Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
There are some good guys out there who will, with your
permission, scan your Internet connection and give you feedback
on how secure it is. These services are free and usually
involve going to a web page and clicking on a button or filling
out a form to get things started. The service will then
check your connection to see how secure it is, and give you feedback
on what it finds.
If you're unfamiliar with networking terminology, some of the
feedback can be confusing, and make you even more paranoid than
you already may be! However, the ShieldsUp
site contains excellent explanations of virtually everything involved
with securing your LAN against intruders, so there's no excuse
for being uninformed!
The security check programs all do their work by attempting
to connect to your system, just like a cracker would do.
If you are on a corporate or other network that is administered
by someone else, it would be a good idea to not use these programs.
They could cause security alerts and create unnecessary work for
your IT department!
ShieldsUpThis is the place to go for virtually everything
related to securing your LAN! Lots of excellent explanatory
material and very good NetBios and Port Scanner utilities
that give clear feedback. Pretty fast, too!
HackerWhackerruns checks on NetBios, open common TCP and UDP ports,
webserver vulnerabilities (mostly CGI based), and will even
ping and traceroute your IP address to test for packet loss.
You can select which of these tests you want to run.
The bad news is that the port scans can take 30-60 minutes
12/99 The site has
been changed so that you don't have to remain online if you're
a dialup user. They also have a mini-scan option that
completes in under a minute, and have a Telnet scan that will
attempt to get around proxy servers.
Also requires that you give them an email address, where they
mail a scancode that is required to perform a scan.
If you're running any form of Windows and you
are sharing files and/or printers, I suggest you use this security check (courtesy of I&C Consulting
in Germany). It can take awhile to run, so be patient!
This page will perform a number of security-related checks
on your system (you can control which ones), including checks
for NetBios (Microsoft Networking), Back Orifice and NetBus. If it's successful, you've got some
work to do to secure your LAN!
Port monitors are programs that you install
on your computer. They are simpler than the Personal Firewalls
in that their main purpose is to detect incoming port scans on
your computers. Some also shut down an unauthorized scan,
but for that capability you usually need to use a firewall.
Trojan cleaners primarily look for Back Orifice and NetBus.
If you use Norton AntiVirus, or McAfee VirusScan and have a recent
1999 copy and have updated your virus database, you probably don't
need to use a Trojan cleaner, since Trojan detection and cleaning
has been added to those programs.
NukeNabber sets itself up to listen on TCP and UDP ports commonly
attacked over the internet. A total of 50 ports can be monitored
simultaneously. ICMP dest_unreach attacks are now logged.
It is designed to give you the information you need in order
to trace an attacker including a method of finding an attacker's
nickname on IRC (mIRC, VIRC and PIRCH clients are supported).
The Cleaner [$20 after 30 day trial expiration]
Detects and gets rid of over 120 "Trojan Horse"
Firewalls / Intrusion Detection
No matter how you protect the Internet/LAN border, you may need to add
another layer of security by using a software personal
firewall. These programs must be run
on each computer on your LAN that you want to be protected.
They monitor network activity and protect against unauthorized use
of the Internet by programs that manage to get onto your LAN's computers.
You should consider adding this additional layer of security if:
You are opening/forwarding/mapping ports to any LAN
You have a computer running in DMZ (outside your NAT
You have been a victim of an email attachment virus attack,
i.e. "I Love You", Kournakova, etc.
These programs can be a bit of a pain to get correctly
configured, but when they reveal something going on in your network that you
didn't know about, you'll be glad you installed them!
I have not tested or used any of these products, but Steve Gibson
fame) has and you can check his thoughts about them here.
If you are running programs like Dialpad, ICQ, NetMeeting, online
games, etc. pay attention to the installation instructions for
these programs. You will probably need to configure the
program to allow those programs to work properly. You
might also have problems with File and Printer sharing, too!
If you have problems running any of these applications, try
UNINSTALLING the Personal Firewall product you're running.
Free for personal use.
This is the new kid on the block and is generating a lot of
buzz in the press for two reasons:
It's FREE (there's that magic word!)
for individuals and non-profit groups.
It controls outbound (as well as
inbound) Internet access.
Aside from the free "feature" of this product,
the outbound access control means that if by some chance you
did get a Trojan
or "spy" program onto your computer without your
knowledge, ZoneAlarm would prevent it from sending any information.
There's also ZoneAlarmPro, which for $40, gives
you more customization features than ZoneAlarm
Personal Firewall (for Win95/98/NT/2000/Me)
Free for personal use. $40 for business.
Newer product from the makers of WinRoutePro.
BlackIce Defender (for Win95/98/NT/2000/Me)
This product has had good reviews in PCMagazine and good comments
in the newsgroups.