Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
FON La Fonera Router
Author: Joseph Moran Review Date: 7/5/2007
2007 is shaping up as the year of Wi-Fi sharing, with several new companies providing products and/or services in the category. Recently, we looked at Whisher, a free software utility that lets you share access to your wireless network. Another Spanish firm, FON (pronounced fahn), has a somewhat different take on Wi-Fi sharing. It's hardware rather than software, making it a solution with some notable advantages -- as well as a few disadvantages -- over the Whisher approach.
The diminutive FON router (about the size of a deck of playing cards) dubbed La Fonera, can be purchased directly from the company, and costs $40 plus $5 for shipping. Buyers referred by existing FON members can pick up the router for a mere $20, and Skype is offering a special $160 package that bundles a FON router with an SMC WSKP100 Wi-Fi Phone, plus 500 SkypeOut minutes and 12 months of Skype Voicemail (look for a separate review of the SMC phone soon).
Hardware and Network Setup
La Fonera has a single Ethernet port, unlike most routers. If you connect it to your cable/DSL modem, La Fonera is a standalone wireless router. Connect it to a LAN port on your existing wired or wireless router, and it serves as a simple access point.
One downside to using La Fonera in lieu of your existing router hardware is that lone Ethernet port: you lose the capability to use wired network devices, unless you connect them through a wireless Ethernet bridge or use a wired switch. FON will gladly sell you such a switch for $28. [We're not clear how this actually works based on having only one port on the La Fonera.]
Once the FON router is installed, you'll notice that it advertises not one but two SSIDs -- one public, and one private. This segregation of networks is one of FON's main points of differentiation over Whisher. It's also an advantage given that Whisher hotspot owners and their guests occupy the same network, a fact that has some negative security ramifications.
To enable the public side of the network -- the FONspot, as it's called -- you must first set up a user account at the company's site and then register your router using your public connection. Registration requires you to provide your name and a street address, the latter of which is published in FON's database so other Foneros (FON community members) can locate your network. Using the private wireless network is a simple matter of entering the pre-configured WPA encryption passphrase, which is printed on the underside of the device, as it also happens to be the La Foneras serial number.
When registering your FON router, you must agree to the company's terms of service, which include an acknowledgment that your ISP is authorizing you to use your connection as a FONspot. Given the attitude of most broadband service providers toward the practice of connection sharing, attempts to actually obtain such authorization may result in ambivalence if not a prompt and unambiguous No way! FON is working to get ISPs to see the error of their ways, and recently inked a deal with Time Warner Cable allowing its customers to use FON hardware with the company's blessing. Seattle-based Speakeasy, now owned by Best Buy, is also a major exception, as it expects and promotes sharing.
Free or Fee Access?
When you set up your FONspot for the first time, you must decide which kind of Fonero you want to be. You can be either a Linus or a Bill, as in Torvalds or Gates. What you pick depends upon whether you will offer your network gratis, or wish to be remunerated for access.
If you opt to be a Bill, visitors to your FONspot will be charged a $3 daily access fee or $10 for a five-day pass (or 3 or 10 Euros, as appropriate). FON handles all of the particulars of visitor sign-up (paying visitors can be other Bills, or non-Foneros, also known as Aliens), and will split net revenue 50/50. The fact that the split is net rather than gross is important, as PayPal is the only way for visitors to purchase access, or for Bills to receive their payments. Since PayPal takes a cut of each transaction, Bills can ultimately expect slightly less than a $1.50 or $5.00 take from single- or five-day pass purchased. Bills receive payments automatically each time their balance reaches $30. You can change from being a Linus to a Bill and back again as your desire for lucre dictates. If you go the Linus route, youre giving away access to other FON members, and in return, you get free access to all other FONspots.
The FON Web site offers Foneros lots of ways to search for FONspots (which it overlays atop Google Maps), and you can download a list of FONspots as points of interest (POIs) for some popular GPS navigation devices. My search for FONspots revealed them to be surprisingly ubiquitous, even outside of the big cities in which you'd most expect to find them. To seed interest, FON initially gave routers away free or charged a nominal $5, but growing popularity made continuing that practice untenable. Still, there have been reports that FON will give away a La Fonera to anyone living near a Starbucks, hoping to entice away T-Mobile Hotspot customers. FON now claims 60,000 Foneros in the U.S.
When a Fonero happens upon a FONspot, he or she finds an unencrypted network which presents a welcome Web page. Internet access isn't granted until Linuses log into their accounts or Bills/Aliens ante up the appropriate access fee. If you like to keep track of where you've been, while logged into your account, you can view a travel log that displays a list of the FONspots you've visited and how much bandwidth you've consumed at each (or cumulatively).
Hotspot and Network Administration
Whether you're using the La Fonera as a router or just as an AP, you can customize certain aspects of the device's configuration. For example, you can log directly into the router to do things like rename the default public and private SSIDs, change the device's WPA passphrase or encryption type (WEP and WPA2 are also supported), or adjust the WLAN radio settings, such as the b/g mode and channel.
FONspot owners can see stats on current or past visitors, and can modify their networks' SSID or encryption key information from the FON Web site itself no need to log into the router directly. There's a software slider control which you can use to limit the amount of wireless bandwidth allocated to the public portion of the wireless network. The two SSIDs are part of the same physical network, so the more bandwidth public users consume, the less is available for personal use. Changes performed through the site don't take effect until the router checks in with the FON's servers, though, and this can take up to 24 hours. You can hasten the process by unplugging the device and plugging it back in again.
If you're using a La Fonera as a router, you can also do some basic port forwarding, but there are few configurable options compared to a conventional router. One option is to allow access from the public network onto the private portion, which generally wouldn't be recommended, but can be useful if you have a content server you want to make available to your FONspot visitors. You can also perform a bit of minimal customization on your portal page by including a link to a Web site, Flickr account, or Google video.
It's worth noting that the La Fonera router uses open-source OpenWRT firmware. In fact, you can download versions of the FON firmware for certain Linksys and Buffalo routers. This is how FON got its start, actually. The catch is, unlike with hardware you purchase from FON, retrofitting one of the aforementioned routers only gives you the public FONspot, not the second SSID for your private use. Plus, if you get a La Fonera now, theres a new La Fontenna directional antenna attachment you can order for only $2 more with the router (or $20, if it's separate).
Whether you want to share your Wi-Fi network to make a few bucks (Bill) or just to be a nice guy (Linus), FON lets you do it with relative ease, and better yet, the segmented nature of the wireless network let you keep visitors (Aliens) at arm's length for added security. Although the price is a little steep for a limited-feature device with one Ethernet port (you may want to hold out for that second port), at least you have the potential to recover the cost over time. And you may feel good about providing some Internet access to those in need. Those looking to set up a hotspot for fun or profit should give FON a look.
Price: $39.95 Pros: Easily set up free or paid hotspots; splits wireless network into public and private segments; use with or without existing broadband/Wi-Fi hardware. Cons: Must purchase hardware (or modify your own); limited configuration options compared to typical routers; PayPal fees cut into hotspot revenue.