Broadband router help: Secure your network with your router's firewall
Before you go any further - do you know how to reset your router and setup the broadband? If anything goes wrong, you might need to know your broadband username and password, as well as some other details, so ensure you have a note of any important information - this means you can easily recover the old settings if you're forced to restore the router's factory settings.
A firewall is the filter between your computer and the rest of the world. It blocks unsavoury traffic and allows the good stuff through so you can go on web browsing and downloading while viruses and hackers are (hopefully) repelled.
Every version of Windows (from XP service pack 2 onwards) now includes a basic software firewall, which we'd recommend leaving enabled as it offers a reasonable level of protection, doesn't cost any money and is generally non-intrusive. Some people use a third-party firewall app which offers more functionality, but for most of us it's unnecessary, especially since any broadband router will include a built-in firewall.
The firewall on a router is a strong defence against outside threats, and one big advantage is that it offers protection for your entire network and every machine connected (both wired or wireless) comes under its umbrella.
You shouldn't need to do anything to set it up, either. The firewall will almost certainly be enabled out of the box. You can test the security of your firewall and other security tools by visiting Shields Up!, a handy little site which will safely examine your connection in a variety of ways.
Configuring the firewall
Should you want to have a play around with the firewall then you'll need to login to the router's admin area – check the previous router article to find out how to do this.
The way in which a router handles and displays the firewall will vary between makes and models, but most should have similar features even if the presentation differs. For ease of use the O2 branded Thompson router has three security settings on offer: BlockAll, Standard, and Disabled.
BlockAll simply blocks everything, allowing no incoming or outgoing connections. Standard is the default and allows outgoing traffic while blocking incoming connections, offering a good level of security without stopping you from doing normal tasks. Disabled just switches off the firewall entirely which can be useful if you suspect the firewall is interfering with something, though I wouldn't recommend leaving it disabled for too long without putting in some alternative security.
For more control it's possible to create a new security level and edit the settings (or edit the settings of existing security profiles on some routers). That's not something everyone will need to do, but it can be useful to know if your router does not come configured in 'stealth' mode.
Stealth mode means your router blocks ICMP traffic, which is a type of connection used by scanning programs to examine computers over the internet. With ICMP blocked your PC is invisible to scans. Any half-decent modern router should do this already, but check using Shields Up! and configure it manually if necessary.
Routers will also include logging which records attempts at accessing your network. Security logs list events under arcane headings such as 'tcp syn scan' which won't mean anything unless you're well-versed in networking, but you can see the effects of a scan on your system by using the Shields Up! site then examining your logs. Routers can also record activity like attempted logins, so you can see if someone has been trying to login as administrator.
Sometimes you may find your firewall is blocking a program you need, which is where port forwarding (which may be called game and application sharing, or similar) comes in useful. By setting up a program for port forwarding you're telling the router firewall to allow the connection to pass freely through the security barrier.
As usual the method in which this is done will vary depending on your router, you might be able to choose from a pre-set list of common games and applications, or have to do it yourself from scratch, but luckily we can point you in the direction of a very useful web site. PortForward.com has an enormous list of routers plus clear step-by-step instructions showing how to to set them up for many programs and games (including Xbox and Playstation).
In a previous blog post I also mentioned how you login to your router using an administrator password. However, some routers may have an additional level above administrator. For example, O2 routers have a 'SuperUser' login with the password 'O2Br0ad64nd' which allows a greater level of control and detail that's helpful for advanced users. Another common one is BT routers, which have you log in as a basic user by default but allow you to switch to an administrator account in a couple of steps.
This is common on branded routers, as ISPs don't want us bumbling around in there changing important settings, but a quick Google search will reveal any hidden extras.