2.10 Given a scenario, configure security on SOHO wireless and wired networks. Flashcards
2.10 Given a scenario, configure security on SOHO wireless and wired networks.
2.10 Given a scenario, configure security on SOHO wireless and wired networks.
• Wireless-specific
- Changing the default SSID/the name of your WiFi Network
• The Name of YOUR wireless network generally will default to the router manufacturer: i..e LINKSYS, DEFAULT, NETGEAR
Secure your network by either Disable SSID broadcasting OR rename SSID to something not-so obvious
SSID is easily determined through wireless network analysis • Security through obscurity
• Wireless-specific
- Setting encryption
Wireless encryption • All wireless computers are radio transmitters and receivers • Anyone can listen in
- Solution: Encrypt the data • Everyone gets the password • Only people with the password can transmit and listen
- use WPA2 encryption
• Wireless-specific
- Disabling SSID broadcast
- Disable SSID broadcasting makes your network more secure
- SSID is easily determined through wireless network analysis
- Security through obscurity
• Wireless-specific
- Antenna and access point placement
Wireless AP placement is as much art as it science. A good site survey and some planning is essential.
May also need to experiment with AP placement to optimize the Wi-Fi network performance and the user’s roaming experience.
Security is equally important. Want to keep the wifi inside my corp.
• Wireless-specific
- WAP/Radio power levels
Power level controls • Usually a wireless configuration • Set it as low as you can • How low is low? • This might require some additional study
• Consider the receiver • High-gain antennas can hear a lot • Location, location, location
• Wireless-specific
- WPS
Using WPS • Wi-Fi Protected Setup • Originally called Wi-Fi Simple Config • Allows “easy” setup of a mobile device • A passphrase can be complicated to a novice
- Different ways to connect • PIN configured on access point must be entered on the mobile device
- Push a button on the access point • Near-field communication - Bring the mobile device close to the access point • USB method - no longer used
• Change default usernames and passwords
Default usernames and passwords • All access points have default usernames and passwords • Change yours!
- The right credentials provide full control • Administrator access
- Very easy to find the defaults for your WAP or router • http://www.routerpasswords.com
• Enable MAC filtering
MAC address filtering • Media Access Control • The “hardware” address • Limit access through the physical hardware address • Keeps the neighbors out
- Additional administration with visitors • Easy to find working MAC addresses through wireless LAN analysis
- MAC addresses can be spoofed • Free open-source software
- Security through obscurity
• Assign static IP addresses
IP addressing • DHCP (automatic) IP addressing vs. manual IP addressing
- IP addresses are easy to see in an unencrypted network • If the encryption is broken, the IP addresses will be obvious
- Configuring a static IP address is not a security technique • Security through obscurity
• Firewall settings
Firewall settings • Inbound traffic • Extensive filtering and firewall rules • Allow only required traffic
- Configure port forwarding to map TCP/UDP ports to a device • Consider building a DMZ
- Outbound traffic • Blacklist - Allow all, stop only unwanted traffic
- Whitelist - Block all, only allow certain traffic types
• Port forwarding/mapping
Firewall settings • Inbound traffic • Extensive filtering and firewall rules • Allow only required traffic
- Configure port forwarding to map TCP/UDP ports to a device • Consider building a DMZ
- Outbound traffic • Blacklist - Allow all, stop only unwanted traffic
- Whitelist - Block all, only allow certain traffic types
• Disabling ports
- Enabled physical ports • Conference rooms, break rooms
- Administratively disable unused ports • More to maintain, but more secure
- Network Access Control (NAC) • 802.1X controls • You can’t communicate unless you are authenticated
• Content filtering/parental controls
Content filtering • Control traffic based on data within the content • Data in the packets
- Corporate control of outbound and inbound data • Sensitive materials
- Control of inappropriate content • Not safe for work, parental controls
- Protection against evil • Anti-virus, anti-malware
• Update firmware
• ALWAYS/IMMEDIATELY Update and upgrade the firmware • Firewalls, routers, switches, etc.
