“ TRENDnet's TEW-431BRP 54Mbps Wireless Cable/DSL Router allows you to work where you want to by delivering high-performance wireless networking to your home or office. The TEW-431BRP includes a 54Mbps wireless access point, 4 x 10/100Mbps Switch and an Internet router all in one. The router complies with the IEEE 802.11g standard for assured compatibility with both 802.11g and 802.11b devices. Advanced wireless security supports up to 128-bit WEP encryption. Restrict Internet access to groups or individuals based on specific services, URL or Time/Date. Cut the wires and roam free knowing your information is secure with TRENDnet's 802.11g wireless products. „
Buying a TrendNet product is chancy at best. They do not, as a matter of business practice, support their Chinese products. I sent them four UNANSWERED requests for support and got nowhere with them and their phony telephone support number. As near as I can tell, both the product AND the installation CD are faulty. What did TrendNet do about it? Nothing. I suppose getting the word out about this bad company OVER their self generated high praise is going to be difficult. Best to stay away from this dis-reputatable company.
Before dealing with the review of this product I have started with an explanation of why I felt it necessary to buy it at all. It does explain in as straight-forward a way as I can how accessing the Internet from Home Networks, work. If you know all this stuff or aren't really interested, jump ahead to "The Review".
If you have read my review of :ntl you will know that I have signed up for Broadband after years of accessing the Internet through various dial-up accounts.
The way that :ntl registers the use of its services means that only the computer originally registered can connect via the cable modem. If you want to use a different machine then you have to go through the configuration process again on the new computer. This also means that the original computer is no longer authorised.
The reason is that the registration process stores on the cable modem unique information about the computer. All Network Interface Cards (NICs) and that includes the built-in network ports on things like laptops, have a unique identifying code, or at least, it's supposed to be unique. It's called a MAC address (Media Access Control). Not just computers, all Ethernet network devices have them.
The MAC address is a 12-digit hexadecimal number. It is made up from the numbers 0 to 9 and letters A to F, representing the decimal values from 0 to 15. It is usually split into 6 pairs of 2-digit numbers, separated by colons or dashes, for example 00-0A-56-FE-12-00. On Windows95, 98, 98SE and Me you can find out what yours is by running the winipcfg command and on NT, 2000, XP etc by running the ipconfig /all command.
So, continually swapping computers is not an option. With the later releases of Windows you can use one machine as a gateway and enable all the others to connect via that one. It's called Internet Connection Sharing. This is very popular with Dial-up. However, it does mean that that computer has to handle the network traffic load of all of the computers on the network and has to be on all the time.
A better solution is to have a dedicated gateway between the Internet and your network that doesn't just enable access for all of the computers but will also act as a sort of "bouncer" at the door, to keep out unwelcome visitors. I'm sure you know who I mean.
When you are running a single computer with a direct connection to the Internet, that "bouncer" is usually a Firewall. This piece of software installed on your computer that examines every attempt to access your computer from the Internet and determines whether or not to let them in. You can decide to allow it to do so or not but usually it simply bars any access that isn't a result of you initiating the connection in the first place. In the past I have used Computer Associates eTrust Firewall (very good but no longer available) and Zone Labs' free Zone Alarm (also very good but now owned by Check Point Software Technologies).
For connecting a network of computers the best solution is not software but a hardware device, a Router. A router is a device that sits between two networks (in this case the Internet and your home network) and allows data to flow between them. In doing so it can effectively "hide" the information about the home network, making it appear that only one computer is actually connected.
Routers have been around for a long time. Up until recently they have been very expensive but then again most have been designed to handle simply unimaginable volumes of data. They are for connecting business networks where transactions run in the billions, far, far more than any home network is ever likely to need.
With the advent of the Internet but, more especially, with the switch from Dial-up to Broadband, routers for home networks have emerged. They have become necessary because, unlike dial-up, broadband connections are always on, so vastly increasing the vulnerability to attack.
With increasing competition, home broadband routers are becoming cheaper and cheaper. Models can now be found from manufacturers such as Netgear, Buffalo, Belkin and Linksys to name but just a very few. Most are in the range from about £50 to over £100. How much depends very much on the facilities that they provide.
Also, the Internet or PC World are no longer the only places from which you can buy these things. Whilst mooching around my local B&Q I was surprised to discover a whole section dedicated to computer stuff and in particular computer network stuff, all at quite reasonable prices, certainly, in most cases, cheaper than PC World.
So, I needed a router, but what type? Well, I needed one that supported both wireless and wired connections. I have a company laptop that provides wireless network connectivity. Although I "plug in" at work, at home I wanted to be able to work anywhere in the house (or garden!), even where I might not currently have a wire poking out of the wall. It needed to have a number of other features as a well.
Amongst the boxes in B&Q I noticed one that advertised itself as being the TRENDnet TEW-431BRP Wireless 54Mbps Cable Home Gateway. It also said it had "Firewall Protection". Price was around £80. A quick read through its other "assets" indicated it had everything I was looking for, so I bought it.
Now that may sound expensive and there are cheaper devices on sale now however, bear in mind that I bought mine well over a year ago. It has taken Dooyoo that long to post this category so that I could write this review.
I have never heard of Trendnet but a look at their website (http://www.trendware.com/en/) indicates that they are a US company and that they seem to have a lot of products to their name. The back of the box indicates that they have a local UK support organisation by UK phone number at local call rates, and a support website (http://technical.philex.com/).
So, having made my purchase, how easy was it to install? Very easy as it happens. The router comes with a power adapter plug and an Ethernet cable. I plugged in the computer with which I had registered my access to the cable modem. It connects to one of four network ports for wired access.
These are autosensing. This means that they can detect if the NIC in the computer connected to it is able to run at up to 10Mbps or 100Mbps and switches to deliver data at the required speed automatically. The other three ports can be used to connect other computers or to connect to a network switch(s) if you want to connect more than four computers in total.
As you will probably have gathered, 100Mbps is ten times faster than 10Mbps, which is a "Good Thing". You might wonder why since the data is only being delivered to me by ntl at 300Kbps? This is true but you also have to consider the future. Data rates are going up all the time in response to competition, especially from the ADSL providers like BT and Wanadoo. 300Kbps today, 300Mbps tomorrow?
Also, the higher rate is available today for data moving between computers on the home network, such as backing up data to another machine. You do regularly back up your data don't you? No data can truly be considered "safe" unless it is saved in three different places, believe me.
The cable modem is plugged into the WAN port (Wide Area Network, in this case this means the Internet). This is just another Ethernet cable connection, exactly the same as for the home network. All we have to do now is configure the router.
This is very easy. The router has its own web server built in and so configuring and administering the router involves nothing more complicated than firing up your normal web browser (e.g. Internet Explorer) and typing in the address of the router. Since the router doesn't have a Host Name, the address is in the form of an IP address (Internet Protocol address - a unique identifying number assigned to your computer). In the case of this router that's http://192.168.0.1.
The 192.168.0.n series of IP addresses are all private within a home network and cannot been seen from the Internet. You can also use the IP address range 10.0.0.n as well but this router uses 192.168.0.n by default. That's the first level of security against those with dark designs on you computer(s).
Access to the administration function can be password protected and that can be done as one of the initial setup options. I recommend it. It can also be accessed remotely over the Internet. This is an option that you can choose to enable or not. I have not.
The first choice on the menu on the webpage is the Setup Wizard. This leads you easily through the steps required to enable the router to connect you via the cable modem. It's all very straight-forward.
It includes things like discovering the MAC address of your computer and cloning it as the MAC address of the router. You remember I mentioned this before. You can manually enter the MAC address if you know it. Doing this is how you fool the cable modem into thinking it's talking to the registered computer when in fact it's talking to the router instead.
The router contains a built-in DHCP server (Dynamic Host Configuration Protocol). This is the piece of software that automatically gives each computer connected to the router its own unique IP address as soon as it is attached to the home network. Your Internet Service Provider (ISP - mine is :ntl) does a similar thing when you dial up to the Internet. His DHCP server will assign an IP address to the router.
Using a DHCP server enables efficient use of the available IP addresses. Assigning a fixed one to every computer, you would soon run out of addresses. DHCP gives you an address for 24 hours. When the time runs out, if you're not still attached to the network then the IP address is reused for someone else.
Like the router, these address are all by default in the range 192.168.0.n, numbered from n=2 upwards. You can limit the total computers able to be attached to the network by limiting the range. If you want you can assign any computer a fixed IP address but then it must be outside of the range assigned to the DHCP server.
All of this is called Network Address Translation (NAT) and enables the computers on the home network to be hidden from the outside world. Only the router knows who is who and it keeps a table that ensures that connections to the Internet are kept separated and secure.
This Firewall capability is also able to track of Internet "conversations" where they move around. Just like the four ports on the back of the router that enable four computers to be connected to the one router so TCP/IP also has ports, virtual ones, that enable different types of conversations to take place securely. For instance, your Internet Browser talks on port 80 (http) and port 8080 (https).
File transfer can be one of those types of conversations that move around. The initial connection between computers takes place on ports 20 and 21. However, once the "handshakes" have taken place, the actual file transfer can take place on a completely different set of ports. If the router/firewall has OKed the connection it could then lose track of it when it moves to completely different ports.
This router has what is called Stateful Packet Inspection (SPI), which enables it to keep track of these situations and control them to ensure that nothing untoward is taking place.
When I connect to our company network I use a Virtual Private Network (VPN). This piece of software encrypts all conversations between my company computer and the company's gateway computer, so enabling potentially private data to travel over the very public Internet, without any chance of interception. The router supports the use of up to 100 VPN sessions using a number of different protocols.
I mentioned when talking about firewalls that the normal action of a firewall is to reject any attempt to connect to the home network that isn't as a direct consequence of you making the first approach. So, you request access to a website and in return it sends you a webpage. No problem there. The firewall/router can match the two up and allow the webpage through.
If a computer program sends a request to talk out of the blue, the router knows that this is not a normal activity and rejects the request. Actually, it just "forgets" about it. This is because hackers often run programs that try every possible combination of IP address and port on the Internet to see if it can break in. It's a bit like a car thief walking down the road and trying every door handle on every parked car. If it doesn't get a reply, not even a rejection it assumes that that IP address doesn't exist and passes on its way.
However, websites are one example where unsolicited access is actually desired. Here, you are the one making the initial approach. Normal router/firewall activity would be to reject you. Not a good idea if you want people to visit your website.
The router has the ability for you to nominate a computer on your home network as a Virtual Server. You can indicate that it provides a very specific service and that it will accept approaches out-of-the-blue, but only on specific ports. So, for example, you can say that one of your computers is a web server, running your website and that it will only accept connections on ports 80 and 8080, for instance.
Now, what about wireless connection, after all, it was specifically for this that I chose this router?
The router has a single aerial about three inches long that can be angled in just about any direction, depending upon how the router is sited.
The wireless connection is specified according to an international standard, IEEE 802.11. There are various categories, identified by a final letter. The most popular standards are 802.11b and 802.11g. The only effective difference is the speed at which data can flow. The 802.11b standard defines data transfer at 11Mbps whilst the 802.11g standard enables data speeds nearly five times this, at 54Mbps.
This router supports both standards. Unfortunately my company laptop only supports 802.11b so at the moment I can only achieve the slower speed.
The big issue with wireless networking is security. Unlike wired networks where the data flows between the two computers and nowhere else, wireless networks broadcast their signals to anyone who can receive them. Anyone can connect to a wireless network if there is no security in place.
The router has three security controls for wireless connections.
The first is not to publicise the fact that you have a wireless access point at all. A wireless connection is usually identified by it broadcasting a Service Set Identifier (SSID). This names the network so as to enable it to be differentiated from other wireless networks in the same area.
The second enables you to define the identities of the only those computers you permit to access the Internet or your internal LAN via the router. The router keeps an internal database of all of the computers that have ever connected to it, whether wired or wireless, and you can specify which wireless connections you will allow.
WARNING - SECURITY EXPOSURE...
Well, that's how it's supposed to work. You would think that this would keep out unwelcome visitors.
I have experienced a problem whereby out that anyone who can see your wireless network can connect to it. The DHCP server will assign it an IP address. The computer will be automatically added to the database and, because it's a wireless connection, it will be automatically added to the list of authorised computers!!!!!!! How's that for security?
I was fooled into thinking it did what it said on the tin. However, one day I was checking the logs and found a completely unknown computer had accessed the Internet using my wireless connection. No idea who it was but it must have been one of my neighbours. And, more alarming, if he could access the Internet then he could access the Home Network!
I quickly deleted him from the database, which deletes him also from the list of authorised PCs. I then switched off the wireless connection whilst I decided what to do, apart from firing off an email to Trendnet, lighting a rocket underneath them.
I came to the conclusion that the only remedy was to use the third security facility.
The third facility is encryption. You can encrypt all traffic between the computer and the router by using a shared encryption key. The standard used by the router as you buy it is Wired Equivalent Privacy (WEP). It is generally acknowledged that WEP is not bullet-proof. There are tools you can download off of the Internet that can crack WEP encryption using brute-force computing methods. WEP is adequate, however, against casual access.
WEP is being replaced with Wireless Protected Access (WPA), which is much more secure. Now, the good news is that although the router only come enabled for WEP, WPA is available by downloading the latest firmware upgrade (1.2 0B) from the Trendnet website and upgrading the router. This is fairly straight-forward procedure and is accomplished by using the Administration tool.
If you computer is only enabled for WEP then you can still use this. To enable it you provide a key or password that will be used to encrypt all traffic. The configuration enables you to define your key in the form of a memorable phrase. The phrase is used to generate the key.
WPA is enabled simply by specifying a passphrase. This can be specified using any combination of letters, numbers, special characters and spaces. It must be no shorter than 8 characters and no longer than 63. The guide is, the longer the better, and that goes for passphrases as well (sorry, couldn't resist that).
So, now the router is set up. In my network it worked perfectly from the beginning and has ever since. Well, almost.
Problems & Support
When I tried to use the wireless access with my company laptop a connection could not be made. I tried a wired connection. Once again, no joy. The diagnosis identified that the IP configuration that should have been set up by the router's DHCP server was incomplete.
I did use the customer careline and they were very responsive but were unable to provide any suggestions that resolved the problem. In the end it turned out that it wasn't a problem with the router (I didn't really think it was). The problem turned out to be a piece of software on my laptop called VMware. Once I deleted it everything worked properly. I have since reinstalled a later version of VMware and it works as well.
Of course, as you will have read above, I have also communicated my displeasure over the mind-boggling security exposure on wireless connections. I have yet to receive a satisfactory response from Trendnet on this. If I get a satisfactory reply I'll update this issue.
I have been using the router now for over a year and it has done everything that has been asked of it. The administration function provides access to three logs maintained on the router.
The first log record all accesses to the Internet from any machine on the network. For families wanting to monitor the websites their kids access, this identifies everything.
The second log records all attempts to intrude onto the home network from the Internet. I find this log fascinating. I have a little piece of freeware called NeoTrace Express that displays on a map of the World the location from which one of these attacks has been launched. Little surprise how much is coming out of China!
The final log records Denial of Service attacks. These are where an overwhelming flood of network traffic hits your network and simply tries to swamp it. Fortunately I've not had many of those!
Of course, there's the security issue and that, at this time, casts a shadow over my opinion of this router. However, since setting up encryption, I haven't had any more problems with intruders.
Would I recommend the TEW-431BRP? Yes, with qualification. Don't under any circumstances use the wireless facility unless you set up either WEP or WPA encryption between your computers. If you do then this router will perform as well as you could expect or hope. However, because of this unacceptable security exposure I can only give it a average rating at this time. Hopefully Trendnet will respond positively, in which case I will probably be able to raise the rating.