Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router ó and by extension, your network ó is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Asantť FriendlyNet Internet Router with Firewall
Author: Ronald Pacchiano Review Date: 3/31/2003
Model Number: FR1004 ($99.99)
Support for Dynamic DNS
Configuration options can be confusing
No content filtering
Log could be more detailed
Nothing annoys me more than finding a person using a broadband Internet connection without a firewall. It just drives me nuts! In this day of virus attacks, stolen passwords, identity theft, and computer hacking, it continues to amaze me just how many people still donít get it. So listen up everyone Ė a broadband Internet connection is not a toy. It is gateway to the outside world -- a door into your PC, one that if not guarded could allow anyone to destroy your data and violate your privacy.
Now you would think that the main reason for this is a simple a lack of understanding, but in most cases it isnít. For the majority of the people I talk to, the biggest reason they donít use a router/firewall is price. Many just donít want to spend an extra $100-$150 on top of the $50 bucks a month theyíre paying for Internet access. If you or someone you know falls into this category, then Iíd like to suggest you take a look at the FriendlyNet FR1004 Internet Router with Firewall from Asantť Technologies, Inc. Not only is the FriendlyNet packed with advanced features usually associated with high-end routers, but itís also one of the least expensive routers on the market today. With a street price of about $68.00, itís an incredible value.
As the name suggests, the FriendlyNet FR1004 is a Cable/DSL Internet router with built-in firewall capabilities. The FriendlyNet is packed with a number of features that will impress even the most demanding tech-heads. For starters, it supports a variety of different cable and DSL connection types, including support for dynamic and static IP addressing, DSL (always on), cable (Hostname-based), and the increasingly popular PPP over Ethernet (PPPoE).
It features hardware-based Broadcast Storm prevention and uses Network Address Translation (NAT) to cloak LAN traffic. Secure Packet Inspection (SPI) technology further protects your network by continuously filtering both incoming WAN and outbound LAN traffic, based on source and destination IP addresses and port numbers. Further control over LAN access can be implemented using MAC address filtering, which allows you to limit LAN traffic only to registered computers.
For those users who would like to host their own website or mail server, the FriendlyNetís Distributed Server mapping capabilities can be configured to redirect incoming WAN traffic to a server that resides behind the firewall. This is done by mapping a service port (HTTP:80 or FTP:21, for example) to a specific IP address. This router also supports Dynamic DNS, allowing users saddled with dynamic IP addresses to still register and host their own domain names.
Firewalls arenít without their problems, and trying to get certain applications to work from behind one can be a real challenge. Ports need to be opened to allow traffic from these applications to pass freely, but it could be difficult trying to isolate which ports they are. To make this process easier, the FriendlyNet employs two potential solutions Ė triggers and Demilitarized Zones.
Triggering works by having the router watch the outgoing data for a specific port number. When the router sees a match, it remembers the IP address of the computer that sent the matching data. When the requested data wants to come back in through the firewall, the router uses the port mapping rules that are linked to the trigger and the IP address of the computer that "pulled" the trigger to get the data back to the proper computer. A trigger event can only come from a computer behind the firewall. So data coming from outside the network will be denied. Correctly configuring a trigger, however, often takes a bit of trail and error, sometimes to the point of frustration.
The second solution is a Demilitarized Zone (DMZ). A computer in the DMZ is logically placed outside of the firewall, allowing for completely unrestricted two-way communications. A DMZ is rare for a router in this price range.
Like most routers, the FriendlyNet has built-in DHCP capabilities to handle client IP assignments. A 4-port 10/100 Mbps Fast Ethernet switch is integrated into the FR1004, making it easy to get a small group of users up and running quickly. When you need to add more users to your network, all you have to do is connect another 10/100 switch or hub to any available LAN port. And thanks to Asantť's new Auto-Uplink feature, you wonít have to worry about uplink ports or cross-over cables.
Each of the FriendlyNetís operations and security settings is configured using a web-based management system. While this management interface is simple to navigate, it can be somewhat overwhelming at first glance. The options are broken down in sections, which is simple enough, but some of the menus, particularly those for the Inbound and Outbound Packet Filter and the Distributed Servers Setup, can be downright scary if you donít know what youíre doing.
The integrated help menus are far better than those found in most routers but still arenít novice-friendly enough to overcome the intimidation routers can sometimes instill. This makes the FriendlyNet hard to recommend to someone with little or no network experience. The FriendlyNet also has Remote Administration support, which allows it to be managed from offsite locations. Itís a nice feature but seems to be out of place on this class of router.
Installing the FriendlyNet FR1004 was very straightforward and required nothing more than plugging it in and connecting the appropriate LAN and WAN ports. Our Road Runner cable modem automatically assigned the router our ISP information, and since DHCP is enabled by default, our workstations were up and running almost immediately. We tested the FriendlyNetís firewall performance using the GRC.com Shields Up test and the port scanner at Hackyourself.com. As expected, the unit performed splendidly.
The Bottom Line
In spite of all of the FriendlyNetís cool and useful features, I feel that it is much better suited for the home office user or telecommuter rather then a small business. One of the most disappointing things about this router is its logging capabilities. While it does keep an activity log of all network logins as well as possible intrusion attempts, it just doesnít offer network administrators a whole lot of detail.
It would have been nice if it could tell you which IP addresses visited what websites and at what times. In addition, it doesnít offer any type of content filtering. While advanced filtering techniques like the blocking of category types (e.g. sex, violence, drugs, etc.) or keywords would have been an added bonus, they could have at least given the administrator the ability to block specific domain names and IP addresses.
So if youíre in the market for a secure internet solution and donít want to spend and arm and a leg to get it, you might want to give the Asantť FriendlyNet FR1004 Router a try. While it does have some shortcomings, itís still an incredible value, and for only $68.00, you could do a whole lot worse.