Securing a SOHO Network(Comptia Objective 2.10)

Question 1

How does SSID Management work and what are some principles of it?

Answer 1

• Whenever you setup a new wireless network and password the new connection will be given a name known as a Service Set Identifier(SSID) and will typically have some kind of default name usually named after the brand of wireless router you own such as LINKSYS, DEFAULT, NETGEAR etc.
• Whenever you set a SSID it’s always a good idea to change the SSID to something that is not so obvious.
• Can also be useful sometimes to disable the SSID broadcast as SSID’s can be easily determined through wireless network analysis. This essentially provides security through obscurity( Which isn’t secure enough on it’s own but still an improvement over the default setup)

Question 2

Why is Wireless Encryption of your data so important?

Answer 2

• All wireless computers are radio transmitters and receivers and anyone can listen in.
• Without wireless encryption all of the wireless web traffic can be easily accessed and viewed so the solution for this is to Encrypt the data.
• With wireless encryption in place only people with the password for the wireless network can transmit and listen. The best standard for this currently is WPA2 encryption. This allows people with this password to decrypt the wireless traffic being sent over the network but not allow anyone else access.

Question 3

What is an important thing to consider when choosing a power level for a wireless configuration?

Answer 3

• Sometimes it can be a good idea to set the wireless signal level as low as possible. That way only people that should have access can actually see this connection to connect to.
• How low is low. This might require some additional study. Also be aware that certain receivers may still be able to see the signal if they have high gain antennas which allow them to hear a lot.
• It’s crucical to always consider the location you place your Wireless router in. Typically central is best.

Question 4

What is WPS and what benefits does it provide for wireless access?

Answer 4

• WPS or Wi-Fi Protected Setup( Originally called Wi-Fi Simple Config) was designed to make connecting to a wireless network as straight forward as possible. Allows “easy” setup of a mobile device. ( A passphrase can be complicated to a novice)
• There are different ways to connect a WPS device such as :
• PIN configured on access point must be entered on the mobile device
• Pushing a button on the access point itself.
• NFC(Near field communication( Bring the mobile device close to the access point)
• And USB method( No longer used)
• WPS still provides secure encrypted channels for users using the wireless network but just simplifies the process to connect to it.

Question 5

What was an example of a WPS hack and why did it occur?

Answer 5

• December 2011 - Was discovered that WPS had a design flaw it was built wrong from the beginning.
• The PIN required for connection was a 8 digit number but really it was only 7 digits with a checksum. 7 digits means 10,000,000 possible combinations in reality however the possible combinations were far less due to the way WPS processed the PIN in two halfs. The First half had 4 digits and the 2nd half had only 3 digits with the last digit being the checksum. This meant that the first half had 10,000 possibilities where as the second half only had 1000 possibilities .
• This mean that it would only take about 4 hours to through all of the combinations to gain access as long as the connection didn’t have a lockout process after a certain amount of failed attempts. Most devices now include a lockout function for this reason.

Question 6

What is important to remember about Default usernames and passwords for SOHO routers?

Answer 6

• All access points have default usernames and passwords which can easily be accessed online of various sites such as routerpasswords.com. Change yours!
• With the right credentials you can gain full administrator access to a wireless connection

Question 7

What is the name for the “hardware” address built into every computer devices Network Interface Card?

Answer 7

• Media Access Control address( MAC address)
• These are unique to each and every single device and no device has the same address as another.
• This makes it possible to limit access to a network via it’s physical hardware address which will keep the neighbors out and provide additional administration with visitors.
• Unfortunately MAC address filtering is not considered to be an effective security method as it’s easy to find working MAC addresses through wireless LAN analysis. MAC addresses can be easily spoofed via the device driver for the NIC you are using or via Free open source software. For this reason MAC filtering is considered to be security through obscurity.

Question 8

What is a reason to choose manual IP addressing over automatically assigned DHCP addresses?

Answer 8

• manual IP addresses will be encrypted over the network whereas DHCP addresses are easy to see in an unencrypted network.
• IF the encryption is broken however the IP addresses will be obvious.
• For this reason configuring a static IP address is not considered to be a security method and is again security through obscurity.

Question 9

Because small office/ home office devices throughput requirements are much lower than in a large office environment you are able to include multiple features into one device such as?

Answer 9

• Wireless access point, router, firewall and content filter all in one SOHO router device.
• However it may not provide advanced capabilities such as dynamic routing and remote support.
• As with any network device it is always a good idea to be running the latest software, so you will want to update and upgrade the firmware. This goes for Firewalls, routers, switches etc.

Question 10

What are some important things to remember about Firewall settings for your SOHO router device?

Answer 10

• Inbound traffic should require extensive filtering and firewall rules. Allow only required traffic.
• Configure port forwarding to map TCP/UDP ports to a device and also consider building a DMZ( Demilitarized Zone)
• For Outbound traffic it would be a good idea to implement either a Blacklist( Allow all traffic, stop only unwanted traffic) or a Whitelist( Block all traffic, only allow certain traffic types)

Question 11

Why is disabling ports important?

Answer 11

• In an office environment there may be certain areas of the workplace where there can high levels people traffic such as a conference room or break room in this scenario you may wish to disable ports on a switch, router, firewall etc to prevent anyone from just connecting to it.
• It is a good idea to disable any unused ports this can mean more to maintain but makes the device more secure.
• Another good method of digitally preventing physical access to a SOHO router device, switch etc would be implementing Network Access Control(NAC) such as 802.1X which will prevent anyone gaining access to an internal network without Active directory username and password. ( You can’t communicate unless you are authenticated)

Question 12

What is Content Filtering and what purpose does it serve?

Answer 12

• Controls traffic based on data within the content( Data in packets)
• Provides corporate control of outbound and inbound data( Sensitive materials)
• Allows a company to control access to inappropriate content( porn, torrent sites, providing personal identifiable information over the network as well as provide parental controls.
• Also protects against malware, spyware etc via preventing access to known bad sites.

Question 13

What are some examples of Physical Security when it comes to controlling access to areas which contain SOHO networks?

Answer 13

• Many data centers are highly secure and include things such as :
• Door Access( lock and key, electronic keyless)
• Biometric Access( Eyeballs and fingers)
• The process of physical security access should be well documented and well established.