2.9 - Securing a SOHO Network Flashcards

1
Q

Change default passwords

A
  • All access points have default usernames and passwords
    – Change yours!
  • The right credentials provide full control
    – Administrator access
  • Very easy to find the defaults for your
    access point or router
    – https://www.routerpasswords.com
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Firmware updates

A
  • Small office / home office appliances
    – Appliance are usually a closed architecture
    – Updates are provided by the manufacturer
  • Updates may address different requirements
    – Bug fixes
    – New features
    – Security patches
  • Install the latest software
    – Update and upgrade the firmware
    – Firewalls, routers, switches, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IP address filtering

A
  • Content filtering, IP address ranges
    – Or a combination
  • Allow list
    – Nothing pass through the firewall unless it’s approved
    – Very restrictive
  • Deny list
    – Nothing on the “bad list” is allowed
    – Specific URLs
    – Domains
    – IP addresses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Content filtering

A
  • Control traffic based on data within the content
    – URL filtering, website category filtering
  • Corporate control of outbound and inbound data
    – Sensitive materials
  • Control of inappropriate content
    – Not safe for work
    – Parental controls
  • Protection against evil
    – Anti-virus, anti-malware
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Physical placement

A
  • Often a single device
    – Router, switch, access point, firewall, etc.
  • Location may be restricted to a secure room
    – Prevent access to servers and network devices
    – For wireless, location becomes more important
    – Above ceiling tiles or another high point
    – This may cause problems for power cycling
  • Plan before the installation
    – May require additional setup time
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IP addressing

A
  • DHCP (automatic) IP addressing vs.
    manual IP addressing
  • IP addresses are easy to see in
    an unencrypted network
  • If the encryption is broken, the IP addresses
    will be obvious
  • Configuring a static IP address is not
    a security technique
    – Security through obscurity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DHCP reservations

A
  • Address reservation
    – Administratively configured
  • Table of MAC addresses
    – Each MAC address has a matching IP address
  • Other names
    – Static DHCP Assignment
    – Static DHCP
    – Static Assignment
    – IP Reservation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Static WAN IP

A
  • Wide area network / Internet link
    – External IP address
  • Many ISPs dynamically allocate WAN addresses
    – The default for most ISPs
  • It’s easier to manage if the IP address is static
    – The IT team always knows the IP address
    – A SOHO might provide a service
  • This may be an additional cost
    – Contact the ISP for options
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

UPnP (Universal Plug and Play)

A
  • Allows network devices to automatically configure
    and find other network devices
    – Zero-configuration
  • Applications on the internal network can open
    inbound ports using UPnP
    – No approval needed
    – Used for many peer-to-peer (P2P) applications
  • Best practice would be to disable UPnP
    – Only enable if the application requires it
    – And maybe not even then
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Screened subnet

A
  • Previously known as the demilitarized zone (DMZ)
    – An additional layer of security between
    the Internet and you
    – Public access to public resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SSID management

A
  • Service Set Identifier
    – Name of the wireless network
    – LINKSYS, DEFAULT, NETGEAR
  • Change the SSID to something not-so obvious
  • Disable SSID broadcasting?
    – SSID is easily determined through wireless
    network analysis
    – Security through obscurity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Wireless channels and encryption

A
  • Open System
    – No authentication password is required
  • WPA/2/3-Personal / WPA/2/3-PSK
    – WPA2 or WPA3 with a pre-shared key
    – Everyone uses the same 256-bit key
  • WPA/2/3-Enterprise / WPA/2/3-802.1X
    – Authenticates users individually with an
    authentication server (i.e., RADIUS, LDAP, etc.)
  • Use an open frequency
    – Some access points will automatically find
    good frequencies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Disable guest networks

A
  • Limit access to outsiders
    – Guest networks are often enabled by default
  • Some guest networks can be used for other
    connections
    – Internet of Things
    – Lab networks
  • Don’t enable without security
    – WPA2 or WPA3
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Disabling ports

A
  • Enabled physical ports
    – Conference rooms
    – Break rooms
  • Administratively disable unused ports
    – More to maintain, but more secure
  • Network Access Control (NAC)
    – 802.1X controls
    – You can’t communicate unless you are authenticated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Port forwarding

A
  • 24x7 access to a service hosted internally
    – Web server, gaming server, security system, etc.
  • External IP/port number maps to an internal IP/port
    – Does not have to be the same port number
  • Also called Destination NAT or Static NAT
    – Destination address is translated from a public IP to
    a private IP
    – Does not expire or timeout
How well did you know this?
1
Not at all
2
3
4
5
Perfectly