Securing a SOHO Network

Question 1

SSID management

Answer 1

• Service Set Identifier
• Name of the wireless network
• LINKSYS, DEFAULT, NETGEAR

• Change the SSID to something not-so obvious

• Disable SSID broadcasting?
• SSID is easily determined through
wireless network analysis
• Security through obscurity

Question 2

Wireless encryption

Answer 2

• All wireless computers are radio
transmitters and receivers
• Anyone can listen in

• Solution: Encrypt the data
• Everyone gets the password

• Only people with the password can
transmit and listen
• WPA2 encryption

Question 3

Power level controls

Answer 3

• Usually a wireless configuration
• Set it as low as you can
• How low is low?
• This might require some additional study
• Consider the receiver
• High-gain antennas can hear a lot
• Location, location, location

Question 4

Using WPS

Answer 4

• Wi-Fi Protected Setup
• Originally called Wi-Fi Simple Config
• Allows “easy” setup of a mobile device
• A passphrase can be complicated to a novice

• Different ways to connect
• PIN configured on access point must be
entered on the mobile device

• Push a button on the access point

• Near-field communication - Bring the
mobile device close to the access point

• USB method - no longer used

Question 5

Default usernames and passwords

Answer 5

• All access points have default
usernames and passwords
• Change yours!

• The right credentials provide full control
• Administrator access

• Very easy to find the defaults for your WAP or router

Question 6

MAC address filtering

Answer 6

• Media Access Control
• The “hardware” address
• Limit access through the physical hardware address
• Keeps the neighbors out
• Additional administration with visitors

• Easy to find working MAC addresses
through wireless LAN analysis
• MAC addresses can be spoofed
• Free open-source software

• Security through obscurity

Question 7

IP addressing

Answer 7

• DHCP (automatic) IP addressing vs.
manual IP addressing

• IP addresses are easy to see in an
unencrypted network

• If the encryption is broken, the IP addresses
will be obvious

• Configuring a static IP address is not a
security technique
• Security through obscurity

Question 8

SOHO firewalls

Answer 8

• Small office / home office appliances
• Generally has reduced throughput requirements
• Usually includes multiple functions
• Wireless access point, router, firewall, content filter
• May not provide advanced capabilities
• Dynamic routing
• Remote support
• Install the latest software
• Update and upgrade the firmware
• Firewalls, routers, switches, etc

Question 9

Firewall settings

Answer 9

• Inbound traffic
• Extensive filtering and firewall rules
• Allow only required traffic
• Configure port forwarding to map TCP/UDP ports
to a device
• Consider building a DMZ

• Outbound traffic
• Blacklist - Allow all, stop only unwanted traffic
• Whitelist - Block all, only allow certain traffic types

Question 10

Disabling ports

Answer 10

• Enabled physical ports
• Conference rooms, break rooms
• Administratively disable unused ports
• More to maintain, but more secure
• Network Access Control (NAC)
• 802.1X controls
• You can’t communicate unless you are authenticated

Question 11

Content filtering

Answer 11

• Control traffic based on data within the content
• Data in the packets
• Corporate control of outbound and inbound data
• Sensitive materials
• Control of inappropriate content
• Not safe for work, parental controls
• Protection against evil
• Anti-virus, anti-malware

Question 12

The process of planning and designing new WLANs for optimal performance, security and compliance typically involves:

Answer 12

Wireless site survey

Question 13

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:

Answer 13

War driving

Question 14

Which WAP configuration setting allows for adjusting the boundary range of a wireless signal?

Answer 14

Power level controls