Ultimate Router Guide: How to Optimize Security and Performance
Posted 10/06/09 at 10:00:00 AM by Justin Kerr
Comments
Print
Email
Home broadband routers are remarkably complex devices that few ever take the time to truly understand. As long as the lights are blinking, and webpages load, most people are inclined to leave them be. The few brave souls who venture into the firmware are often rewarded with a maze of menus that betray the true complexity of these underappreciated appliances. Wireless channels, security modes, and even port forwarding can be frustrating concepts for those without a networking background, but are absolutely critical to understanding how to optimize your home network. In this guide we will teach you the finer points of security, as well as give you surefire ways to boost your router's wireless range and optimize performance.
image credit: pceasycare.com
Why are Routers so Important
When most people think about online security, they often assume virus scanners, spyware detectors, and even firewall software are the most important weapons to level against those who would seek to exploit their machines. In reality, the router is one of the most powerful tools in your arsenal, and it rarely gets the credit it deserves. If you actually took the time to look at the raw data coming in through your broadband connection, you would be shocked at just how much background noise is constantly bombarding your machines. Unpatched PCs from around the world form sprawling bot nets designed to spew forth exploits both old and new in hopes of finding vulnerable targets.
Prior to the days of Windows XP SP2, machines plugged directly into the internet would often fall prey to these exploits, and would become infected simply because they were left on, and were connected to the internet. With the introduction of the firewall in SP2 the world literally changed. Windows now comes with this feature on by default, and drops unsolicited traffic coming into your connection. The Windows firewall isn’t perfect, but it was still a huge improvement.
Think of your router as an upgrade on this basic concept, and in reality, it makes for one of the most powerful firewalls money can buy. Forming an invisible barrier between you and the net, routers drop incoming packets that you weren’t expecting, and is much less vulnerable to exploits that would seek to poke holes in your defenses. A good router not only drops incoming packets, but it also refuses to acknowledge that an active connection even exists. This simple, but powerful difference between routers, and many software firewalls, provides that extra bit of security that can mean the difference between a virus poking around on your machine, or moving on. The Windows firewall is still important, but these days it should only be used as a secondary line of defense.
Let's Start with the Basics: Terminology
MAC Address
This string of letters and numbers is a unique identifier applied to all networking components. Think of it like a serial number that can be used to identify machines or devices on a network, even if their physical location or connection point changes.
IP Address
This is essentially your phone number within a network. An IP address doesn’t necessarily only come from the Internet, each and every device that connects to your home network also has a unique IP address within the routers network. This is how a router is able to share a single Internet IP address, but share it with multiple devices across its various connections.
DHCP Server
Dynamic Host Configuration Protocol servers are built into every router, and provide each device with IP addresses, default gateways, domain names, DNS servers, etc. The most important thing to know about DHCP is that this is how your router manages IP addresses.
Latency
PC gamers might know this better as ping. It is a measure, usually in milliseconds, of how long it takes your data to get from your machine to its destination and back.
How Do I Access My Router's Settings?
Every router is going to be a little bit different, but most can be accessed from your web browser by entering in 192.168.0.1 or 192.168.1.1 into the address bar. Once done, you will be prompted to enter your user name and password, which if you don’t know it, is probably just the default. Many routers come stamped with this information on the bottom but if not, here is a link to your one stop shop for all the login info you’ll need. Generally your user name will always be either “admin” or “administrator” and your password will either be the same, or try leaving it blank.
Know your password? Skip ahead to the next step.
If you’re still locked out of your router and are unable to login, examine the hardware itself, often times you’ll find a manual reset button on the device that will restore it to factory defaults. This is a great way to unlock your device, but beware, more often than not this step will also clear all of the routers settings as well. Here are a few tips to make sure you do the reset properly.
1.) Always hold down the reset key for at least 30 seconds, or until the indicator lights give you the impression that the reset has taken place.
2.) Some routers require you to unplug them prior to trying a hard reset.
3.) Always wait at least 30 seconds after plugging in your router before trying to reconnect.
Ultimate??? LMAO I think not!
Submitted by IFLATLINEI on Tue, 10/06/2009 - 1:53pm
As already stated this is nice for the novice but even still these guides are a dime a dozen. Maybe the article writer should have done a google search. He would have seen them all over the place. Not to mention most of this stuff can be found right at the manufacturers site.
The Ultimate router guide would have included so much more that you cant get anywhere else. Like actual test results for a number of different brands and models. It would cover things like how many consumer grade routers fail to follow your port forwarding instructions 100% of the time or that you can DMZ a PC or Console and still have ports blocked. Or how quickly these things are overloaded.
Funny how testers will tests the living crap out of a Processor, HDD, Ram, but put out junk like this for a router guide. Isnt it time to expose these router companies for what they really are? Show the consumer how and why wireless really isnt for what they think its for. Like gaming.
Submitted by pfjaco on Tue, 10/06/2009 - 10:00am
Come on Guy's the easiest way to add more RJ45 ports is with a network switch you can get them up to 1 Ghz with 4,8,or12 ports, or more if you go with an enterprise unit; plug the uplink from the router into port 1 of the switch (or the link port if one is specified) and and you're good to go with no IP address hassels; you can even stick a WAP into the switch if you need another wireless point.
This is a "router guide"
Submitted by Justin.Kerr on Wed, 10/07/2009 - 8:25am
This is a "router guide" not switch guide, but yes using a switch would be easier.
I would however qualify that by saying going with a new switch won't save you any money, and is less versatile in the long run. Not only that, but your more likely to have a spare router kicking around from a previous upgrade than a spare switch.
Submitted by thefuzz4 on Tue, 10/06/2009 - 9:41am
Of cours in windows if your wondering what networks are around you for finding a clear channel you can use net stumbler.
But for us linux users out there I recently discovered a very awesome tool called kismet. Kismet will not only sniff out all of the wireless networks out there but through packet sniffing will also find out the names of your networks that are not broadcasting. I found a neighboor who was not broadcasting and also had their network wide open I couldn't believe they went the step of turning off the broadcast but didn't lock it down that was about useless. If your a linux user try out kismet it's a little tricky to get setup but one it is, it's awesome.
Submitted by mrvander on Tue, 10/06/2009 - 8:37am
First off, good article. Articles like these are the reason I come to MaxPC.
You write contradictory statements though early on. You write,
"...but the trick to security is to always keep your attackers guessing. Many routers give you the ability to make the wireless network
invisible, but don’t bother with this feature. Setting your network to
invisible might keep people from accidentally latching on to your
connection, but anyone using the right tools can find it easily."So you say to always keep attackers guessing then in the very next breath, say to ignore a feature that adds yet another layer of "guessing. That's just silly. Of course, if you're securing your router and don't need to broadcast it, why not turn off broadcasting? You know the SSID and as you say, the trick is to keep the attackers guessing and each layer helps.
Turn off that broadcast and maybe your neighbors more visible router will be attacked and not yours.
Submitted by Justin.Kerr on Wed, 10/07/2009 - 8:30am
My point was simply that it dosn't offer (any) security beneift, and isn't worth the hassle.
Keep them guessing at your password, not your SSID which is being broadcast in the clear even if you turn it off.
If I may say
Submitted by WarCrime342 on Tue, 10/06/2009 - 2:22pm
If I may say I think the point he's trying to get at is that it's not worth the headache or the effort to make it invisible if an intruder just side-steps with a click of the mouse. I've had my fair share of devices that have issues connecting to invisible Wi-Fi networks and it's not very practical to put into use in order keep out a hacker. Having a password and MAC Authentication list would be enough to keep unwanted roamers from connecting.
Too rudimentary in regards to security.
Submitted by UndeniablyPC on Tue, 10/06/2009 - 3:54am
This article is pretty much useless in regards to security IMO.
Yea, it does tell you to change the default password and does tell you that essentially that WPA2 is the only way to properly encrypt a wireless signal without compromising security, but it really doesn't provide ample coverage in regards to the actual firewall settings in order to lock the router down.
In the matters of the router firewall it fails in my opinion to talk about stateful packet inspection, and how to properly configure your ports to allow only specific types of traffic through. Yes, port forwarding and QoS are important features, but they do nothing when it comes to the actual security of the network.
Also, in the area of security they should have mentioned the fact that users should only have a certain number of IPs allocated to their internal network, i.e. if you are using only 3 computers, only give your network a grand total of three IPs. Also those IPs should be associated with the specific MAC addresses of those machines. This way if someone does happen to find the network, they are unable to obtain an IP on the network. These steps are prudent when you are dealing with both a DHCP and static IP architecture. IMO.
But, I will digress and give you guys credit where it is due, as this guide will help the novice get a little better understanding in regards to the settings of their router.
Submitted by Saltboy on Tue, 10/06/2009 - 4:34am
Spoofing a MAC address is a cake walk. It really is a waste of time as that is the first thing a person that knows what they are doing tries. Right now, WPA2 is about all that is useful for keeping folks off your network.
Submitted by Justin.Kerr on Wed, 10/07/2009 - 8:37am
If Mac address filtering is your only means of security, it's not enough, and is easily defeated. On the other hand if you have a strong WPA2 implementation, this is an unnecessary step. To each their own.
Submitted by ironorr on Mon, 10/05/2009 - 11:17pm
A really easy way to find out what WiFi channels your neighbors are using is to use this command in Windows:
cmd /k netsh wlan show networks mode=bssid
It's not as pretty as the GUI example you showed, but it gets the job done quickly.
Submitted by Justin.Kerr on Wed, 10/07/2009 - 8:38am
Great tip, thanks!
Submitted by whr4usa on Mon, 10/05/2009 - 9:30pm
potentially extremely useful article as per usual MaxPC!
noticed a couple errors on terms and grammar (I agree with first poster Lolz)
W-LAN, WiFiLan OR WLAN but not just WAN
wireless networks are still Local Area Networks but a WAN is a Wide Area Network is owned and maintained by a single ISP (usually) even if its resources (bandwidth, server clusters etc.) are shared or contracted out
you won't find any accurate home wireless networking information by googling (...or Binging) 'WAN'
also a router having a DHCP server has little to do with sharing an Internet connection (ICS or NAT ring a bell..?) 192.168.0.x & 192.168.1.x are Class C Private IP addresses which esidential routers won't route, they just get looped/broadcast back across the network from which the original signal came which can eat up bandwidth at regular intervals, hence the reason for including a DHCP server for efficiency and better management but not in any way enabling the sharing of that priceless Internet connection
one more 'also' lol to implement that router stacking solution you must or rather 'should' (network appliances keep getting smarter so what do I know anyways?) set the gateway in each of the stacked routers to the static IP of the router closer to the Internet than them in terms of wiring or physical connections so that the Internet connection is directly processed instead of adding overhead to the routing firmware (this assumed you plugged the more distant routers into each closer router's main port labeled "Internet" (usually, aka physical residential gateway port)
confuse anybody yet?
Submitted by ironorr on Mon, 10/05/2009 - 11:37pm
Yeah, I'm guessing you will confuse many people with that garbled mess. Jesus. Did you even read that before you posted it? Do you not feel like a total hypocrite for commenting on the author's grammar?
I'm actually very surprised
Submitted by DBsantos77 on Mon, 10/05/2009 - 9:04pm
I'm actually very surprised to see so many networks using WEP.I'm also surprised that devices like the Nintendo DS Lite vI require a WEP password for online play..
-Santos
That was a good reminder for
Submitted by lunchbox73 on Tue, 10/06/2009 - 6:18am
That was a good reminder for me. I had to downgrade to WEP a couple of years ago when I bought a DS for my kid's xmas gift. Now that they don't use it any more I can ratchet back up to WPA2.
Must Read Articles
Feature
Review
Feature
Feature
Feature
Most Popular Articles
This Month's Issue
FEATURE How to Get FREE Programs, Services, Software & MoreFEATURE Digital Photo Printer RoundupHOW TOBuild a 3D CameraFEATUREDIY Arcade PCWHITE PAPERHow TRIM Works
Technology News
Computer Cooling Fans
Computer Cases
PC Game Controllers
PC Games
Computer Hardware
Headphones
MP3 Players
Stream Video
Computer Mouse
Monitors
Motherboards
NAS Storage
Networking
Laptop Computers
DVD Burner
Digital Cameras
Portable Storage
Computer Accessories
Smartphone
Antivirus Software
Sound Cards
Speakers
Computer Systems
Thumb Drives
Video Cameras
Video Card Reviews
Water Cooling
Gadgets
- Keyboards
© 2009 Future US, Inc. All Rights Reserved.