Depending on the kind of activities you usually do on your network, I suggest you check the following:
1. Use a good password. Know that if you choose your browser to remember the password at the login prompt, it will stored on your computer.
2. Very important, if you don't want the following vulnerabilities; upgrade your firmware and regularly check for new ones. Only download them from the manufacturer website.(gotta trust him, hey
Here are some details of LinkSys vulnerabilities found on securityfocus.com:
2002-03-08: Linksys BEFVP41 Key Truncation Encryption Weakening Vulnerability (
http://online.securityfocus.com/bid/4250)
2002-01-06: Linksys DSL Router SNMP Trap System Arbitrary Sending Vulnerability (
http://online.securityfocus.com/bid/3797)
2002-01-06: Linksys DSL Router Default SNMP Community String Vulnerability (
http://online.securityfocus.com/bid/3795)
2001-08-02: LinkSys EtherFast Router Password HTML Source Revealing Vulnerability (
http://online.securityfocus.com/bid/3141)
3. Try not using DHCP. It's not the end of the world, but again it increase the security of the network. If you have to use it, restric t the number of users(Setup menu, DHCP section).
4. This is not mandatory, but you can save the logs(Setup menu, Log section).
5. Define an IP for each machine, and exempt all other IPs(Setup menu, Security section. Also Filter section in the Advanced menu).
6. Control the physical access to the router.(especially the reset button
7. Block WAN request, disable all Pass Through, the Remote Management and the Remote Upgrade(Advanced menu, Filters section).
8. Use the Fowarding section(in the Advanced menu) to control the port access to each of the computer.
9. You can always use an IDS like Snort(
http://www.snort.com) if you really want to filter the whole thing.
10. Don't count on only one solution to protect your network.
11. I know there is a way to probe specific URLs using the internal IP of the router, and found some information whatever the security settings on the LinkSys.(Is it set using DHCP, the Internal IP of the router, etc, but nothing too explicit)
13. An easy way to bypass all this is to set the DMZ Host to your computer. The router will not filter anything. You could use it as an honeypot and see how script kiddies react.
Despite the fact there as been some vulnerabilities,
I think it is secure enough for a small network.
You can always do more to secure the think, but this should be a good start. Since I'm not an expert, don't take all this for perfect. Hope it helped.