Securing a SOHO Network Flashcards
SSID management
- Service Set Identifier
- Name of the wireless network
- LINKSYS, DEFAULT, NETGEAR
• Change the SSID to something not-so obvious
• Disable SSID broadcasting?
• SSID is easily determined through
wireless network analysis
• Security through obscurity
Wireless encryption
• All wireless computers are radio
transmitters and receivers
• Anyone can listen in
- Solution: Encrypt the data
- Everyone gets the password
• Only people with the password can
transmit and listen
• WPA2 encryption
Power level controls
- Usually a wireless configuration
- Set it as low as you can
- How low is low?
- This might require some additional study
- Consider the receiver
- High-gain antennas can hear a lot
- Location, location, location
Using WPS
- Wi-Fi Protected Setup
- Originally called Wi-Fi Simple Config
- Allows “easy” setup of a mobile device
- A passphrase can be complicated to a novice
• Different ways to connect
• PIN configured on access point must be
entered on the mobile device
• Push a button on the access point
• Near-field communication - Bring the
mobile device close to the access point
• USB method - no longer used
Default usernames and passwords
• All access points have default
usernames and passwords
• Change yours!
- The right credentials provide full control
- Administrator access
• Very easy to find the defaults for your WAP or router
MAC address filtering
- Media Access Control
- The “hardware” address
- Limit access through the physical hardware address
- Keeps the neighbors out
- Additional administration with visitors
• Easy to find working MAC addresses
through wireless LAN analysis
• MAC addresses can be spoofed
• Free open-source software
• Security through obscurity
IP addressing
• DHCP (automatic) IP addressing vs.
manual IP addressing
• IP addresses are easy to see in an
unencrypted network
• If the encryption is broken, the IP addresses
will be obvious
• Configuring a static IP address is not a
security technique
• Security through obscurity
SOHO firewalls
- Small office / home office appliances
- Generally has reduced throughput requirements
- Usually includes multiple functions
- Wireless access point, router, firewall, content filter
- May not provide advanced capabilities
- Dynamic routing
- Remote support
- Install the latest software
- Update and upgrade the firmware
- Firewalls, routers, switches, etc
Firewall settings
• Inbound traffic
• Extensive filtering and firewall rules
• Allow only required traffic
• Configure port forwarding to map TCP/UDP ports
to a device
• Consider building a DMZ
- Outbound traffic
- Blacklist - Allow all, stop only unwanted traffic
- Whitelist - Block all, only allow certain traffic types
Disabling ports
- Enabled physical ports
- Conference rooms, break rooms
- Administratively disable unused ports
- More to maintain, but more secure
- Network Access Control (NAC)
- 802.1X controls
- You can’t communicate unless you are authenticated
Content filtering
- Control traffic based on data within the content
- Data in the packets
- Corporate control of outbound and inbound data
- Sensitive materials
- Control of inappropriate content
- Not safe for work, parental controls
- Protection against evil
- Anti-virus, anti-malware
The process of planning and designing new WLANs for optimal performance, security and compliance typically involves:
Wireless site survey
An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:
War driving
Which WAP configuration setting allows for adjusting the boundary range of a wireless signal?
Power level controls
