Only If Life Could Be This Simple. When is a router not a switch? When is a switch not a hub? The Linksys BEFSR41 router is replete with four switched ports, where one port will act as a pass-thru to another switch or hub. Depending on whom you ask, a switch is a router but is faster. A hub is just a slow, dumb switch. The book I read stated that a switch, in all essence, is a bridge, a piece of hardware that switches between network subnets. Clear as mud, right? A gateway, for example, is usually a router tucked away in a closet somewhere, that will direct network traffic to other switches, other routers, DNS machines, web servers, etc. A hub won't look at incoming messages (from a router or a switch) like a switch does, and retransmits the message on all of it's ports. A switch is more sophisticated, and will look at a network packet and figure out which port to send it out on. This is done purely from a speed point of view. A switch is faster, and better than a hub. So, I got real interested in the Linksys's as a "router with a built-in switch." It is a switch, but the routers' firewall activities makes it more of a real router than just a mere switch. That being said...

Security Functions - Internet security is a whole 'nother can o' worms. Hackers (if that's the right term) are basically trying to do two things when they decide to attack: get your personal information (money, secret spy tapes, etc..) or to get bragging rights. Occasionally it's something you said on ICQ. They have numerous methods to do that. Back Oriface, 'port scanners', trojan-horse email attachments, smurf attacks, Denial of Service, etc. The most interesting method hackers use is Human Engineering. People do stupid things: lose car keys (twice today), wake up with strange women after a night of booze (uh, hypothetically), and open email attachments that say, "Open this and find a surprise!-dot-VBS". Unfortunately, the Linksys can't help you out on those. 

The Linksys really has only one, but very effective, security function. And that is "Block WAN requests." Enabled this option will block ICMP echos (uh, pings) from the outside world. This, in effect, makes the router undetectable. If a hacker can't see you, they generally can't attack you. The included shots show what this looks like. Now you see it, now you don't! The downside to blocking ICMP echos is that it can reduce performance by forcing a server to send you smaller sized packets than your connection can handle. Testing the router on http://grc.com confirmed that all was well on my little home LAN. The router also has IP port filters. This feature will block all connection requests to certain ports while letting through others. So, one can set up a Web server on Port 80 and block all other ports. It also includes Port Forwarding, a very nice feature that will forward port requests to different machines. This is a 'security' feature in that you can set a webserver and an FTP server up on different machines (for pRon and MP3's respectively), where a successful attack on those ports would only bring down one machine at a time. The Linksys won't help you if you're on the recieving end of a Denial of Service attack, however. At this point in time, there isn't much any router can do to defend against a DoS. These extra 'advanced' features do require that you disable DHCP on the router. This means that you'll have to specify IP addresses for you machines. It isn't very hard to do that, but it's just another step that a user might muck up, however. Napster, I've discovered, also requires that DCHP be off so you can share your files.