|
The Broadband Router
Features Guide
Router Administration
 Most broadband routers have web interfaces these
days. Just point your browser at the router and away you go. Sometimes
these admin interfaces to not encompass the full range of router features
and must be supplemented by occasional telnet sessions. Additionally, a
few routers require Windows applications to administer them making them
unsuitable for Mac and Linux only networks. Web Administration
Administration through a web interface is
almost a must these days. Not every administration interface is perfect
though. For instance, some routers require you to telnet to the router to alter
some built in filters - no web interface is available for these functions.
Telnet interface
administration
Telnet is an old communication method built
into most operating systems. From a command prompt, type 'TELNET
192.168.0.1' or whatever your router IP address is to bring up the text
interface. Sometimes telnet interfaces expose much more functionality in a
router than what is available in the web interface - occasionally to the router
operating system itself.
Windows Application
Some routers require a Windows application to
configure them. If you only have Mac or Linux computers, this kind of
router is not suitable for your network. Routers that require windows
applications often have advanced features unavailable in web interfaces
like detailed logging.
SNMP
Some routers also expose SNMP interfaces. SNMP
(simple network management protocol) is a standardized interface for
networking products. There are many programs available that allow you to
manage SNMP devices. SNMP management would be considered ‘expert’ level
administration.
Remote Access
With remote access enabled, you can administer
your router over the Internet. This is done using a web or telnet
interface depending on the router - sometimes both. If remote access is available,
be sure to keep it turned off for security reasons.
Custom Ports
Some routers allow custom web or telnet ports to be
set for remote administration. This makes it hard for people to stumble on
the administration screens of your router from the internet.
Restricted IP ranges
Some routers allow you to set specific IP address or
ranges that are allowed to administer your router remotely. This adds
another layer of security to your setup.
Logging
So you have a firewall in
place, but how do you know it is doing it’s job? How can you tell if
someone is making a concentrated attack 
on you? LOGGING. This is an area that many broadband routers
ignore. Most of them have a single page of 40 or so of the last entries
and that's it. Correct time
A common overlooked feature of routers is the time!
Without a proper time, your can not tell when attacks came in and
therefore can not report them to your ISP. Some routers auto-synchronize
to the system time of the computer doing the administration. Other smarter
routers can sync to time servers on the internet. Others don’t let you
configure the time and have clocks reset when the router is powered down
(yikes!)
Downloadable Log
A rare feature in routers is a downloadable log
file. A couple routers out there will let you transfer the log file to
your computer for storage and analysis.
Log Size
How large of a log does the firewall hold? Most do
not have much storage so the log file is small. Another thing to watch for
is a log file that clears when the router power is cycled.
SNMP Trap
The best method of logging is done with what
are called SNMP traps. Some routers allow you to send a special message to
a computer on your lan that 'listens' for SNMP messages. Freeware
and shareware trap revievers are available and provide the best level
of logging detail and flexibility. ' Of course your logging computer must be
turned on to receive these messages. (SNMP is simple network management
protocol).
Syslog
Some routers will broadcast their logs in
unix syslog format. Like SNMP traps, programs can be run that will listen
for these syslog messages - even under Windows.
| 
Menu:
