Configure SOHO Router Security Flashcards

lesson 16C (30 cards)

1
Q
A

Upgrading device firmware on a TP-LINK home router. (Screenshot courtesy of TP-Link.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
A

Configuring security settings on a TP-LINK home router. This configuration allows WPA compatibility mode, which is less secure. (Screenshot courtesy of TP-Link.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
A

Configuring parental control content-filtering to restrict when certain devices can access the
network on a TP-LINK home router.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
A

Configuring port forwarding for FTP on a TP-LINK home router via its Virtual Servers feature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
A

There is nothing to configure when enabling UPnP, but when client devices use the service, the rules
they have configured on the firewall are shown in the service list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
A

A screened subnet topology. (Images © 123RF.com.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
A

Configuring a home-router version of a DMZ—the host 192.168.1.202 will not be protected
by the firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

(small office home office)
SOHO LAN

A

relies on a single internet appliance, known as a wireless router, SOHO router, or home router, which integrates the functions of an internet router, DSL/cable modem, Ethernet switch, and Wi-Fi access point.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

router physical placement

A

Routers should be placed in secure locations to prevent unauthorized physical access, accidental tampering, or security breaches. In enterprises, they are stored in locked equipment rooms or cabinets, while home routers must be near service entry points and remain accessible for optimal wireless coverage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To set up a home router

A

connect it to the provider’s cabling via the appropriate WAN port (RJ45 for fiber, RJ11 for DSL, or F-connector for cable) or to an external modem using the WAN/LAN port. Power it on, connect a computer to an RJ45 LAN port, ensure DHCP is enabled, and wait for an IP address allocation. Access the router’s management interface through its documented URL and update the default administrator password to a strong, unique one for security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

router setup

A

Most routers use a wizard-based setup for internet access, with the ISP assigning the router’s public IPv4 address, typically via DHCP. Some plans offer static IPs, which may require manual configuration based on ISP instructions. Once set up, the router’s status page confirms the connection is active.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

home router’s firmware updated

A

is crucial for security and compatibility with the latest standards like WPA3. Download the correct update (latest patches) from the vendor’s website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

service set ID (SSID)

A

is a case-sensitive identifier for a WLAN, typically set to a default name based on the router’s brand or model. Changing it to a recognizable but non-personal name helps prevent confusion and security risks, avoiding SSIDs that reveal sensitive information or attract malicious attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Disabling SSID broadcast

A

hides the network from automatic discovery, enhancing privacy but requiring manual configuration for devices to connect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

For encryption settings,

A

choose the highest authentication standard your client devices support—ideally WPA3. If needed, enable WPA2 (AES/CCMP) or WPA2 (TKIP) for compatibility, though this weakens security by allowing downgrade attacks. When using personal authentication, set a strong passphrase to generate the network key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

disable guest access

A

Most home routers enable a guest network by default, allowing clients to connect to the internet without a passphrase. While this network is usually isolated from local devices, you should disable guest access if security concerns outweigh the convenience.

17
Q

Changing Channels

A

Each Wi-Fi frequency band (2.4 GHz, 5 GHz, and 6 GHz) allows manual or automatic channel selection.

When set to auto-detect, the access point selects the least congested channel at startup, but environmental changes may affect performance. Using a Wi-Fi analyzer helps identify the optimal channel for better connectivity.

18
Q

content filtering

A

Home router firewalls provide inbound filtering (blocking remote connections by default, with exceptions via port forwarding) and outbound filtering (allowing internet access but enabling selective content restrictions). Instead of manual IP filtering, most home routers use reputation-based content filtering, blocking malicious or unwanted sites based on curated databases of IP ranges, domain names, and URLs, with customizable blacklists for different content categories.

19
Q

Port forwarding

A

enables Internet hosts to connect to local network devices, allowing users to support online gaming, remote access to home computers, or even host a web server. Unlike content filtering, which restricts outgoing connections, port forwarding selectively permits inbound traffic by mapping external requests to specific local devices and services.

20
Q

DHCP reservation

A

the destination computer needs a consistent IP address. While static addressing is an option, managing it can be complex. A better approach is setting a DHCP reservation, ensuring the DHCP server always assigns the same IP to the device based on its MAC address. This simplifies network management while maintaining flexibility.

21
Q

DHCP reservation aka
IP reservation aka MAC binding,

A

is a feature of Dynamic Host Configuration Protocol (DHCP) that allows a network administrator to assign a specific IP address to a device based on its MAC address.

22
Q

Port forwarding

A

allows Internet hosts to access local network services by directing requests from the router’s WAN interface to a designated internal device.
This process, also known as port mapping, enables services like game servers to be reachable externally while running on different internal ports.

23
Q

port triggering

A

Port forwarding opens specific ports permanently, while port triggering opens ports only when an outgoing connection from the same device is made.

24
Q

File Transfer Protocol (ftp)

A

is a standard network protocol used to transfer files between computers.

25
Universal Plug and Play (UPnP)
is a networking protocol that allows devices on a local network to automatically discover and communicate with each other, as well as potentially configure the network router.
26
UPnP vs. Bluetooth
UPnP uses network protocols to allow devices to automatically discover and communicate with each other, including accessing the internet. Bluetooth, on the other hand, uses a device-to-device protocol for wireless connections, often used for audio devices like headphones or speakers.
27
Disable unused ports
to minimize security risks, regularly reviewing and removing outdated port-forwarding rules while considering outbound traffic restrictions for enhanced protection.
28
Universal Plug-and-Play (UPnP) simplifies firewall
Universal Plug-and-Play (UPnP) simplifies firewall configuration by allowing devices to automatically open necessary ports. While convenient, it poses security risks and should be disabled unless required. If enabled, ensure it doesn’t accept external requests and stay updated with security patches.
29
screened subnet aka deprecated terminology demilitarized zone (DMZ)
isolates specific hosts from the main LAN using distinct firewall rules, while home routers typically apply basic firewall protections instead of true network segmentation.
30