Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
ZyXEL XtremeMIMO Wireless Broadband Router
Author: Aaron Weiss Review Date: 3/20/2006
Once upon a time 802.11b wireless networking appeared, freeing us to roam around at 10Mbps, and it was good. Actually, it was just OK. So hardware vendors whipped up 802.11g 54Mbps of bandwidth goodness. The people rejoiced and then said, "Got anything faster?" One day we'll have 802.11n, but until that day comes, vendors have been devising ingenious new ways to extend 802.11g to send Wi-Fi signals faster and farther.
ZyXel's X-550 XtremeMIMO Wireless Broadband Router sports the latest souped-up 802.11g features combined with the firewall and network management features we expect from a broadband router today. ZyXel is marketing the X-550 as "eight times faster and farther." Compared to what, they don't exactly say.
Besides sheer speed, the X-550 touts improved ease of setup with built-in wizards and support for Microsoft's Windows Connect Now technology. The router's Stream Engine provides traffic shaping to manage real-time activities like VoIP and gaming, and it bolsters security with support for WPA2 and a stateful firewall.
But first, what's a MIMO? And why is it so Xtreme?
MIMO and Super G
MIMO and Super G are two complementary technologies that can extend the range and speed of 802.11g wireless networks.
MIMO, or multiple-in multiple-out, describes an arrangement of antennas for sending and receiving wireless signals. MIMO devices feature several antennas that break up and recombine signals into portions. Because the MIMO approach takes advantage of natural reflectivity in wireless signal distribution, it results in better signal strength in areas that were marginal or unreachable with conventional antennas.
ZyXel's X-550 features two positional, 4dBi external antennas and two fixed internal antennas.
Super G technology takes advantage of MIMO signal distribution to effectively double the available bandwidth. This allows Super G devices to be rated at a maximum 108Mbps speed, or twice that of a conventional 802.11g network.
Both MIMO and Super G are backwards compatible with standard 802.11g (and 802.11b) networks. By default the X-550 will work with all b and g cards but its greatest performance boosts will come with clients featuring MIMO and Super G capabilities.
Set It Up
Out of the box, the X-550 is a dainty little thing, all white including its antennas with a minimalist design and soft lights. Clearly ZyXel is giving a nod to or taking a page from Apple, employing a purist aesthetic any interior decorator/yoga instructor will love. Even the power plug (which is not white) shows a considerate touch, being oriented sideways so as not to block an adjacent outlet.
At its rear, the router features a four-port 10/100Mbps LAN switch, a WAN input, a wireless radio on/off switch, a reset button and a USB port for use with the (optional) Windows Connect Now configuration.
Initial setup is straightforward for a broadband router plug your broadband connection into the WAN port, turn on the power, and boot up a computer with a wireless card (or an Ethernet cable plugged into one of the router's LAN ports).
The X-550 defaults to an IP address of 192.168.1.1, where you can reach it through a Web browser and begin configuration.
ZyXel's administration interface is clean but thorough. The Basic/Start page offers two simple wizards Internet Connection Setup and Wireless Security Setup. The Internet Connection setup walks you through setting a new administrator password (an excellent idea), adjusting the time and date, and connecting to the Internet via either static IP, dynamic IP via DHCP, or PPoE depending on your ISP. DHCP users can clone their PC's MAC address onto the router, for providers which use this information for access control.
You can alternatively set up your network using Windows Connect Now. Available only with Windows XP SP2, Connect Now lets you use a USB flash drive to set up a network. You run a wizard on the XP machine, plug in the flash drive, then plug that drive into the router's USB port, and then into each client machine. The procedure is documented in the manual.
In addition to incorporating MIMO and Super G features, ZyXel designed the X-550 as a relatively advanced SOHO router.
You'll find a plethora of customizable routing, port forwarding and port triggering options through the Game Hosting, Virtual Server, Applications and Routing interfaces. Although there may be some confusion caused by multiple ways to accomplish the same task, ZyXel has its bases covered.
The router includes port forwarding and triggering presets for many popular games and applications. It even includes support for Dynamic DNS services like no-ip.com, so that even customers without static IP addresses can host servers or games to outside networks (which may violate your ISP's terms of service, but that's not ZyXel's problem).
The X-550's firewall features stateful packet inspection (SPI), which makes it more intelligent than firewalls that just blindly block ports. SPI uses complex algorithms to analyze patterns of traffic, allowing it to spot potentially malicious activities that would not be easily detected by looking at individual pieces of data alone. The X-550 logs all suspicious activities.
And speaking of logs, the X-550 can deliver log data to external servers and/or e-mail logs to any address on a specified schedule. The average home user might not have much use for these features, but they can be valuable to businesses and other security-conscious organizations.
The X-550's access controls give router administrators sometimes known as parents control over tasks and content. The router can limit Internet activities by type (such as games), time (such as after 6 p.m. on weekdays) and content, through a filter of acceptable Web sites.
ZyXel's so-called StreamEngine is a simplified form of traffic shaping, also known as QoS (Quality of Service), a technology used in corporate and ISP routers to give priority to certain kinds of network activities. By default, the StreamEngine is on and operates in automatic mode, identifying game and VoIP traffic, and increasing its priority over less time-sensitive traffic such as Web surfing. You can customize the StreamEngine further by adding rules to promote or demote traffic that meets certain criteria such as port ranges and protocol.
Considering how few people take the time to secure their wireless routers, ZyXel has clearly made a good effort to put security front and center. The wireless security wizard appears prominently upon initial setup, and very simply walks you through setting up a WEP or WPA access control.
The X-550 supports both WPA and WPA2, which the wizard refers to as "better" and "best" respectively. Unfortunately, some consumers might have a hard time determining whether their wireless clients support WPA2, but there's not much ZyXel can do about that.
The router also supports WPA authentication through a Radius server, along with conventional pass-phrase protection.
As with other routers, you can create a MAC address filter to further restrict network access and disable SSID broadcasting. Note, though, that despite ZyXel's on-screen advice that hiding your SSID can deter hackers, this is a very insecure form of protection, which is easily overcome with the right sniffing software.
All wireless speed claims are overstated 802.11b is rated at 10Mbps and at best, achieves half that. The same is true for 802.11g, rated at 54Mbps, which translates to a real-world maximum of about 20-25Mbps. With Super G added into the mix, the wireless speed rating is doubled to 108Mbps, and its real-world maximum is also doubled, to just over 50Mbps. For the sake of comparison, a typical 100Mbps wired LAN can produce maximum speeds of about 90-95Mbps in other words, although rated slower than Super G, a wired LAN is much more efficient, and therefore almost twice as fast in actual practice.
W tested the X-550 against the venerable Linksys WRT54G router, an 802.11g router without MIMO or Super G support. For a wireless client card, we alternated between ZyXel's own Xtreme MIMO M-102, marketed as a natural companion to the X-550, and our own Netgear WG511T card, which also features Super G.
Testing throughput with both Qcheck and NetCPS, both cards maxed out at around 20-24Mbps when associated with the Linksys WRT54G router as expected. The Netgear client card consistently pulled a few Mbps ahead of the ZyXel, but both performed near maximum for plain vanilla 802.11g.
When associated with the X-550, the speed difference was indeed dramatic. Both cards maxed near 50Mbps with the Netgear, again, slightly ahead more often than not. However, both cards experiences wide fluctuations in speed, sometimes plunging as low as 10Mbps, even when signal strength was strong and the X-550 was only a few feet away.
The key to controlling fluctuations, it turned out, is in the router's basic wireless settings. You can choose among several Super G modes disabled, Super G without turbo, Super G with dynamic turbo, and Super G with static turbo. The dynamic turbo mode accommodates a network that may include non-Super G cards, but at the price of wide ranging speed negotiations. When we switched to Super G with static turbo, the wide speed fluctuations disappeared, and throughput consistently hovered at or even slightly above 50Mbps the maximum effective speed expected for a Super G connection.
Enabling 128-bit WEP or WPA encryption made little-to-no difference in average throughput performance. So there's no excuse for not securing your network.
Super G, then, can indeed perform twice as fast as regular 802.11g. If you configure the X-550 for compatibility with a wider variety of cards, though, you sacrifice some consistency in your maximum throughput. If you lock down the X-550 to an 802.11g-only Super G static turbo-only network, you will floor it full time for maximum performance.
MIMO promises not just speed but range. Here again, the marketing claims are not just a gimmick. With both routers on the second floor of the building, we got a strong signal to both from anywhere downstairs. The WRT54G, too, has good coverage. What differed, sometimes dramatically, was speed at a given range. In a distant location where we could pull only 15Mbps from the WRT54, the X-550 still delivered over 30Mbps.
Coverage performance is going to vary a lot from one home or office to another, so it is difficult to draw broad conclusions. In our situation, both the Linksys and the ZyXel X-550 were accessible from just about anywhere. The X-550, though, presented double the throughput and sometimes more.
With a street price currently around $100, the ZyXel costs approximately twice as much as its non-MIMO/non-Super G counterparts, and several times more than barebones wireless routers. In its favor, the X-550 delivers with maximum throughputs near the expected maximum and impressive coverage. Beyond simply being a street racer, the X-550 is also quite a thorough router, with comprehensive network management features appropriate for advanced home users and small businesses.
It's worth noting that the X-550 actually performed best with Netgear's WG511T Super G card (which happens to cost about $20 less than the ZyXel's M-102companion card).