Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
D-Link Xtreme N Gigabit Router
Author: Craig Ellison Review Date: 3/26/2007
Last fall, I reviewed the top-of-the-line D-Link RangeBooster N 650 router. I loved all of the configuration options, the configurable QoS engine, and the extensive list of preconfigured applications in the port-forwarding setup. My unfulfilled wish was for Gigabit Ethernet LAN ports. The new top-of-the line Xtreme N Gigabit router (model DIR-655) fulfills that wish, and adds a few other new features as well. Since the DIR-655 has an essentially identical menu system and features to those of the RangeBooster N 650, Ill just review the new features.
First, and probably most noticeably, D-Link has given the DIR-655 a fresh new look. The DIR-655 has a white case and a black trim band that wraps around the case. Even the three antennas are white. Though the case tooling is almost identical to the tooling used on the RangeBooster N650, D-Link chose a glossy finish for the DIR-655 rather than the matted finish found on its predecessor. Whether or not this is a nod to Apples color scheme, the new case color is a welcome change from D-Links traditional color schemes.
Setup and Configuration As with other D-Link routers, the DIR-655 arrives with a piece of yellow tape across the four LAN ports that instructs you to run the CD first. The CD has a step-by-step wizard that walks you through the basic configuration. It asks whether you're replacing an existing router or installing the router as a new device. The wizard then branches to animated instructions that tell you how and where to plug in the cables, and when to unplug and power up the cable/DSL modem and the router.
When I finished the fifth step and clicked on Next, I got an error saying that the setup wizard didnt detect a supported D-Link router. This looks like a minor QA glitch that Im sure that D-Link will fix. For my setup, however, it didnt matter. By the time I received this error, my connection to the Internet was established and the router was working properly. I did, however, have to manually configure the wireless settings.
The Laptop Side Naturally, D-Link recommends that you pair the DIR-655 with its Xtreme N Notebook Adapter (Model DWA-652) for optimal performance.
Compared to the installation of the DWA-645 RangeBooster N, Im sorry to report that the installation wizard for the DWA-652 is a step in the wrong direction. The RangeBooster N wizard gave you a choice of using the Windows Zero Config wireless client or the D-Link Wireless Connection Manager. D-Links Wireless Connection Manager, which doesnt co-exist nicely with Windows Zero Config, does provide some additional useful information about neighboring wireless networks, such as operating channel, security and signal strength.
Unfortunately, the installation procedure for the DWA-652 eliminated the step that offers you a choice. The notebook adapter installs properly, but defaults to Windows Zero Config. The D-Link connection manager appears in the system tray anyway until you run the cursor over it. Then it disappears. And if you try to launch the connection manager, the same thing happens again the connection manager icon appears in the system tray until you mouse over it.
I knew how to fix this, but I thought this would be a good opportunity to see how D-Links 24/7 tech support handled the problem. After a short wait on hold, I got a level one technical support agent. He had me try the usual things uninstalling and reinstalling the driver, and downloading the driver from the Web site and reinstalling that. (The driver on the Web site was the same version, but I went through the exercise anyway). When these attempts at fixing the problem failed, he assigned a case number and passed me off to level two tech support.
After another short time on hold (less than five minutes), a level two technician took my call. She had me deselect Use Windows to manage my wireless connections, and then, through the services control panel, stop the Windows Zero Config service and set its startup mode to manual. Of course, this solved the problem.
The bottom line? D-Links tech support was able to resolve the problem in a reasonable length of time, but this is a problem that should have been handled at level one. More importantly, since the installation worked so well for the DWA-652s predecessor, QA seems to have dropped the ball by releasing this installation wizard. Hopefully, D-Link will fix this problem with a patch.
What Else is New? In addition to the new case color and the Gigabit LAN Ethernet ports, the DIR-655 includes a feature named WISH Wireless Intelligent Stream Handling. When enabled, WISH will prioritize wireless traffic according to three built-in priority classifiers:
HTTP: The router will recognize HTTP traffic for many common audio and video streams, and will prioritize that traffic above other types of traffic.
Window Media Center: Audio and video streams generated by a Windows Media Center PC will be prioritized above other traffic. This would be useful if you were using a wirelessly connected Windows Media Center Extender.
Automatic: The router will attempt to prioritize other traffic it doesnt otherwise recognize. File transfers, for example, would be de-prioritized, leaving interactive traffic at normal priority.
If those three priority classifiers arent enough for you, you can set individual WISH (Wireless Intelligent Stream Handling) rules for an IP address or a range of addresses, and define protocols and port ranges. For each WISH rule, you can assign a priority of Voice (highest priority), Video, Best Effort or Background.
Wireless Intelligent Stream Handling configuration Another new feature is a wireless security setup wizard that you can launch from the setup tab on the DIR-655s Web interface. This five-step wizard walks you through naming your wireless network, choosing the security level and setting the pre-shared key. The DIR-655 supports WEP, WPA-PSK or WPA Enterprise (for use with an external RADIUS server). For WPA, the default mode is Auto, but you can force it to use WPA1 (TKIP) or WPA2 (AES) encryption. You can also choose 64 or 128 bit WEP if you have legacy devices on your network that dont support the more secure WPA/WPA2 security modes.
The DIR-655 also appears to support Wi-Fi Protected Setup. This standard from the Wi-Fi Alliance simplifies setting up a secure wireless network. There are two mandatory methods required for WPS products: Push-Button Configuration (PBC) and Personal Identification Number (PIN). A close inspection of the DIR-655s case reveals a black push button embedded in the black trim on the right side of the case. Additionally, theres a menu entry in the DIR-655s Web interface labeled Wi-Fi Protected Setup. However, neither the instruction manual for the DIR-655 router nor the DWA-652 client card made any mention of Wi-Fi Protected Setup. For now, I have to conclude that the DIR-655 is Wi-Fi Protected Setup capable, but new drivers for the client card will have to be released before youll see the benefits.
Performance To test the DIR-655, I installed a DWA-652 notebook adapter into an IBM ThinkPad T40. I connected a second notebook equipped with a Gigabit Ethernet port to one of the Gigabit LAN ports on the DIR-655. I tested in infrastructure mode, and, using two streams of data with iPerf, sent traffic between the two notebooks. I tested using the routers default settings mixed mode compatible with 802.11b/g and draft n, and auto 20/40 MHz channel width selection.
I tested in a typical home environment (mine). Before testing, I did a site survey and discovered 12 nearby wireless networks. I was surprised at the number of new neighboring wireless networks the last time I tested wireless products, there were only six.
I created four test scenarios, and for each one, I ran performance tests a number of times. The results below are the average throughput for each test scenario.
Test One One notebook connected to the router with a Gigabit connection. The wireless notebook over six feet away from the router. Result: 49.9 Mbps
Test Two One notebook connected to the router with a Gigabit connection. The wireless notebook was moved to a bedroom over 19 feet away. There was one wall between the router and the client. Result: 45.7 Mbps.
Test Three One notebook connected to the router with a Gigabit connection. The wireless notebook was moved to the living room downstairs. Results: 56 Mbps.
Test Four One notebook connected to the router with a Gigabit connection. The wireless notebook was moved to the kitchen directly below the location in test two. Results: 28.7 Mbps.
I didnt see the blazing speeds that are achievable in a clean laboratory test environment, but considering the fact that there are 12 neighboring wireless networks, the performance was very good. The D-Link DIR-655 router/DWA-652 client card combination provided excellent performance and coverage virtually anywhere in what I believe is a challenging home test environment.
Setup and configuration issues aside, the DIR-655/DWA-652 combination could form the basis for a high-performance home network. The DIR-655 keeps all of the configuration options we liked in its predecessor, the DIR-635, and adds new features including Gigabit LAN ports and Wireless Intelligent Stream Handling. I think its finally time to upgrade my home network.
Model: DIR-655 Price: $180 Pros: New looks, excellent performance, Gigabit Ethernet. Cons: No WPS support on the client (yet), minor setup glitches.