Networking

What Separates Business Routers From Consumer Routers?

Consumer-Router Features

One feature you can expect to find in a high-end consumer router is one or even two USB ports. Through such ports, networked computers can easily share a USB printer and a USB hard drive. Although this might seem like an attractive feature in a router, anything but the tiniest small business will be better served by printers and NAS (network-attached storage) devices that have built-in networking capabilities. A printer with built-in networking features won’t limit you to the length of a USB cable when you deploy it. USB storage devices, meanwhile, are slow and top out at 2TB, whereas a high-end NAS can deliver as much performance and storage capacity as a small server can.

Here are some of the other features you’ll find in the typical consumer router:

  • Quality of Service (QoS) settings enable you to assign priorities to your network traffic.
    Quality of Service:This term describes a router’s ability to prioritize different types of data traffic. For instance, if data packets drop during a file transfer, the router can repeatedly resend those packets until you've received the entire file. It might take a fraction longer, but you’ll eventually receive the entire file intact, and it’s largely irrelevant how many packets were dropped and resent in the process. However, if packets drop while the router is streaming music or video, or while you’re in the middle of a phone conversation, you’ll experience unpleasant dropouts and glitches. Routers with strong QoS capabilities can assign top priority to lag-sensitive media and VoIP traffic by throttling lag-insensitive file-transfer traffic. This is a good feature to have if you use VoIP equipment instead of a landline.
  • Parental controls: This feature is designed to limit when client PCs have Internet access, and where those clients can go on the Internet. If you have children, you might configure the router’s parental controls so that they can’t access porn sites, or play online games during hours when they should be doing homework.
  • Guest network: This is a virtual network that can allow your guests to access the Internet while barring them from accessing computers, printers, NAS boxes, and other devices on your network. (Some routers allow you to run a guest network without any security, but that isn't a good idea.) A guest network can be as handy for a small business as it is for a consumer.
  • Built-in media server: Consumer routers are increasingly focused on streaming media, so it only makes sense that they’d have integrated servers for this purpose. UPnP (Universal Plug and Play) is the bare minimum. Advanced models add DLNA (Digital Living Network Alliance) and even iTunes servers.
  • Lightweight VPN support: A VPN (virtual private network) allows remote users to access your network through a secure Internet pathway (often referred to as a tunnel).
  • Integrated firewall: A firewall is a security mechanism designed to prevent intruders from accessing your network from the Internet.
  • Wi-Fi Protected Setup (WPS): Operating a wireless network without encryption is asking for trouble. WPS helps consumers set up a wireless network with ease: You simply push a button on the router and a button on the client to establish a secure connection via WPA or WPA2 (see below). A recent discovery, though, has revealed that a brute-force attack can defeat this kind of security within a few hours. If your router supports WPS, you should disable it (if possible), whether you’re running it at home or at the office.
  • WEP/WPA/WPA2: These three security schemes involve the router and client exchanging preshared keys. WEP (Wired Equivalent Privacy), and to a lesser degree WPA (Wi-Fi Protected Access), have proven vulnerable to brute-force attacks. WPA2, which uses AES (Advanced Encryption Standard) encryption, remains relatively secure--provided that you establish a complex password.
  • RADIUS: A few consumer routers support RADIUS (Remote Authentication Dial-In User Service) security. I’ll discuss RADIUS in more detail later.

Business-Class Router Priorities: Security, Remote Access, and Scalability

Cisco's RV016 Multi-WAN VPN router is typical of a high-end wired small-business-class router.
Now let’s turn our attention to business-oriented routers. Prices for low-end business routers start right about where consumer models top out, around $200, and they share many of the same features, such as a four-port switch, 802.11n wireless support, virtual networks, and QoS support (for VoIP applications).

Business routers, however, lack some of the features available in high-end consumer routers. You won’t find a convenient-but-insecure WPS button, for example, nor will you get USB ports for sharing a printer or storage. And it’s no surprise that you won’t find an onboard media server. Many entry-level business models have only a Fast Ethernet switch (10/100 mbps), and wireless models typically operate only on the 2.4GHz band. In this environment, raw speed is less important than supporting large numbers of users, because those users are typically only accessing the Internet, moving small files around the network, and using server- or Web-hosted applications.

What you will get in business-class routers at all price points is stronger security features, more flexibility in giving you access to your network from remote locations, and the ability to scale as your business grows.

In addition, SMB routers support the aforementioned WPA, WPA2, and RADIUS (also known as WPA-Enterprise) security protocols, but you should use only the latter two to secure your business’s network. RADIUS is the most secure option, but it is complicated to set up because it requires a dedicated server independent of the router. When a user logs on to a wireless network secured via RADIUS, a RADIUS client running on the router sends the user’s login ID and encrypted password to a central authentication server. The authentication server then sends one of several messages back through the router to the user: 'Accept' (in which case the user is authorized to access the network), 'Reject' (the user is denied access, and asked to reenter their credentials), 'Challenge' (the user is asked to provide additional information), or 'Change password' (the user is recognized, but asked to create a new password before gaining access).

Next Page: More Details on Business-Class Routers

Subscribe to the Business Brief Newsletter

Comments