Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Linksys Wireless-G Broadband Router with SRX
Author: Joseph Moran Review Date: 8/10/2005
Model: WRT54GX Price: $179 (MSRP) Pros: Supports all major security protocols and encryption types Cons: Inflexible logging; limited performance improvement
After setting up a wireless network, you may sometimes find that your WLAN may not extend quite as far as you expected. Even if that’s not the case, it’s not unusual to experience dead spots or areas where the signal isn’t strong enough to give you a fast or even steady connection. Enter the Linksys Wireless-G Broadband Router with SRX.
SRX stands for Speed and Range eXpansion, and in the quest to achieve this, this product, model WRT54GX, utilizes MIMO technology (from Airgo Networks). MIMO, which stands for Multiple Input Multiple Output, tries to improve signal range (and throughput at a given range) by using multiple transmitters and receivers simultaneously. MIMO is a key design component of the upcoming 802.11n Wi-Fi specification, but that should not lead you to infer that the WRT54GX (or any MIMO-based WLAN router) will be upgradeable to 802.11n when it’s finalized, since no vendor is making that promise.
Installation and Setup
The physical design of the WRT54GX—or, more specifically, the orientation of its antennas— makes it resemble something off the set of a campy 60’s sci-fi movie. The slender grey plastic box has two antennas protruding like television rabbit ears, with a third opposing antenna facing out from the front. The WRT54GX has a built-in slide-out stand to give it some stability when using it in a vertical orientation, and all the antennas are adjustable if you’d rather lay it flat.
If this is your first broadband router, or if you’re not intimately familiar with the process of installing one, you’ll appreciate the Linksys setup wizard, which prompts you to configure the basic router settings and even offers diagrams illustrating the various physical connections. The wizard does have a shortcoming, however, in that it only allows you to configure WEP security. If you want to use WPA (and let’s be clear—you do), you have to go back into the router via the browser interface to change security settings. While many users will probably bypass the wizard and set up the router directly from the browser anyway, it shouldn’t be necessary for wizard users to configure security settings twice.
Wireless Settings Unlike many previous performance enhancements vendors have made to 802.11g, MIMO mode is something you can’t turn off—it operates constantly, whether the router is running in 802.11g-only or mixed mode. (You can disable the wireless network radio entirely, if desired.)
The WRT54GX supports a number of different methods of wireless security. Besides WEP and WPA, the most recent version of the WRT54GX firmware (1.02.06) adds support for 802.11i/WPA2. (Using WPA2 with Windows XP requires an operating system patch—search for knowledge base article 893357 at www.microsoft.com to download it.) Both WPA and WPA2 are supported either with a pre-shared key or with a separate RADIUS server doing the authentication.
You get a fair amount of flexibility when configuring wireless security on the WRT54GX. For instance, you can enable concurrent support for WPA and WPA2, and you can encrypt wireless traffic using TKIP, AES, or both at the same time.
When you need to configure the router away from home or the office, you can access and manage the WRT54GX remotely and specify a custom port other than the standard 8080 for doing so. You can’t, however, identify a specific IP address or address range that’s authorized to perform remote management for an added level of security.
For those who like to keep close tabs on their wireless network, the WRT54G has the capability to log quite a bit of information. In fact, it can monitor eighteen different parameters, and does so by maintaining four separate logs – one each for System, Firewall, WAN Connection, and New Traffic events. The weakness in the WRT54GX's logging abilities lies in the inconvenience of accessing log information. For example, you can’t output any of the logs to a syslog server, and while you can view the individual logs by accessing the router, you can’t save them to a text file for offline reading. The WRT54GX also lacks the ability to send out e-mail alerts for serious security or system events.
To aid in network troubleshooting, the WRT54GX offers a Diagnostic page that lets you bypass a PC and ping or traceroute directly from the router. There’s also a System Performance page that lets you see at a glance whether your LAN, WAN, and WLAN connections are up or down. It displays the number of packets going in each direction, as well as dropped and error packets on each interface.
Performance In order to take full advantage of the WRT54GX's performance potential, you must use it in conjunction with Linksys SRX-based client hardware like the WPC54GX CardBus adapter. The WPC54GX resembles a conventional 802.11g card, although it's bulkier and extends out a bit farther than a typical CardBus WLAN card.
In testing conducted with Ixia’s QCheck utility, the WRT54GX and WPC54GX combination consistently yielded throughput in the range of 18.8 to 19.2 Mbps in various rooms at a single level and at distances of between 10 and 50 feet. At a distance of about 75 feet, outdoors and separated by glass and masonry, performance wasn’t diminished and remained essentially within the same range.
According to Linksys, the WRT54GX will provide a lesser degree of improved performance with standard 802.11g cards. Repeating the performance tests after pairing the router with the built-in 802.11g adapter in a Dell Inspiron 300m notebook resulted in throughput scores in ranging from 16.6 to 17.9 Mbps. In the outdoor location, the throughout measured in the low end of that range.
The tests indicate that the combination of the Linksys WRT54GX and WPC54GX was able to consistently provide a measurable, albeit small performance increase over standard 802.11g hardware, though not nearly the performance of some other MIMO-based devices.
Conclusion With a street price of about $150, you’ll pay a lot more for a WRT54GX than you will for garden-variety 802.11g hardware, which has become quite inexpensive. Whether the premium is worth it or not will depend on how well the WRT54GX performs in your particular environment, but the device does have the potential to improve the quality and performance of your WLAN.