Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
6. If you are running
a Proxy server
A proxy server is one method for sharing your Internet connection.
The pros and cons of this method are described here.
There are many different vendors of proxy software, but perhaps the most
well-known is Qbik's WinGate.
The 2.x versions of WinGate are infamous for the security problems that
they can cause. The problem is not that the program is bad, but
that it is easily misconfigured.
The 3.x versions of WinGate use a different technology that makes them
function more like a NAT-based router, and can be more secure than the
2.x versions. The 3.x Home version uses only the newer NAT-like
method, and can't be misconfigured. But the 3.x Standard
and Pro versions allow the user to also use the older, pure proxy-based
method, that can be misconfigured like the 2.x version.
The following "how-to" information applies to primarily to
WinGate 2.x, 3.x Standard and Pro
versions. But the precautions are applicable to any proxy server
that requires that you set your Internet applications (web browser, email,
etc.) to use a proxy, and should work for the newer 4.x and 5.x versions of WinGate:
Point 1: Don't enable any more proxy services
Web browsing requires only an HTTP or WWW service. Once you have
an HTTP service successfully running, you can use the WinGate
help files to enable more services. Unless you have
fairly sophisticated needs you probably won't need to enable anything
beyond the following services (in addition to the HTTP/WWW service you've
POP3 Proxy service - For incoming email.
SMTP mapping service - For outgoing email.
NNTP mapping service - For newsgroup access.
RealAudio Proxy service- if you use this service.
VDOLive Proxy service- if you use this service.
Installation of the following services is not recommended unless you
know what you are doing.
Improper configuration of these services can open your system (and your
ISP's network) to unauthorized users, cause problems for your ISP, or
both! The services with a high capability of damage are indicated
with a .
FTPProxy service - Needed if you run an FTP server to transfer
files between your computer and Web site, or maybe if you are using
some FTP client programs.
(Note! You don't need to enable this service to FTP files
to your computer using your Web browser.)
If you do enable this service, don't allow anonymous FTP unless you
really need to!
Telnet Proxy service - allows connection to another computer to run
programs and access files.
This service also allows users to Telnet to your computer. However,
you need to be running a Telnet service on your computer and Windows
95/98 does not provide one.
If you do enable this service, require anyone Telneting into your computer
to have their own password!
DNS service - Needed only if you want to run a DNS server on your
LAN. WinGate recommends that you install a DNS server for any
of four reasons:
1) You want to use SOCKS4 to access FTP or Gopher or HTTPS URLs in a
2) You want to run some other SOCKS4 capable software.
3) You have a large LAN and you want name resolution for the machines
on your LAN.
4) You want to be able to refer to 'wingate' in your client setup.
I recommend not installing this service.
DHCP service - This service automatically assigns IP addresses to machines
on your network. You must have a separate LAN, i.e. two NICs in
the machine connected to the cable modem, and you must properly configure
If you don't follow the two musts above, expect to hear from your ISP,
either before or after they disconnect you for interfering with the
DHCP servers that they use to run their network!
The basic rule of keeping things as simple as possible will serve you
well and keep your network protected.
Point 2: Control where the Proxy can be
To take care of point two, follow the "Option 1" directions
on the WinGate
security page. What this will do is set WinGate so that
it only allows service to requests from computers that are on the local
If you don't secure your site, unknown users will be able to access your
proxy server for HTTP/WWW service. Although you might not think
this level of service would be harmful, remember that lots of different
using the HTTP protocol. Even if this does no harm, do you really
want your proxy server to be serving users you don't even know, coming
from who knows where?
Point 3: Shut it off when you're not using
WinGate defaults to starting up every time you boot your machine.
It runs as a service, not a program, so you won't see it in the Windows
Task bar or even in the "Close Program" dialog box. The
latest version (2.1d as of this writing) puts up a Pop-Up when it starts,
but earlier versions don't announce they've started.
If you don't want WinGate to start when you boot your system, create
a Windows shortcut to the "Stop WinGate Engine" icon that you'll
find in the
C:\Windows\Start Menu\Programs\Wingate 2.1 folder and move it to the
C:\Windows\Start Menu\Programs\StartUp folder.
If you've done this properly, you'll see a "WinGate Stopped"
dialog box pop up when you boot the system. You can then start WinGate
when you want to via the "Start WinGate Engine" icon in the
Start Menu (contained in the Programs\Wingate 2.1 folder).
If you're comfortable editing the Windows Registry, you can delete
the "WinGate Service" key in the registry branch:
NOTE!Improperly editing the Registry can leave your computer
You may want to export that branch of the registry before you delete
the key. That way, you'll be able to restore the WinGate auto-start
key to the Registry by just double clicking on the exported file.
Point 4: Set up and Check the logs.
When you installed WinGate you let it install a logging service.
The logs are located at:
If you have properly secured your site, then when you read the logs
(Notepad or Wordpad work fine) you should see service requests only from
IP addresses or computer names that are in your network. If you
see entries from any other addresses, then unknown people are accessing
your proxy server. You should shut off the offending service or
just shut down WinGate until you can correct the problem.
If you've followed the process I've outlined, you really won't need to
check your logs, since your site is properly secured. But if you
enable more services, it's a good idea to check the logs occasionally
to make sure no unauthorized people are accessing your system.