Skip to main content

Hardware Router Need To Know 2006

Service and Content Filtering

Some users may need to control which users can access Internet services, or restrict access to only specific things like email and web browsing. For this, most all routers provide some sort of service access control (also known as "port filtering"). It works by having you first create groups of users (you actually make groups of IP addresses). For each group, you select specific Internet services (using their port numbers) that you want to control for that group.

Different routers allow different degrees of control, but you'll usually be able to limit Internet access to a programmed group of services (ports) only, or allow access to all services except a named group. When a user tries to use a filtered service, say AOL Instant Messenger, in most cases the service just won't work. This can be frustrating for the user and prompt unnecessary calls to tech support (or Mom or Dad) if the router administrator hasn't told the users about the filters.

A growing number of routers, however, display a message telling the user that their access is being blocked when they trigger a filter. Figure 5 shows a filter that blocks all users from accessing any RealAudio content.

Figure 5: Service Access Control

The average number of port filtering groupings is about four, and the number of ports that can be filtered per grouping varies. Some routers allow you to mix single ports and port ranges in the filter, while others allow only lists of single ports.

In most cases, the filters are either on or off, but some routers allow you to program a schedule for enabling and disabling the filters. The filters can also in some cases be set to make a log entry when they are triggered. The schedule programming allowed is usually not very flexible, usually limited to one time period and the ability to control the days of the week that the time period is used.

Content Control (Content filtering)

Content Controls basically are intended to control which websites your LAN users can access. This feature is similar in function to programs like Cybersitter, SurfControl, etc., but is usually much more limited in function. Some products just allow you to enter the URLs or IP addresses of websites and allow you to restrict access to just those sites, or block the sites. Other routers implement list based filtering and allow you to purchase a subscription to a filter list maintained by a third party. You also might or might not get Time of Day controls for the filtering.

Note that most content filtering features that are included in consumer routers aren't worth the space they take in firmware. The thirty or so keywords or websites you get aren't nearly enough to provide effective control over the websites your children or employees visit. And in many cases the filters are easily bypassed by entering the IP address of the desired website instead of its URL. And, of course, there are always anonymous proxy services available for most any content a user is determined to access.

If you're really serious about controlling the content and web services that your Internet users can access, you should expect to pay for a subscription-based service. One router that we have found to have decent content controls is the ZyXEL HomeSafe Parental Control Gateway.