Routers are distinguished by features, price, and speed. The more security, the safer your network.
This document describes the security features from basic to advanced.
NAT (Network Address Translation):
NAT shares a single-user Internet account between more than one computer on your local network. Only the single IP assigned to the router is visible from the Internet. Unless the router is configured to forward incoming traffic to a particular computer (with Port Forwarding or a DMZ), local computers are not reachable from the Internet, making them more secure.
An ISP may charge for additional addresses. NAT gets around this problem by effectively making all the computers on your LAN appear as a single IP.
See the online article What is NAT (Network Address Translation)?
Static content filtering:
Static content filtering blocks browser access matching against keywords in the Web site's address (but not on the Web page's content). You can list up to 256 words or characters. All Web site requests from your network are then checked. For example,
- If "badstuff" is a keyword, then www.picturesofbadstuff.com is blocked.
- If ".com" is a keyword, then only sites with other suffixes (like .edu, .gov, etc) can be accessed.
- If "." is a keyword, then all Web sites are blocked.
Filtering can be set for particular times of day and days of the week. For example, you might not want chat rooms accessed during business days or schooldays.
Stateful Packet Inspections (SPI):
While the above measures are enough for basic protection, routers often monitor a wider range of activity, such as patterns of traffic and the type of application sending traffic. With SPI, the router looks at individual packets for patterns similar to known hacker techniques, such as Denial of Service (DoS) attacks, Ping of Death (illegal ping packet sizes or excessive ICMP messages), SYN Flood, LAND Attack, and IP Spoofing. For example, Ping of Death attacks are avoided by dropping packets larger than the allowed IP size.
With SPI, the router keeps two logs — a log of Web sites visited by the local computers, and a log of attack attempts. The router can be configured to email this list to you. For information on logs, see Using NETGEAR Router Logs.
SPI is also known as dynamic packet filtering.
True firewall router:
NETGEAR's firewall routers also block access to specific Internet services, such as chat or games.
Last Updated:04/27/2023
|
Article ID: 1091