Feeds

Linksys WRT54g 802.11g access point

An ideal office Wi-Fi system? Not quite...

  • alert
  • submit to reddit

Security for virtualized datacentres

We recently looked at a Buffalo ISDN/802.11b access point/router in a home environment. Here, we look at a similar product - the Linksys Ethernet/802.11g access point/router - but this time in a small office environment. Although Linksys (now part of Cisco) firmly aims its products at the consumer and 'prosumer' markets, the WRT54g purportedly has all the capabilities needed by a small office, and is certainly marketed as such by Linksys' resellers. The box comes as a four-way 10/100Mbps Ethernet hub with wireless access, has NAT capabilities, and a built-in firewall with port forwarding and VPN pass-through. These functions make the WRT54g rather over-loaded for a home user, but ideal for small office users. And, at under £100, it's competitively priced, writes Clive Longbottom of Quocirca.

Set up is easy. Unpack the box, plug in the external power supply and connect it up the Internet feed, such as an ADSL modem or, in my case, a GX Networks Fixed Wireless Internet connection.

The WRT54g is set up using a browser, just like most of these kinds of products. By typing in the box's default IP address, 192.168.1.1, a fairly simple set of pages is brought up, enabling you to configure details such as your ISP, whether to use encryption protocols WEP and WPA, setting up MAC address filters, specific rules for specific clients as to areas such as times of acceptable access and so on. Here you can also set up details of DHCP address ranges and any port forwarding required. The box can also be set up to be in stealth mode - making its external IP address hidden to Ping commands from outside.

The Wi-Fi operation is excellent - every card within the organisation works - whether it is an old 802.11b or a new 802.11g card, whether it's from Linksys, 3Com, Compaq, white-branded or whatever. Performance feels excellent. Although I haven't carried out any proper speed measurements, the change against my old 802.11b environment is marked. Placement of the unit seems to be only of minor consideration - a point helped by having two antennae, rather than the one found on many other boxes. The device is also stable - the old box often crashed, which caused major problems when I was away from the office.

All in all, a well-specified and easily configured solution which seems to have much of the requirements covered for a small office. Now, let's look at the problems. Well, the obvious one is that four ports do not a small office hub make - even when you are looking at using Wi-Fi. But then you can always plug in another hub to up the number of available ports - just like we have done here, with an external eight-port box for 11 ports in total.

Next is the paucity of RPC port-forwarding capabilities - the box only allows ten ports to be forwarded. Now this can be a problem: a mail-in SMTP feed requires one, as does a Web server, FTP out and POP3. What other port-forwarding functions might a small office require? Spam filters generally require a port to be opened and pointed to a specific machine.

Some Instant Messaging tools also require ports to be opened - and you may not want everyone in the company to be using the tool. Many synchronisation tools require open ports - and again may be machine-dependent as to how you want them to work. It is very nearly arrived at the point where the Linksys reaches its limit - and then there is nothing you can do but swap out the box for a replacement with a better port-forwarding capability.

But, for me, the killer issue is VPN pass-through support. The box says that it supports VPN pass-through, which is exceedingly helpful for any remote users trying to access their head office. It does not provide end-point VPN capabilities itself, but should automatically enable the passage of data from a VPN client to a VPN server within the organisation. The majority of small organisations will go for the simplest, lowest cost solution: Microsoft's 'free' PPTP VPN capability, built-in to Windows server.

Now I had this working fine through my old wireless router (a Proxima Farallon 802.11b unit). With the Linksys, everything was set up, but the connection just kept timing out. Calls to the support desk resulted in multiple new builds for the firmware, lots of jiggery pokery and being led by the hand through the set-up procedures - but no VPN capabilities at all. I could connect from inside the firewall - so the VPN was working - but any connection from outside timed out. Opening all ports to the server made no difference. Linksys finally agreed to ship a new box (against company policy, as the margins they are working against are very low), but I experienced the same problem. It seems to be that the box can't handle the GRE protocol 47 correctly. Linksys seems to think that this is a port that needs to be opened, rather than a protocol. Consequently, the initial link is made through port 1723, and the VPN server can't then create the necessary link for the tunnel.

Other problems I came up against included the inability for either of the two boxes provided to me to log any Wi-Fi activity - the log file has remained resolutely empty - and this article is being written from a wireless laptop, so I can guarantee that something has been going on over the past five months. This has not proved a major problem for me - yet. Should I suddenly have a intrusion attack, I would like to be able to see what has been happening. For many small companies, this log would be useful for tracking both incoming and outgoing activity.

For a home user, the Linksys WRT54g is a super box - it performs well, is easy to set up, and provides a with good level of flexibility for security. However, with the channel also positioning it as a small office solution, I would hesitate - the fact that PPTP VPN has not been able to be made to work for me has resulted in many hours of frustration and trying to find other ways of working (finally ending up with a VNC-based solution). However, if you do not need too much in the way of port-forwarding and VPN access is not an issue, the box would make a good base-level solution for offices of up to around 20 users.

The final point I'd make is that with the errors that I've found within the box. how secure would it really be in a small office environment? Without turning blackhat and trying to break through the box, it's difficult to be sure.

Copyright © 2003,

Secure remote control for conventional and virtual desktops

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.