Picking the right router for your always-on connection can be a chore. The cheapest alternative might end up costing you much more in the long run, or be useless for your needs. Here are some things to look out for.
Knowing what comes in and goes out of your connection is vital for both security reasons and resolving billing disputes, should they occur. The router you pick should offer cumulative logging of traffic (eg through SNMP) and, ideally, an easy way to access the logs. Bonus points for systems that let you set alerts, triggered if for instance the router starts to receive ICMP traffic at certain rates, or when the accumulated data volume hits a predetermined amount.
Virtual private networking
A tunnel between two routers is a convenient way to provide secure networking. If you’re planning on doing VPN, make sure your router understands the protocol you want to use — eg GRE, PPTP and IPsec.
The router stands between your computer and the wild and woolly internet. It has to be secure, in other words. Be wary of web and telnet interfaces used to configure the router: they should only be open to hosts on your internal network and not the internet. Ditto TFTP daemons for uploading firmware to the router.
Keep an eye on the router manufacturer’s website, to see if there are any security patches issued, and apply these immediately if there are.
If your router has a wireless (eg 802.11b) interface, remember that the signal is omnidirectional and can be intercepted. If you’re careless enough not to use authentication and encryption, someone could hijack your always-on connection unnoticed.
The ability to manage incoming and outgoing traffic is a must. It’s convenient to be able to do it at the router, but you need to make sure the firewall implementation is up to snuff. Often, built-in router firewalls do not offer features such as stateful inspection of packets that keep track of connection sessions.
At the very minimum, your router should be configurable to drop traffic from certain hosts and networks.