2.3 SOHO Networks Flashcards
SOHO network
Small office/home office network
SOHO router
All in one device
- modem, router, switch, wireless AP (access point), firewall)
Routing and switching (soho)
Connects to outside world via DSL connection or cable modem
- routes between internal private network and external internet
- switches built in - typical 4 vlans, devices can be plugged in with ethernet cable
Not much to configure, just plug in and turn on
Access point settings (soho)
Setting options
- you can enable or disable frequencies
- decide which bands to communicate on - 2.4GHz and or 5 GHz
Configure SSID (name of network)
- choose security mode
- –wpa2 preffered
- can set pre-shared key or enterprise (everyone puts in own password)
Can decide what channel is used to provide connectivity
IP addressing (Soho router)
- need IP address for WAN and LAN on Soho router
WAN
- —automatically assigned by DHCP from ISP
- -some may require authentication
LAN
Soho router is DHCP server in itself
Plug in device and router will assign an IP automatically
NIC configuration (Soho router)
2 options wired & wireless
Plug in through Wired option
- will configure on its own…
- —speed: 10/100/1000 megabits/s
- duplex: half/full
Wireless
- Enable/disable wireless adapter
- Select SSID (network name)
- password
End user-device configuration
2 options: manually and automatic
should have automatic option for tcp/IP (how IP is assigned)
- using DHCP (automtic)
- manually ( you type in IP)
Internet of things (IOT)
Mostly wireless
- Thermostat
- door lock
- lights
Firewall And DMZ ports (configuring SOHO)
Every SOHO router is also a fire
- no external device can directly access the internal network
- cant be disabled
DMZ (demilitarized ports) can be configured to allow unrestricted access
- not usually good idea
NAT (in SOHO router)
Network address translation Aka PAT (port address translation)
translates all internal IP address in LAN to appear as one IP address in WAN. (Person inside network sends to router, Nat In router will translate what the real IP was to the generic router IP and forward out to WAN with that new IP)
- NAT knows real IP because it saves which ports things are coming from and associates original IP with it
Port Forwarding
Allows 24/7 access to a service that is internally on the network
Makes it so an Internal device is available externally
If external IP on router is accessed through a specific port that you have set to be forwarded to an internal port it will automatically have access to that feature
Ex: IP 45 was accessed through port 80. I have that port set up for automatic forwarding, router will now forward the message to the IP associated with that port
Rule doesn’t expire
UPnP
Universal plug and play
Allows network devices to automatically configure and find other network devices
- zero configuration
Used for applications on internal network to communicate through ports
Port only open when application is open and disabled when they’re closed
Whitelist/blacklist (Soho router)
Router allows you to filter content
Whitelist
- only items listed are let in and nothing else
- nothing passes through firewall unless site is listed as allowed (approved)
- very restrictive
Blacklist
- nothing on the “bad list”
- lists what shouldn’t be allowed and everything else is let in
- can be certain URL’s
- Domain names
- IP addresses
MAC filtering
Media access control
- the hardware address
Can configure firewall to block certain Mac addresses
- ex: neighbors
Not best security technique because mac addresses can be spoofed( faked/changed) to get around the block that’s on your router
Wireless channels & encryption (Soho router)
If using wireless configure for highest encryption possible
Good configuration
- WPA2-AES
- WPA2 better than EPA
- do not use WEP (vulnerable)
Check encryption setting for WAP as well
With lots of WAPs check frequency so not conflicting with other devices in area.
- change channel settings for this
