Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
McAfee Wireless Home Network Security
Author: Joseph Moran Review Date: 12/29/2005
Pros: Automatically configures encryption method and key on router and clients; rotates keys regularly for optimum security. Cons: Requires specific compatible hardware; key rotation makes using non-PC devices inconvenient.
When you think about it, security and convenience almost always reside at opposite ends of a continuum. More security often means less convenience and vice-versa. This usually true for everything from airport screenings to protecting a wireless network.
McAfee isnt offering a solution for long lines at the airport metal detector (at least, not that theyve told us), but with its new Wireless Home Network Security software, the company is attempting to simultaneously improve the security and convenience of home WLANs (define). The $49.99 utility automatically configures security parameters on the client and the router/AP at the same time. It is aimed at those who for the sake of expediency operate unencrypted WLANs or use static and/or easily discernible keys that can facilitate unauthorized access to the network.
In one sense, WHNS is a souped-up version of Windows built-in WLAN utility that lets you secure and connect to your network without requiring you to create or remember a long and cumbersome encryption key, and then regularly changes the key as an added measure of protection.
Unfortunately, theres no standardized interface or format for configuring wireless hardware, and since router and access point configuration parameters arent uniform, McAfee Wireless Home Network Security isnt universally compatible with every piece of wireless hardware. McAfee publishes a list of compatible routers and access points (you dont need to worry about the client) that at the time of this writing listed more than a dozen models from five different vendors. WHNS is compatible with the most common models from the biggest players like D-Link, Linksys, and Netgear, but if your hardware is particularly new or special (i.e. a MIMO device [define]) chances are it wont work with WHNS at least not for the moment.
Another compatibility caveat is that often a particular make and model of hardware will have myriad hardware versions and firmware revisions, so you need to check McAfees list carefully to ensure that the hardware you have (or plan to buy) is truly supported. While firmware is easy enough to update, hardware versions cant be changed.
For this review, I used the ubiquitous Linksys WRT54G 802.11g broadband wireless router.
After setting up the Linksys router using the out-of-the-box configuration (default settings with encryption turned off) and connecting to it with a wireless client, I installed WHNS on a Windows-based laptop PC. The utility promptly detected that the system was connected to an unprotected network and then popped up a dialog asking to secure it. Upon clicking Yes and waiting a bit less than a minute, the utility proudly reported that both the computer and the router had been secured, even though there was no request to choose an encryption method or key.
So what exactly happened? Direct inspection of the router revealed that it had in fact been reconfigured with 128-bit WEP encryption, and although the client system continued to report the same network SSID (define) that it had before using WHNS, the router itself showed that it had actually been changed with some characters appended to it. (The SSID modification is how the WHNS software subsequently identifies a network that it has previously configured.)
WLAN Security Although WHNS automatically configures your network with lesser WEP encryption (define) by default (presumably for compatibility reasons), you can later opt for the more robust WPA-PSK instead.
Regardless of the type of wireless encryption you use, by choosing the key for you WHNS keeps you from using simplistic keys that can ultimately undermine your security. For example, although WEP uses long fixed-length keys, how often have you used consecutive numbers or phone numbers or other easily remembered digits? Similarly, WPA (define) shared keys are can be as few as eight characters, which makes it tempting to take shortcuts like using the name of a pet or another easily identifiable proper name. Because longer keys are harder to crack, WHNS configures itself and the router using the full 64 characters available.
Perhaps the key feature of WHNS (forgive the pun) is that it automatically rotates WEP or WPA keys every three hours in an attempt to thwart WLAN sniffers trying to discern your key. This also allows you to easily give a guest temporary access to your network
WHNS offers users a rudimentary method of user authentication, though its not exactly automatic. Once a wireless network has been set up and configured by the utility, any user running WHNS that attempts to automatically connect to it must be granted access by someone else thats already connected to the network and running the software(via a pop-up dialog box). McAfee licenses the software for five household computers, and although a system running WHNS has the benefit of connecting to a protected network without having to know or type an encryption key, having the software is not a prerequisite for access. You can still connect a system to the WLAN conventionally by looking up the encryption method and keyeither via the WHNS software or by accessing the router itself and entering them into Windows. In fact, if there isnt anyone running WHNS already connected to the network, the conventional method is the only option since there wont be any way to respond to the request for access.
The WHNS key rotation feature can also be used as a simple method of access control. A revoke access feature can be invoked on demand to force a key change, leaving all disconnected clients with an invalid key and forcing them to re-authenticate via the above process. The feature does have limitations; you cant revoke the access of a specific system, and any client thats connected when the key change occurs will automatically receive the new key and retain access.
Another potential snag with key rotation concerns non-PC wireless devices like a PDA, game console or TiVo. Any device that cant run WHNS wont get the memo when a periodic key change occurs, and though you can suspend key rotation to keep such devices from being left out in the cold, this of course eliminates the protection provided by the feature.
Although the option is not front and center (it probably should be), you can use WHNS to change your routers configuration password. The software can also generate alerts based on a number of network events, such as when previously-approved systems connect or disconnect or when a key change takes place.
When you use WHNS on a laptop to try and connect to a network with incompatible hardware (for example, if you have it installed on a notebook that you use on WLANs other than your own) the utility should serve the same function as the built-in Windows WLAN tool. While the wireless connection was always rock-solid while using WHNS-compatible routers or access points, there were problems with at least one other network the system would repeatedly drop the connection forcing us to reconnect manually.
If you have a supported wireless device and run the software on all of your systems, McAfee Wireless Home Network Security lets you have your cake and eat it too by automatically handling all the aspects of WLAN encryption that most users tend to ignore or give short shrift to. In this way it gives you excellent wireless security without much of the pain of managing it.
But if you have any non-PC devices on your WLAN that require ongoing access or that you use regularly (as many households do nowadays) having to suspend the key rotation largely negates the promise of the software.