11.6.2 SOHO Configuration Facts

Questions and Answers

PDF Questions PDF Answers

What is the main purpose of content filtering in SOHO routers?

To restrict access to specific websites or services (correct)

To improve network security against all threats

To provide automatic connection for devices

To enhance the speed of internet connections

Why is MAC address filtering considered a weak form of security?

It prevents all unauthorized access completely

It requires constant updates for changes

MAC addresses are easily spoofed (correct)

It is complicated to configure

What does Quality of Service (QoS) do when enabled on a SOHO router?

It restricts user access to specific applications

It creates additional bandwidth for all devices

It prioritizes certain types of network communication (correct)

It blocks all non-urgent network traffic

What is a potential risk associated with Universal Plug and Play (UPnP) on a network?

It can inadvertently create security vulnerabilities

What method is NOT commonly associated with Wi-Fi Protected Setup (WPS) for connecting devices?

Device synchronization method

What is a key feature of a SOHO wireless router?

It typically includes a modem, router, switch, and access point in one device.

Which 802.11 standard is important while selecting a SOHO router?

It dictates the transfer rate of connected devices.

What should be the first or initial step when configuring a wireless router?

Change the default username and password.

What is the primary reason for updating the firmware of a wireless router?

To address bugs, security vulnerabilities, and add features.

What factor should be considered when physically placing a wireless router?

The size, building materials, and potential interference from other devices.

Which of these is NOT typically a built-in function of a SOHO wireless router?

Network file server.

What might be necessary for larger areas when using a SOHO wireless router?

Wireless extenders.

Why is it recommended to only change the default password and not the username on all routers?

Default username changes are not available on most routers.

What should be done to prevent unauthorized physical access to the router?

Store the router in a locked closet.

Which configuration method is the most common for internet connections?

DHCP

What must be avoided when setting the SSID for a wireless network?

Using a similar name as other nearby networks.

Why is SSID suppression not considered a robust security measure?

The SSID can still be easily identified using apps.

What does NAT allow in small networks?

Multiple devices to share a single public IP address.

Which wireless encryption protocol offers the highest security among typical SOHO networks?

WPA3

When configuring a wireless router, why is it important to select the correct channel?

To avoid interference with other access points.

Which statement accurately describes port forwarding?

It is used to direct traffic to a specific IP address on the internal network.

What is one consequence of using mixed mode in wireless protocols?

The speed may be throttled to the slowest protocol.

What should be done with guest access on a secured wireless network?

Disable it unless specifically needed.

What is the role of a firewall on a wireless router?

To provide an additional security layer for the private network.

Which range corresponds to private IP addresses reserved for local networks?

10.0.0.0 - 10.255.255.255

Which of the following is NOT a recommended practice when configuring a wireless network?

Using a weak passphrase for WPA2.

Study Notes

SOHO Network Configuration

• SOHO (Small Office/Home Office) networks are generally smaller networks that do not require servers for resource management or enterprise-level switches for device connections.
• Home wireless networks are typically considered SOHO networks.

SOHO Wireless Router

• A typical SOHO network consists of a single router connected to the internet.
• SOHO routers are often all-in-one devices with integrated functionalities:
  • Router: Connects the internal network to the internet.
  • Switch: Connects internal devices using RJ-45 connections.
  • Wireless access point: Provides access to the wireless connection.
  • Modem: In some cases, the modem function is also integrated into the router (if provided by the ISP).
• When choosing a wireless router, consider:
  • 802.11 standard compatibility: Ensure the router supports the same standard as client devices for optimal transfer rates.
  • Transmit power: The router should have sufficient power to cover the entire building. Wireless extenders may be necessary for larger areas.
  • Special features: Many routers offer additional features for performance improvement, which are often unique to each manufacturer.

Wireless Router Configuration

• Initial steps for configuring a wireless router:
  • Change default username and password: Routers ship with default credentials that are easily accessible online, posing security risks. Always use a strong password.
  • Update firmware: Regularly check for firmware updates to address bugs, security vulnerabilities, and potentially enhance functionality.
  • Physical placement: Strategically place the router to ensure adequate coverage throughout the building, taking into account factors like size, materials, and potential interference from other wireless devices.
  • Restrict physical access: Place the router in a secure location to prevent unauthorized configuration changes.

Wireless Network Configuration

• Before setting up the wireless network, connect the router to the internet modem using the WAN port (often labeled "Internet").
• Internet connection configuration options:
  • DHCP: Most common option where the router automatically obtains connection information (IP address, subnet mask, DNS server) from the ISP.
  • Static: ISP may provide static configuration, requiring manual configuration of IP address, subnet mask, and DNS server.
  • PPPoE: A protocol commonly used by DSL providers for internet access regulation through username and password authentication.
• Once the internet connection is configured, proceed to set up the wireless network:
  • Service Set Identifier (SSID):
    • This is the unique name for the wireless network (should be changed from the default).
    • Avoid using the same SSID as other networks in the area.
    • Maximum length is 32 characters (case sensitive).
    • Avoid including personal or identifiable information.
    • Limit special characters (spaces, dashes, etc.) as they can cause compatibility issues.
  • SSID suppression (cloaking): Disables the broadcasting of the SSID, requiring users to manually enter the SSID for connection. While effective, it is not considered a robust security measure.
  • Wireless protocol: Configure the router to support only the protocols required by devices on the network. Mixed mode can lead to reduced speeds based on the slowest protocol.
  • Wireless channel: Select a channel that doesn't conflict with other access points or devices. Automatic channel selection features are available on many routers.
  • Authentication and encryption:
    • Authentication limits network access to authorized devices.
    • Encryption protects wireless communication from eavesdropping.
    • WPA2 or WPA3 are recommended for SOHO networks.
    • Use a strong shared secret (passphrase) for WPA2 and WPA3 if all devices support it.
  • Guest access: Disable guest access unless the network is specifically designed for public access. Guest access should be configured to restrict access to the internal network.
  • Network Address Translation (NAT):
    • NAT allows multiple devices on a private network to share a single public IP address for internet access.
    • The internet is considered a public network, requiring registered IP addresses assigned by ISPs.
    • SOHO networks are private networks using private IP addresses internally.
    • NAT translates private IP addresses to the public IP address for internet communication.
    • The private network can utilize IP addresses within specific ranges reserved for private use:
      • 10.0.0.0 - 10.255.255.255
      • 172.16.0.0 - 172.31.255.255
      • 192.168.0.0 - 192.168.255.255
    • NAT routers associate port numbers with private IP addresses for internet communication.
  • Security settings:
    • Firewall: A basic firewall enhances security by filtering incoming and outgoing traffic.
    • Close unused ports: To prevent potential attacks, disable unused ports.
    • Port forwarding: Configure specific ports for allowing traffic to internal devices. Only enable port forwarding when necessary.
    • Screened subnet (DMZ): Provides a secure area for resources that are open to external users (e.g., web servers). While allowing access, it exposes the network to a variety of threats.
    • Content filtering: SOHO routers often provide content filtering and parental controls to restrict access to specific websites or services.
    • IP filtering: Allow or deny specific IP addresses from accessing the network.
    • MAC address filtering: Allow or deny specific MAC addresses for network access (considered a weak security measure and should not be used).
  • Universal Plug and Play (UPnP):
    • UPnP facilitates the discovery and automatic connection for devices like printers and webcams.
    • It automatically opens ports for internet access, which can create security vulnerabilities. Disable UPnP if it's not needed.
  • Quality of Service (QoS):
    • QoS prioritizes network traffic to ensure smooth operation for specific applications (e.g., VoIP).
  • Wi-Fi Protected Setup (WPS):
    • WPS simplifies the connection process for WPS-enabled devices to the wireless network.
    • Uses PIN or push-button methods for connecting devices.

Description

Test your knowledge on the configuration of SOHO networks. This quiz covers essential concepts such as the functionalities of SOHO routers and the components involved in setting up a small office or home office network. Answer questions about compatibility standards and device connections.