Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
- Mappings can now be disabled and enabled
while preserving the target IP address info.
- Added an "Enable/Disable" button to the
main "list of mappings" window. Also added a similar option to the "In-context"
popup menu. No need to "Edit" the mapping to simply change its status.
- Added ability to double-click an "ics"
file, right-click for in-context choices, or drop it onto a running
or non-running application icon. You can even drag a mapping FROM the
mapping list TO a directory, so dragging works both ways now!
- Mapping Notes that contain
a web or email link in the text it will become a live link that you
can click on to launch your browser or email client.
enable/disable dial-on-demand, select the dial-up connection used, and
change the client hangup time.
- Added Web Resources tab to Miscellaneous
window. Contains useful links to all the appropriate Microsoft Knowledge
When Microsoft released the "second
edition" of Windows 98, they included an optional component called
"Internet Connection Sharing" (ICS). ICS allows a network
of users to share a single internet connection through a process called
Network Address Translation (NAT).
ICS allows any OUTGOING connection to take
place. Therefore any client computer can surf the net, or send and receive
email. However, INCOMING connections, like those required for a web
server, are another story entirely. ICS blocks incoming connections
on all ports unless they are explicity opened.
Unfortunately, ICS does not include any
means to open or configure port access. This program, ICSCFG, allows
you to do just that. You can open or close port access. You can create
new port mappings. You can even have ICS forward incoming connections
to any interior machine.
This program was designed for network administrators,
not average end-users. An average user of ICS will do fine with only
the default settings of that program. This second release, version 1.2,
has added the ability to import and export individual mappings. Knowledgable
users can now distribute settings to less knowledgable users.
=== WHAT CAN'T IT DO? ====
There are many peer-to-peer internet applications
that will just not work on all your clients simulataneously. The best
you can get, by playing with ICSCFG, is the ability to allow ONE station
at a time to use the program. This is still better than the alternative,
disabling ICS, because your other clients can still surf the web, collect
Many applications are just not "NAT-friendly".
No matter what you do you are still sharing a single IP address. To
someone outside your network, there is no way to distinguish between
seperate ICS clients.
Some applications embed the destination
IP address inside the data that they send and receive. The only way
to continue to use sharing software is if the NAT can "strip out"
this address and replace it with the actual interior address (192.186.0.x).
ICS has some "Translations" built into it. You will see these
listed when you run ICSCFG and examine a port mapping. If none of these
work then you're out of luck: MS currently has no way of adding translations.
Hopefully they'll add this later.
=== WEB SERVERS ===
Because a web server requires incoming
connections you can only have one server on your network per port number.
ie: only one machine on your network can listen to port 80. This one
machine doesn't have to be the ICS server: simply set the ICSCFG "Target"
to the private address of the machine running the web server program.
Remote machines will connect to the PUBLIC
(exterior) IP address of the ICS server, but your own clients will have
to connect to the PRIVATE (Interior) address of the machine running
the web server. Your shared public IP address is the only internet address
that is not accessable by your interior machines.
=== FTP CLIENTS ===
You may notice an inability to use FTP
client programs while ICS is running. You can't fix this behavior with
ICSCFG because the problem stems from the odd method that this protocol
picks transfer ports. Simply configure your FTP programs to use passive
(PASV) transfers and you'll have no more problems on any client.
=== FILE & PRINT SHARING ===
Port 139 is treated specially by ICS and
may appear open even if you try to explicity block it. Because of this
it is very important that you don't have "File & Print Sharing"
bound to any TCP/IP component. Confirm this by using the Network applet
in the Control Panel.
=== A FINAL NOTE ===
This program doesn't really do ANYTHING
that you can't do by hand by editing registry settings - It's just a
lot easier. Use it as a tool to help solve some of your networking problems
but please DON'T email me asking for one-on-one help for your particular
I probably don't even use the same program
that you're trying to get working. I have a full-time job and a family
that I'd like to spend time with when I'm not working. Therefore please
direct your questions about particular internet applications to the
program vendor, or consult web resources, user communities, or newsgroups.
ask me any questions about "DialPad", which only works for
users in the USA. I live in Canada so I have no way of testing it.
*Free is always nice, but it takes
time and energy to write software, even small programs like ICS Configuration.
If you like the program and decide to use it regularly, please send $10
US to help fund additional work on it. Please mail a check to Harley
Acheson, 2427 Calais Road, Duncan BC Canada, V9L 5V5. Thanks in advance.
(All money goes directly to Harley!)
Looking for Dialpad help? Click Here!