2.3 - Installing a SOHO Network Flashcards
The SOHO router
- An all-in-one device
* Modem, router, switch, wireless AP, firewall, etc.
Routing and switching
- Routing to the outside world
- WAN / DSL port
- Switching local devices
- One VLAN / LAN1, LAN2, LAN3, LAN4, etc.
- Not much to configure
- Routes and switches by default
Access point settings
Enable/disable frequencies • 2.4 GHz and/or 5 GHz • Available options will depend on the wireless standard used • Configure an SSID • May need a separate SSID for each frequency • Security mode • WPA2, preferably • Pre-shared key or Enterprise • Channel / channel bandwidth • Automatic / other nearby networks
IP addressing
- WAN interface
- Automatically assigned via DHCP from the ISP
- May require authentication
- LAN interface
- Internal IP address and subnet mask of the router
- DHCP address range for other devices
- DNS server addresses
IoT configurations
• Internet of Things • Home automation, mostly wireless • Security is an issue • Devices • Thermostat • Light switches • Security cameras • Door locks • Voice-enabled smart speakers / digital assistants • Almost all devices communicate outbound • No special port-mapping or NAT configurations required
End-user device configuration
- Automatic
- Auto speed and duplex
- DHCP addressing
- End-user device configures based on router
- IP address
- Subnet mask
- Default gateway
- DNS servers
NIC configuration
Wired • May not have many options • Ports configured for auto speed and duplex • Speed: 10/100/1000 • Duplex: Half/Full • Wireless • Enable/disable
Firewall and DMZ ports
• Every SOHO router is also a firewall • No external device can directly access the internal network • This normally can’t be disabled • DMZ ports can be configured to allow unrestricted access • This is almost always a bad idea • Consider creating more specific port forwarding rules • Or perhaps don’t allow any access
NAT (Network Address Translation)
• It is estimated that there are over 20 billion devices
connected to the Internet (and growing)
• IPv4 supports around 4.29 billion addresses
• The address space for IPv4 is exhausted
• There are no available addresses to assign
• How does it all work?
• Network Address Translation
• This isn’t the only use of NAT
• NAT is handy in many situations
Port forwarding
• 24x7 access to a service hosted internally
• Web server, gaming server, security system, etc.
• External IP/port number maps to an internal IP/port
• Does not have to be the same port number
• Also called Destination NAT or Static NAT
• Destination address is translated from a
public IP to a private IP
• Does not expire or timeout
• Port forwarding
Configuring NAT
• For SOHO devices, this is automatic
• Source NAT, also called PAT (Port Address Translation)
• All internal devices are translated to
a single external address
MAC filtering
• Media Access Control • The “hardware” address • Limit access through the physical hardware address • Keeps the neighbors out • Additional administration with visitors • Easy to find working MAC addresses through wireless LAN analysis • MAC addresses can be spoofed • Free open-source software • Security through obscurity
Whitelist/blacklist
- Content filtering, IP address ranges
- Or a combination
- Whitelisting
- Nothing pass through the firewall unless it’s approved
- Very restrictive
- Blacklisting
- Nothing on the “bad list” is allowed
- Specific URLs
- Domains
- IP addresses
UPnP (Universal Plug and Play)
• Allows network devices to automatically
configure and find other network devices
• Zero-configuration
• Applications on the internal network can
open inbound ports using UPnP
• No approval needed
• Used for many peer-to-peer (P2P) applications
• Best practice would be to disable UPnP
• Only enable if the application requires it
• And maybe not even then
Wireless channels and encryption
• Configure for the highest encryption possible • WPA2-AES • Choose WPA2 over WPA • WEP is not an appropriate option • Check your devices • Not all of them may allow for the highest encryption • Use an open frequency • Some access points will automatically find good frequencies
