Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Having trouble adding a second NIC? Go
here for help!
NOTE! If your PC has
a USB connector, you can use it to add a second network!
Go here for more info.
There are two reasons for separating your LAN's network from your ISP's
network. These reasons are detailed below.
1) LAN security
The only way to keep data that is not intended for the Internet from
getting onto your ISP's network, i.e. the Internet, is to have your
LAN on a physically separate network from that of your ISP.
Multi-homing or assigning multiple IPs to a single NIC satisfies the
need for multiple IPs for Internet connection, but not the need for
keeping the data packets local to your LAN. If your data doesn't
get put onto the outside network, it can't be accessed by people
who have no business accessing your data (unless you open a hole into
your network by not properly securing
2) Avoiding problems with your ISP
a) MAC address authentication Many ISPs use Dynamic
Host Configuration Protocol (DHCP) to assign a unique IP address
to your computer's NIC or Network Adapter. They also sometimes
bind (or lock) your connection to the MAC
address that is hard-coded into the NIC that was present when
they installed your service. Each time you boot your computer
or power cycle your cable modem, the modem locks onto the first MAC
If you have your cable or DSL modem plugged into a hub along with all
your computers, then there is no guarantee of which MAC address will
be found If it's not the one that was present at your sevice install...presto!
Some people go through the trouble of disconnecting everything except
the computer that was there during installation, booting, reconnecting
everything else, etc... But do you really want that hassle?
b) control of your IP addresses Most small LANs have a single "Class
By definition, all devices on a subnet must have IP numbers with
the same prefix, for example 192.168.0. When you create your
own subnet by using a second NIC, then you control the IP numbers
that are assigned (as long as you use the non-routable addresses
designated for "local" network use, which are
If you have everything plugged into one NIC and don't install proxy,
NAT or other routing software, then you'd have to use IP numbers in
your cable ISP's subnet. Those IPs are not yours to assign
and "borrowing" them is another way to get on the wrong side
of your cable ISP, and again, possibly get you disconnected.
Let's say your cable company assigned the IP number 184.108.40.206
to your machine when they installed your modem. This means that
your machine is on the subnet 25.122.7 . There can be 254
different machines on this subnet, and their full addresses are 220.127.116.11
to 18.104.22.168 (the numbers 0 and 255 are reserved for special
Any machines physically connected to the 25.122.7 subnet must
have an IP number in this address range. If you try to assign
a number outside this range, your machine won't be able to send or receive
Internet data. If you try to assign a number that is already in
use, you'll probably get a message that says that the number is already
in use and that your adapter is being disabled or something similar.
DHCP server conflicts Most Internet sharing programs include DHCP servers that
can be enabled and used to automatically assign the correct IP address
information to your Client computers. However, as described in
item a) above, your ISP may also use a DHCP server to assign your IP
address to you.
If you don't separate your LAN from your ISP's, then your DHCP server
may try to hand out addresses to other computers on your ISP's
subnet. This is usually a quick way to get "de-provisioned",
i.e. shut off, by your ISP.
So make things easy on yourself and keep on friendly terms with your
ISP and keep your shared LAN separated from their network.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.