2.3 Given a scenario, install and configure a basic wired/wireless SOHO network.

Question 1

SOHO stands for what?

Answer 1

small office, home office

Question 2

What networking equipment would be useful for managing a small office?

Answer 2

SOHO router

Question 3

What are some SOHO router functions?

Answer 3

It can act as a modem, router, switch, WAP, firewall, and more.

Question 4

Your SOHO router is going to have routing functionality that connects the outside world– usually, over a ___ or a ___. And this is what’s going to allow you to route between your internal private network and the external internet network.

Answer 4

DSL connection, cable modem connection

Question 5

SOHO routers very commonly have a ___ built in to them. Allowing you to create a VLAN with an Ethernet cable.

Answer 5

switch

Question 6

One of the advantages behind the design of these SOHO routers is there’s not a lot to configure. It is automatically going to perform ___ between your WAN ports and your LAN ports. And that ___ is all configured automatically. You simply need to plug in the connections, power up the router, and you’ll have connectivity to the internet.

Answer 6

network address translation

Question 7

SOHO routers also include wireless access point functionality, along with the switching, and the routing that it’s already doing, One of those is that you can configure which frequencies you’d like to use such as ___ or ___.

Answer 7

2.4 GHz and/or 5 GHz.

Question 8

SOHO routers allow you to configure SSID name, what is that?

Answer 8

This would be the name of the wireless network that appears in the list of available networks when you connect.

Question 9

You get to choose the security mode over the wireless network, which is how the data will be protected as it goes through the air. Normally, the ___ encryption is a good choice.

Answer 9

WPA2

Question 10

What is shared key configuration in a network?

Answer 10

Allows a wireless network to have a shared key/password anyone can use to access the wireless network.

Question 11

What is an enterprise configuration in a network?

Answer 11

Everyone has a unique username and password required to access the wireless network.

Question 12

Wide area network IP addresses are usually assigned through the ___’s DHCP server.

Answer 12

internet service provider

Question 13

For the inside of the network, the SOHO router is usually a DHCP server itself, internal IP addresses are defined by the ___.

Answer 13

SOHO router itself.

Question 14

___ servers are also important to have in your configuration. These are passed to the clients during the DHCP process. If you leave these blank on my router, it uses the same ___ configuration that’s on the wide area network connection. If you have your own internal___ servers or you would like to use other ___ configurations, you can add them into the configuration here.

Answer 14

DNS

Question 15

If you’re plugging a wired Ethernet device into the back of your SOHO router, it’s probably set to auto-negotiate its (1)___ and (2)___.

Answer 15

(1) speed

(2) duplex

Question 16

What does full-duplex mean for a network?

Answer 16

Data transmission can occur in any direction.

Question 17

What does half-duplex mean for a network?

Answer 17

Data transmission can only occur in one direction at a time.

Question 18

In a totally switched network, nodes only communicate with the ___ and never directly with each other.

Answer 18

switch

Question 19

Devices focused around home automation or security usually connect to your network using ___ wireless connectivity.

Answer 19

802.11

Question 20

The easiest configuration is to use ___ so the IP address, subnet mask router, and DNS information will all be populated on a device from the configurations that we’ve made on our SOHO router.

Answer 20

DHCP

Question 21

These devices will automatically communicate outbound, which makes it very easy for you then to connect to a central server using a phone to gain access to these devices.

Answer 21

Internet of Things

Question 22

A misconfigured SOHO ___ could be a significant security concern.

Answer 22

firewall

Question 23

The firewall in some SOHO routers allows you to configure an IP address that’s on your internal network or configure a physical port on your router to be the ___.

Answer 23

DMZ

Question 24

DMZ stands for what, and what does it do?

Answer 24

Demilitarized zone. It is a physical or logical subnetwork that prevents one network from being directly exposed to another (such as the internet), while still allowing the internal network access resources from the other.

Question 25

If you’re enabling the DMZ function, you’re effectively opening up a device to the internet. A possible alternative to a DMZ is configuring specific ___ rules instead with a firewall.

Answer 25

port forwarding

Question 26

This technology permits multiple devices on a LAN to be mapped to a single public IP address

Answer 26

NAT

Question 27

NAT stands for what, and what does it do?

Answer 27

Network Address Translation.

Question 28

___ is an extension of NAT that permits multiple devices on a LAN to be mapped to a single public IP address with port number appended to it, giving individual devices unique IP addresses. This is the NAT used by SOHO routers.

Answer 28

PAT/port forwarding.

Question 29

PAT stands for what, does what?

Answer 29

Port address translation. Makes Private IP addresses of each device on a network appear as one single Public IP address.

Question 30

What is the difference between NAT and PAT?

Answer 30

With NAT they simply share a Public IP, but with PAT a router can identify the specific device on the network incoming information was meant to go to.

Question 31

What is the difference between PAT and port forwarding?

Answer 31

With PAT a SOHO router assigns the client devices a port number that is appended to the internal IP address, giving each device a unique IP external address.
Port forwarding is NAT for incoming connections. This allows you to configure your SOHO router so an internal device is now available externally.

Question 32

You might also hear port forwarding referred to as ___, or ___, because we’re changing the destination IP address for this inbound traffic. This is a rule that, once it’s set up, doesn’t expire and it doesn’t time out. Anyone who accesses that port number and IP address from the outside will always have access to that particular server on the inside of my network.

Answer 32

static NAT/Destination NAT

Question 33

Many SOHO routers allow you to make dynamic configuration changes using ___. We sometimes refer to this as zero configuration.

Answer 33

UPnP

Question 34

UPnP stands for and does what?

Answer 34

Universal plug and play. This means that other devices on your network can automatically configure your SOHO router and make changes to the configuration at any time. We sometimes refer to this as zero configuration.

Question 35

Instead of you manually creating port forwarding rules, you can have applications communicate directly to your router to enable or disable the access for certain port numbers. There’s no additional configurations or approvals needed for this. Those changes are simply sent to the router. And those firewall updates are made in real time. This is known as what?

Answer 35

zero configuration/universal plug and play

Question 36

What is an advantage and disadvantage of UPnP?

Answer 36

One advantage of UPnP is that ports are only open when you’re using a particular application that uses it, and close when it is no longer running.

This could also be a security concern, since you don’t have any direct control as to when certain ports are open and when certain ports are not open.

Question 37

What could be done as an alternative to UPnP if security a concern?

Answer 37

setting up manual port forwarding rules

Question 38

Whitelisting and blacklisting are different how?

Answer 38

Whitelisting means that no traffic is allowed through the firewall unless you specifically add the IP/MAC addresses that are allowed.

Blacklisting means that all traffic would be allowed through the firewall except for specific blocked IP/MAC addresses.

Question 39

Why is using MAC address white/blacklisting a bad idea from a security standpoint?

Answer 39

MAC addresses visible within packets can be captured, and MAC addresses can be spoofed.

Question 40

On most modern routers you’ll want to configure ___ encryption, which is an ___ type of encryption.

Answer 40

(1) WPA2

(2) AES

Question 41

Older wireless routers might even give you the option for ___ or ___ encryption. These are older encryption mechanisms that have a number of vulnerabilities.

Answer 41

WEP, WPA

Question 42

if you’re in an area with a number of different wireless access points, you may want to check the ___ and make sure it’s not conflicting with other devices in your area.

Answer 42

frequency settings

Question 43

Some devices allow you to specify the channel manually or to configure an automatic function, where the router finds the best possible ___ for your area.

Answer 43

frequencies

Question 44

Many ___ configurations allow you to set priorities based on the type of application, the port numbers in use, IP addresses, and other settings. You’ll want to be very careful when making these changes, it can be very easy to choose the incorrect application end up slowing down the applications that really need the highest priority.

Answer 44

QoS

Question 45

QoS configuration stands for and means what?

Answer 45

Quality of Service. They are settings they allow you to prioritize certain applications, devices, IP addresses or ports when processing traffic.

Question 46

MAC filtering is an example of ___, and therefore a poor practice.

Answer 46

security through obscurity

Question 47

It is best practice to change ___ to avoid wireless network conflicts.

Answer 47

channel/frequency