Recommended: How routers work
When dealing with home network configuration, device connectivity and IoT security, it is useful to have a good understanding of what our home routers actually do, how they protect us, and how we can configure them better. Many consumer routers have less than optimal settings out of the box, so it is always advisable to inspect the settings in the configuration interface and ensure that tings are as they should be to avoid any unwanted snooping.
Rather than go into the technical details on this topic, I thought it would be useful to recommend a series of excellent animated videos which go into the details of routing, NAT (Network Address Translation), port forwarding, UPnP, and other important concepts.
This particular podcast segment is broken up into 4 digestible segments, A to D. Steve knows his stuff, and it's well worth sitting through these.
This is Segment "A" of Episode 3, Entitled "NAT Router Firewalls", from September of 2005. In this classic segment, Steve explains how and why a NAT router functions as a very effective, hardware firewall, preventing unsolicited Internet traffic from entering your private LAN.
This is Segment "B" of Episode 3, Entitled "NAT Router Firewalls", from September of 2005. In this classic segment, Steve explains how NAT routers are configured to allow unsolicited Internet traffic to pass through on its way to servers behind the router, using "DMZ" (Demilitarized Zone) logic or "Port Forwarding". Steve also points out the risks involved, since unsolicited malware could spread from the server host to other computers on the same LAN.
This is Segment "C" of Episode 3, Entitled "NAT Router Firewalls", from September of 2005. In this classic segment, Steve explains how to install and configure two NAT routers in series to create an "External LAN" and an "Internal LAN". He also shows how the resulting "Internal LAN" benefits from increased security while retaining easy, conventional access to the Internet and to the External LAN. He also suggests that the new "External LAN" could appropriately host game servers, etc.
This is Segment "D" of Episode 3, Entitled "NAT Router Firewalls", from September of 2005. In this classic segment, Steve explains "Universal Plug and Play", (UPnP) with particular emphasis on the associated security risks. Viewers will understand the basics behind UPnP's automatic configuration logic for routers and other UPnP devices. When this episode was published back in 2005, most consumer-grade routers included primitive implementations of UPnP, without appropriately revealing UPnP status or the results of automatic configuration. Since the publication of this podcast, many routers have improved their management tools so that administrators familiar with the information in this clip can monitor the risks.
Nevertheless, in early 2012, Steve reported the shocking discovery that MILLIONS of routers have been shipped with UPnP enabled, on their INTERNET interface, by mistake, leaving their users vulnerable to a very serious, new group of attacks by which unauthorized hackers could take control of routers, PCs, and appliances throughout modern homes and businesses!
