Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Eli Wireless Router and Firewall
Author: Joe Moran Review Date: 11/17/2005
In the corporate world, managed firewalls (which are installed on-site at a company but maintained from afar by an outside firm) are becoming increasingly popular, since they let a company protect itself from a variety of network threats without having to worry about configuring and maintaining a complicated piece of equipment.
ELI, Inc. is attempting to bring the benefits of managed firewalls to the consumer and home-office market with its new Eli appliance. The Eli (which stands for Electronic Lifestyle Integration and is pronounced e-lie) is a wireless broadband router that incorporates a firewall along with anti-virus, spam control and content filtering components for all the computers on your network.
In short, the Eli is designed to provide network security while simultaneously freeing you, the small business owner, from the esoteric technical matters regarding firewalls. And while it succeeds in this goal, a perhaps inevitable side effect of the focus on simplicity is inflexibility and limited customization options.
Aside from a vaguely alien-looking image of an "Eli" character molded into the plastic case of the appliance, the device pretty much looks like any garden-variety broadband router. There are a bunch of ports on the rear of the unit; along with the customary four LAN and one WAN Ethernet ports, you'll find two USB ports. One lets you connect Eli directly to a PC mimicking the port found on most cable or DSL modems and the other is meant to provide future support for a USB printer or storage device. (Printer support is expected to be available by the end of October, with support for storage devices coming later.)
The Eli also has an RJ-11 phone jack to connect its internal DSL modem, so that if you use a DSL connection the Eli can replace the hardware provided by your ISP. (The company has future plans to offer a model that substitutes an internal cable modem for the DSL circuitry.)
To facilitate future upgrades, the Eli's wireless hardware components are housed on a modular internal card. This should you upgrade the Eli's wireless capabilities down the road to take advantage of emerging WLAN standards. (The company's plan is to give customers the choice of having the unit upgraded on site or at a local site.)
Setup and Configuration
Getting the Eli up and running is a fairly painless process. Pointing your browser to the Eli's IP address gives you access to a wizard that lets you pick your ISP from a list provided and then automatically configures the unit. If your ISP isn't on the list or you're not using the integral DSL modem, you can configure the unit manually by specifying the type of broadband connection you have (static IP, DHCP etc.).
After the initial configuration, accessing the Eli via its IP address gives you only a short list of informational and diagnostic routines. To actually modify the unit's configuration parameters, you must go to my.trusteli.com and log in using your account username and password.
Logging into my.trusteli.com reveals an interface that couldn't be more different from a typical broadband router. Rather than offering a dozen or more individual pages covering all the technical minutiae of router configuration, Eli offers only a few configurable options across four categories router, e-mail, firewall and parental control. Configuration changes made via my.trusteli.com don't take place instantaneously since you're interacting with a central server rather than the device itself. The longest delay for a change to take effect is two minutes, since this is the interval at which Eli appliance refreshes its configuration data. In situations where you require more immediacy, you can force the Eli to refresh itself on command.
The router category lets you enable the Eli's WLAN feature (which is disabled by default). Customization options are limited to selecting an SSID and enabling encryption (either WEP or WPA-Personal). The Eli automatically generates an encryption key of the appropriate length depending on the method you choose. Considering the Eli's focus on security, it's surprising that it doesn't offer the option to suppress SSID broadcast (so that the presence of the wireless network is not advertised to passers-by), a feature that almost every other wireless router provides. (ELI, Inc. attributes this to a limitation of the appliance's WLAN chipset.)
Anti-Virus and Spam Control
The Eli's e-mail protection category consists of separate spam control and anti-virus components. Both features receive regular signature updates from the central server (often several times a day, according to the company) and each has two simple operating modes on and off.
In our testing, the spam control component was quite effective, successfully tagging the overwhelming majority of junk messages that came through it. (You can then configure a rule in your e-mail client to dispose of the spam as it enters your inbox.) Perhaps as important, it failed to flag any legitimate message as spam.
The efficacy of the anti-virus feature was tougher to judge, but it's important to note that the Eli is designed only to detect viruses as they enter the network, and so it can't be used to scan systems for existing infections. As such, it's better to consider the Eli's anti-virus feature as an added level of security and not a substitute for a good desktop anti-virus utility.
The default configuration of most broadband firewalls is to treat any outgoing network traffic as legitimate, the assumption being that such traffic is on sent on behalf of a person authorized to use the network and can therefore be trusted. This isn't always the case though, as people can and often do unknowingly download malicious programs that use your outgoing connection for various dastardly deeds.
The Eli's firewall, by contrast, takes a safer approach and doesn't automatically allow all outgoing traffic. It offers five extremely broad system policy settings simple surfer, gamer, telecommuter, power user and all outbound. Aside from these labels though, the Eli provides only a brief and exceedingly general description of the type of outbound access each setting allows, so you might have to experiment a bit to accommodate certain uncommon network applications.
On the negative side, the Eli's firewall doesn't give you the option to customize firewall rules for individual systems (for example, to send a certain type of traffic to a specific system).
The Eli's parental control feature (handy for anyone who runs a business from home and yet shares the PC with the kids) lets you filter content based on 59 separate categories of subject matter and, when activated, it did reliable job of preventing access to potentially objectionable Web sites.
On the other hand, the Eli's content filtering feature has several significant shortcomings that may severely limit its usefulness. For example, there is no way to define individual accounts on the Eli. Therefore, you can't create custom filters for specific people, and thus any content restrictions you define automatically apply to everyone. There's also no way to exclude specific URLs (sites that are misinterpreted and blocked by the filter but that you may need to access).
Finally, unlike many other parental control products, there's no provision to temporarily bypass the filter by entering a password when trying to access a site. ELI says it plans to add the ability to customize content filters based on MAC addresses, but since that will differentiate only between PCs and not people, it still forces everyone that uses the same PC to abide by identical restrictions.
Pricing, Availability and Support
The Eli is currently available direct from ELI, Inc. or through a handful of partner ISPs. The company says more ISP partnerships are in the works and that the Eli will also be aimed at enterprises with telecommuters. (An enterprise version of the unit is also available which adds VoIP and VPN capability to the list of features.)
Purchasing the Eli appliance directly from the company will lighten your wallet by $199.99, and then there's a $119.99 charge for 12 months of service, which works out to $9.95 a month. (If you buy an Eli through an ISP, you may pay less for the appliance and have the option of paying monthly.)
In exchange for your monthly support payment, Eli provides toll-free technical support through hotline 24 hours a day, 365 days a year that the company says is always staffed by actual humans (which is refreshing considering that most companies boasting round-the-clock support rely on annoying automated systems). Eli says that its support personnel can in many cases adjust the device configuration to accommodate specific customer needs.
The Eli's price tag isn't exactly cheap when you compare it to the ever-decreasing cost of traditional non-managed wireless routers, but then again they don't give you extras like network-wide anti-virus, spam control and unlimited technical support.
If you're the type of person who likes direct access to network configuration options and information or to customize access based on system or individual account, then the Eli's approach will be far too rigid for you. On the other hand, if you're the set-it-and-forget-it type who doesn't want to deal with the intimate details of your network, and you like the idea of having unlimited access to live support, the Eli may be for you.
Eli sells for $199.99 plus an additional $119.99 for the annual service fee.
Pros: Provides gateway-based anti-virus, spam control and round-the-clock technical support
Cons: Very expensive; requires ongoing service charge; offers few customization options
Joe Moran is a regular contributor to PracticallyNetworked.