First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
- — 10 October, 2007 10:20
- Fast connections are worth sharing
- Routing is the core of your shared network
- Dedicated devices - the alternatives
- What are the individual functions that make up the device?
- Buying a modem/router/switch
- Buying a device with an Ethernet switch
- Buying a device with wireless networking
- What about security?
- DIY vs ISP?
- Summary of features
What about security?
The router should also include firewall functionality which includes network address translation. Network address translation (NAT) allows you to share the single IP address assigned by your ISP with up to 253 computers on a local network. Each of these local computers has their own IP address which is not visible on the Internet. It is also possible to control the data passing through NAT with filters.
Additionally, routers can offer Virtual Private Networking (VPN) and advanced firewall features such as Stateful Packet Inspection (SPI), Public Key Infrastructure (PKI) and Intrusion Detection Systems (IDS). Although not everyone will need these, it is worth knowing what they are before buying a router without them.
Virtual Private Networking: A virtual private network (VPN) is a combination of security measures that allows authorised users to access resources on a local network via the Internet. Because it utilises encryption technologies such as IPSec, data passing to and from the network is protected from being exposed to unauthenticated users. Some broadband routers will include VPN features that allow you to access your network via the Internet. This is not a feature that everyone needs and, if you aren't going to use it, it should be disabled as it does pose a potential security risk. If using a VPN is something you would like to do but have not previously considered, bear in mind that some routers offer full VPN server capabilities while others only allow VPN pass through. The latter is only useful if you are running VPN software on your network, as it simply permits VPN packets to pass through the router unaffected. An integrated VPN server, however, can be configured to allow access to the network from the Internet without the need for any software to be installed or configured on your computer.
Stateful Packet Inspection: This is an advanced firewall function that analyses the contents of data packets, allowing filtering to be performed not only according to predefined rules, but to dynamic assessment of the data as well. One example of SPI is to prevent port scanning, a technique often used by hackers to locate security holes in computers by searching for services such as HTTP, FTP, Telnet and peer-to-peer servers. Consequently, SPI provides an extra level of protection required by any permanently connected network, so if you are deciding between two otherwise identical routers, go with the one that supports it.
Public Key Infrastructure: PKI is a means by which two computers can communicate securely without the need for a secure channel over which a shared password must be transmitted. Instead, key pairs are used to encrypt and decrypt data to and from the recipient. The use of PKI in domestic and small business routers is usually limited to the VPN features of the device, which means that passwords are never compromised by being sent over the Internet. Although PKI is an advanced security measure, it will probably not be used by your network unless you configure VPN connections to capitalise on it.