Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
D-Link 3G Mobile Router for EV-DO Networks
Author: Joseph Moran Review Date: 5/17/2007
Take your router anywhere even in the car if youve got EV-DO to power its backhaul connection to the Internet.
The good, the bad and the ugly in testing the laptop 3G capabilities of one of America's biggest mobile operators.
As a recent Comcast service outage clearly demonstrated to me, many of us work in a world thats increasingly dependent on Internet access. I have a Verizon Wireless EV-DO 3G card for my notebook to provide Internet access when I travel, but that couldnt help my co-workers during my cable Internet service outage. Fortunately, when the outage occurred, I was in the process of reviewing D-Links DIR-450 3G Mobile Router for EV-DO Networks.
The DIR-450 is a traditional D-Link router with many of the advanced features I liked when I reviewed both the DIR-635 and the DIR-655 routers. The DIR-450 is housed in a case virtually identical to that used on the DIR-635.
Only when you look at the rear of the DIR-450 will you notice that instead of an Ethernet WAN port, theres a PC card slot to accommodate an EV-DO card.
For sharing the EV-DO Internet connection, the DIR-450 includes four 10/100 LAN ports as well as a standards-based 802.11g radio featuring Atheros Super-G technology. It uses traditional NAT (network address translation) technology to map the public IP address of your EV-DO card onto a private network. An SPI (stateful packet inspection) firewall protects your private network from attacks and unwanted intrusions.
Why a 3G Router?
There are many potential uses for a router that lets you share your 3G connection. Some examples might include the following:
When working at client sites, consultants and auditors frequently are denied access to the clients network for security reasons, but they still need to communicate with each other and with their home office.
Groups of employees can create ad-hoc Internet-connected workgroups in hotel conference rooms when the hotel doesnt supply an Internet connection.
Emergency responders can set up an ad-hoc wireless network quickly at the scene of an accident or emergency to access vital information and resources.
On vacation, multiple family members traveling with laptops can all stay connected with friends (and, unfortunately, the office).
You might live in an area where cellular Internet access is the only service available; you can share the Internet connection with other computers on your home network.
The DIR-450 has an eight-page printed quick install guide. This guide, as well as the user manual, is also supplied on CD. However, there is no CD-Based installation wizard as was supplied with other D-Link routers. Instead, the quick install guide instructs you to plug in your EV-DO card, connect one of the LAN ports to your computer, and browse to the default IP address (192.168.0.1).
You can choose either to manually configure your settings or use the built-in setup wizard. Clicking on the setup wizard takes you to a second page where you can choose a wizard for setting up your Internet connection, or a wizard for configuring your wireless security. The Internet connection wizard lets you set an administrative password for the router, set your time zone and configure the router for your EV-DO card. I chose manual configuration. I selected my EV-DO card from the drop-down list and hit "save." The router rebooted with the new configuration and connected to the Internet after the reboot. It was that easy.
D-Link also sells the DIR-451, which is essentially a DIR-450 that supports UMTS or HSDPA cellular data networks. Compatible service providers in the US for the DIR-451 are Cingular (AT&T) and T-Mobile.
Though the DIR-450 ships with wireless security disabled, the wireless security wizard walks you through naming your wireless network, choosing the appropriate level of security and setting your pre-shared WPA or WEP key. Again, I selected manual configuration. You can enable Super G mode or 802.11g-only mode (this unit doesn't do pre-11n), disable SSID broadcast, and enable auto channel scan, which selects the best operating channel for the DIR-450. It supports WEP (64 or 128 bit), WPA, WPA2 and WPA2 Auto. Theres no support for WPA2 enterprise, but frankly, in a mobile router, youd probably never use that feature.
LAN setup is quite straightforward. Out of the box, you dont really even need to configure it, as the built-in DHCP server is enabled with a default IP address pool of 100 addresses. The router does support DHCP reservation for mapping specific IP addresses to specific computers on the network based upon their MAC address, a feature I really like; the LAN configuration page shows you a list of Host names, IP addresses assigned, and their corresponding MAC addresses.
A click on the Advanced tab reveals that the DIR-450 retains many of the advanced features found in D-Links top-of-the-line models, including virtual servers, port forwarding, application rules (for port triggering), MAC address filtering and Web site filtering. As youll find in other recent D-Link routers, the right side of the screen displays context-sensitive Helpful Hints. The support tab above the hints column takes you to an index page that provides more detailed information about menu items and configuration parameters.
The DIR-450 lacks the quality of service (QoS) engine thats built into both the DIR-635 and the DIR-655. That makes sense, since EV-DO provides a relatively low-speed connection to the Internet it's no cable modem and youre unlikely to be doing voice or video over those links. I did try a Skype VoIP connection through the DIR-450, and while I was able to connect and hold a conversation, the audio report I received said that it sounded like a bad cell phone connection. Thats not too surprising, considering the latency on the EV-DO network. My ping response time to www.google.com, accessed through the Tools menu, averaged 250ms, compared to the 17ms response time through my cable connection.
To test the wireless network performance of the DIR-450, I installed Buffalo NFinity draft N into an IBM ThinkPad T40, and connected a second notebook to one of the 10/100 Ethernet LAN ports on the DIR-450. I tested in infrastructure mode and, using two streams of data with iPerf, sent traffic between the two notebooks. I tested using the routers default settings.
I created four test scenarios, and for each one, ran performance tests a number of times. The results below are the average throughput for each test scenario.
Test One One notebook connected to the router with a 100 Mbps connection. The wireless notebook over 6 feet away from the router. Result: 21.6 Mbps
Test Two One notebook connected to the router with a 100 Mbps connection. The wireless notebook was moved to a bedroom over 19 feet away. There was one wall between the router and the client. Result: 15.6 Mbps
Test Three One notebook connected to the router with a 100 Mbps connection. The wireless notebook was moved to the living room downstairs. Result: 16.5 Mbps
Test Four One notebook connected to the router with a 100 Mbps connection. The wireless notebook was moved to the kitchen directly below the location in test two. Result: 14.4 Mbps
For a standard 802.11g connection, the performance measured was exactly as expected. Throughout my entire home, there was good signal strength with relatively little drop-off in performance once the test notebook was removed from the same room as the router.
Performance on the cellular side, of course, will vary with cell loading as well as the quality/strength of the signal between the cell tower and your router. Fortunately, the status page on the router, shown below, shows you the relative signal strength.
The DIR-450 3G router is easy to set up and use. If sharing your cellular data card could solve any of your networking problems, such as creating ad-hoc mobile workgroups or providing Internet access where wired broadband isnt available, the DIR-450 is a good way to leverage your investment in your mobile data plan.
Model: DIR-450 Price: $230 Pros: Several advanced routing features; easy to set up and use almost anywhere. Cons: Slower connection to Internet due to 3G backhaul.