Most consumer routers have a feature they call a DMZ, or demilitarized zone. You may hear networking types talk about the DMZ at work. So what is a router DMZ, exactly?
Most of us have an old router like a Linksys WRT54G laying around, or if we don’t, it’s very easy to find one–the nearest garage sale or thrift store is a good bet–but sometimes all we need is a switch, to hook up a couple more computers or other devices to a wired connection. Using a router as a switch wastes some of its capabilities, but it’s easy to do. Here’s how to use a router as a switch.
Yesterday I read, via Ars Technica, that the malware resided on cash registers (which I’d heard elsewhere before), and that the first step to getting there was via a compromised web server.
And that led to a question in the comments, that sounds like it came from an IT professional:
don’t they have their network segregated into zones!!!? It shouldn’t be possible for a web server to touch a POS system in a store….
The commenter right, it shouldn’t be. But it doesn’t need to be, either. Read more
PC Magazine published a few tips for people looking to buy their own cable modems and ditch the monthly rental fee It’s also helpful if your existing modem quit working and you need a new one. Modems don’t last forever. It also contains a reminder: Make sure you know whether your modem is just a modem, or a combination device that routes as well.
I’ve alluded in the past to why it’s a good idea to make a DMZ with two routers, but I’ve never gone into depth about how and necessarily why to do it.
If your ISP gave you a combination modem/switch/access point/router and it only supports 100 megabit wired and 54-megabit (802.11g) wireless and you want to upgrade to gigabit wired/150-meg (802.11n) wireless, here’s a great way to make the two devices work together and improve your security.
I just built a network for a friend using CompUSA’s $30 cable/DSL router/4-port switch. I’m not sure if the price was a Memorial Day special, or if that’s the regular price. Considering you can’t get a Linksys or D-Link for under $50 without rebate hassles, and usually they cost closer to $80, that’s a nice deal.
The CompUSA unit looks bland and generic–it’s brown and boxy, from the same design school as the original Commodore 64–but that’s the only knock I have on it. Hide it behind your desk if its homely looks bother you. Installing it was literally a plug-in-and-go affair. Plug in the cable modem, plug in the computers, release the computers’ IP addresses and renew them (or reboot if you wish), and they’re all on the network.
If you want to get fancy, then open the manual. You can do port forwarding, set up a DMZ, and do everything else you’d expect from a consumer router. It even includes dynamic DNS support–something the more expensive units didn’t give you, the last I checked.
I can’t speak for the long-term reliability of the unit, since I literally spent 15 minutes with it. The price is good enough that to me, it’s worth a slight risk. In devices like this, it’s the wall wart that’s most likely to fail anyway.
So if you or a friend is looking to share your cable or DSL broadband connection and there’s a CompUSA nearby, it’s worth a look.
Music, HD, Linux modem
Sick. Something you’ll (hopefully) never see: DefragCam. I can blame one of my twisted coworkers for that idea.
A sad referrer showed up in my logs yesterday. It was a search request, from Hotbot, on the string, “I’ve never had a girlfriend.” I’m pretty sure that phrase appears as part of a sentence in Are we talking about more than just sunsets? but as part of a phrase. I seem to remember writing, “I’ve never had a girlfriend outside the winter months,” or something like that. I have no way of knowing where that request came from. Probably a bored, lonely teenager. More people have never had a girlfriend than anyone’s willing to admit. Including a majority of teenagers.
It’s only a problem if you let it be one. Unfortunately a lot of people do, and that makes them vulnerable to all sorts of scum, like advertisers and fringe religious fanatics and seedy individuals, all promising things they can’t or won’t deliver.
Not that I’m much of an advice-giver (unless you’ve got a slow computer, then I’m pretty good), but the best suggestion I’ve got is to find something you’re good at. Lose yourself in that. If you’re not good at anything, find something you enjoy and lose yourself in it. You’ll get good at it. That alleviates the boredom, and it builds confidence, which makes you good at other things. Does it make girls notice you? Only indirectly. But it’s better to be a winner who only occasionally has girlfriends (and remember, ideally you should only be in a successful relationship once anyway) than to be a loser who always has a girl.
I hate to sound callous, but given the choice between having a book published to my name, or having any of my ex-girlfriends back, I’d choose the book. I wouldn’t even hesitate. When I find a girl who’s cooler than writing magazine articles, and she thinks I’m pretty cool too, then I’ll know it’s time to settle down.
I guess that’s the other good thing about losing yourself in other interests. If a girl starts hanging around who’s more interesting than those things, great. If she’s not, that’s your subconscious mind’s way of telling you to keep looking.
A new way to benchmark. Finally, there’s a multitasking-oriented benchmark, available from www.csaresearch.com . Keep an eye on these guys. I didn’t use any benchmarks in Optimizing Windows, because they don’t reflect real-world performance and they generally test your hardware, not the operating system as it stands on your machine. This benchmark uses new methods that try to take multitasking into account, so it will do a better job of reflecting how a system feels. It was like I was telling my sister yesterday. If I put two computers in front of her, she doesn’t care which one puts up better numbers. She knows which one’s faster. But with a lot of the benchmarks today, the faster machine doesn’t put up the best numbers. Or a PC might put up numbers that appear to kill another, but when you sit down to use the two, you can’t tell a difference.
Time for a review. I’ve been so critical of reviews lately I decided to try my hand at writing one myself, to see if I’ve still got what it takes.
Linksys Etherfast Cable/DSL Router
Broadband Internet connections are increasingly common, and it’s hard for a single PC to use up all the available bandwidth. Plus, more and more homes have multiple PCs, and it’s a shame to spend $50 a month for Internet access and limit its use to a single PC. A number of third-party programs for sharing an Internet connection exist, and recenolution. These devices are about the size of a hub, plug into your cable/DSL modem, have a built-in firewall, and include one or more ports. You can plug your PCs into these ports and/or plug in a hub or switch so you can support a larger number of PCs. Another advantage of a standalone router is additional security against hackers. A Unix box can be very secure, but if a hacker does get into it, he can do a lot of unpleasant things, to you or to someone else (but make it look like you’re the one doing it). A hacker can’t do much to a router besides mess up its configuration. You can reset it and reconfigure it in five minutes. So the security of one of these devices is very tough to beat.
One of the most popular standalone cable/DSL routers is the Linksys BEFSR41, also known simply as the EtherFast Cable/DSL Router. It’s widely available for around $150. The best price I could find on it was $131. I tested the 4-port version. A 1-port and 8-port version is also available. The 1-port version is less expensive but requires a separate hub or switch. If you already have one of those, you can save some money, but the 4- or 8-port version is ideal since it includes a built-in switch. I have an 8-port dual 10/100 hub; the Linksys router therefore gives me three additional higher-speed network ports, since switches are faster than hubs. Most people will probably want the 4- or 8-port version, because it’s easy to get spoiled really quickly by a 100-megabit switched Ethernet LAN.
Configuration is wickedly easy. Plug it into your cable/DSL modem, plug a computer into it, turn all of it on, configure the PC for DHCP if it isn’t already, then open a Web browser and go to http://192.168.1.1 . Feed it the factory password (which is undoubtedly documented all over the Web, but I won’t document it here as well), then make the changes you need. Most people won’t have to do any configuration other than changing the configuration password. If you want to put it on a different subnet, do it, then run winipcfg, push the release all button, then the renew all button, reconnect to the router, and make other changes if need be.
Administration is easy too. Just connect to the router via its Web interface, and click on the Status tab. You instantly get your network status. If your ISP drops your connection, hit the Release, then the Renew button. From the DHCP tab, you can tell the router how many clients to support. You can go to the advanced tab to configure port forwarding or a DMZ if you want such a thing–most of us won’t.
The only thing I had difficulty doing was upgrading the firmware from the browser interface. The router must not have liked the version of IE I was using. However, nothing stops you from downloading and running the firmware upgrade directly–as long as you’ve got a Windows box handy. Mac and Linux users may have problems there. Firmware updates seem to come every couple of months.
The firewall built into the router is unable to pass Steve Gibson’s LeakTest, but all hardware routers have this weakness–it’s virtually impossible for a hardware router to tell the difference between innocent traffic and malicious traffic caused by a Trojan Horse. However, the router passes ShieldsUp! ( www.grc.com ) with flying colors.
The speed of the connection is certainly acceptable; with me running a caching nameserver on the Linux box it replaced that machine should be able to outperform any standalone router any time. Of course this is purely subjective; the speed of the Internet changes constantly. Nothing stops me from running a caching nameserver behind this router, which will help performance significantly. Local network performance on the built-in 10/100 switch is outstanding.
Appearance-wise, it’s a solid product, made of two-tone blue and black plastic but it’s not cheap plastic. Styling is modern but tasteful–no wild colors or translucent parts. It has indicator lights up front, a reset switch up front, and ports in the back. It also has built-in legs, so presumably it’s stackable with other Linksys hardware (I don’t have any Linksys switches or hubs, so I can’t check that).
The only flaw I can really find with this router is that the MAC address can’t be changed. Some ISPs authenticate against the card’s MAC address, which allows them to control how you connect to them. It also prevents you from using this type of device. Some competing routers allow you to change their MAC address, so they can spoof that card and get around the limitation.
I read of problems using it with services that use PPPoE (PPP over Ethernet). My service doesn’t, so I can’t test this. Buyer beware.
I was disappointed that the 45-page manual didn’t have an index, but it had a lot of nice information in it, such as pinouts for Ethernet cables. It’s written in clear, plain and straightforward English. Manuals of this length and quality are rare these days.
I think it’s a decent product, but for my purposes I want something else. I don’t want something so easy to reset to factory defaults and configure. Why? It’s getting corporate use, and I want it to be complex enough to scare people away. I want the user interface of an HP LaserJet printer control panel. It’s a pain to configure, so therefore end-users don’t mess with it. I’m not sure if I’ll find such a beast, but you bet I’ll look for it.
Music, HD, Linux modem