on a comparable product.
One noteworthy feature of the SMC is that the wireless functionality can be shut off via the administration console. This might seem to be a superfluous capability, but I wish every wireless router provided it. I can think of various scenarios when you might want to squelch the wireless signals without pulling the plug on the entire router, like perhaps turning it off at the end of the day as a form of added security to thwart war drivers.
Another feature of the SMC that I like and rarely see on other products is an administrative timeout feature, which lets you specify how long the admin console will be available before you have to log in again. Ask any harried small business IT guy (or girl) how often they get called away from their desk and forget to give their machines the three-fingered salute.
To prevent kids or wayward employees from getting to certain sites, content filtering is provided by keyword or URL, though it's limited to only 30 entries. Perhaps more useful is the access control feature that lets you control what type of traffic can get to specific LAN clients, so if you want to block newsgroup access to one PC and FTP access to another, you can. You can also schedule the access control by day and time. Additionally, MAC filtering lets you block access to the WAN port entirely for either wired or wireless clients.
More than half of the Barricade's 130+ page manual describes how to set up TCP/IP on various versions of Windows, but it also offers useful tips on how to configure the router's VPN passthrough feature-- including IP port information for various VPN vendors like Check Point and others--handy information to say the least.
When it comes to alerts and logging, the Barricade provides a reasonable level of functionality but omits a couple of key features. For example, its firewall has intrusion detection that monitors incoming traffic for various common TCP/IP attacks and it can be configured to e-mail an alert notification in the event of an attempted breach. On the other hand, although it does maintain a security log, the router can't e-mail the logs, nor can it save them to a file or upload them to a Syslog application.
The Barricade promises twice the speed of a conventional 802.11b access point. Not surprisingly, it doesn't quite live up to that claim. It does, on the other hand, improve performance, and significantly so.
For instance, at close range tests with NetIQ's Chariot, the SMC 2404WBR achieved a throughput score of 6.436Mbps, roughly half again as fast as you'll typically get from garden-variety 802.11b hardware. Performance degraded fairly linearly as distance grew, and at 50 feet from the access point was still quite good at 3.635 Mbps. Response time and streaming tests were equally impressive, and performance with the 256-bit WEP encryption turned on was within the margin of variance.
I conducted the performance test with the Barricade paired to its CardBus NIC counterpart, the SMC2435W in 22 Mbps mode. I also was able to successfully connect to the Barricade in 22 Mbps mode using a similar product, the TI ACX100-based D-Link DWL-650+.
All in all, an extra LAN port and more robust logging and alerting capabilities would make the Barricade 2404WBR more useful. However, it does provide enough administrator-friendly features and high performance to justify a place in a small business or home office network.