Introduction to Computers SOHO Configuration
SOHO Configuration SOHO stands for Small Office, Home Office, and is a term used to describe a working environment with fewer than 10 employees. As such, a SOHO network is a networking environment that supports this smaller office model A SOHO network typically consists of a single router connected to the Internet. This router is usually a device that combines the functionalities of a router, switch and wireless access point into a single device Most SOHO networks don't use dedicated servers, such as print, web, or file servers. Instead, a SOHO environment will do things like connect a wireless printer to the network, and share files using a work group model, where each computer simply shares specific folders to the network. Sometimes a network attached storage device designed for SOHO networks will be used The key thing to remember is that a SOHO network typically uses standard, consumer level devices. You aren't going to see enterprise level switches in this type of networking environment
SOHO Description A small office/home office (SOHO) is a small network that is typically based in the home or a small business center. Most SOHO networks have the following characteristics: Between 1–10 connected hosts (computers, mobile devices, or printers) Uses Ethernet or 802.11 wireless networking (or both) as the network medium A single Internet connection is shared among all hosts Uses a single subnet Employs a workgroup networking model (Peer to peer, not client/server) A typical SOHO network uses the following devices: A modem or router connects the location to the Internet. This connection provides a single IP address for connecting to the Internet. A router connects the private network to the Internet connection. This router is typically a multifunction device, which includes a switch, wireless access point, and firewall functionality
SOHO Router The SOHO router is the heart of the SOHO network. This router fulfills multiple roles in the network. Because of this, it's important that you know not only how to manage and configure one, but also how to select an appropriate SOHO router for various types of SOHO networks The first thing to consider when selecting a router is the Internet connection being used if you want to use this device as a modem. If so you’d have to choose one designed to connect directly to a DSL or cable network Many routers also function as a wireless access point, but you might want a more robust wireless access point. If this is the case, it might be better to select a router with only wired functionality, and purchase a separate wireless access point and connect it to the router
SOHO Router Configuration After the router has been selected, there are some key steps that should be taken any time you're setting up a new router, no matter the brand The first step is to change the default login credentials. Most routers use a default username of admin. Some routers allow you to change this, but a lot of SOHO routers won’t. However, all routers allow you to change the password, and this should be done immediately The next thing you should do is update the router to the latest firmware version. Even if the router is brand new, there may be a firmware update that will fix bugs, security vulnerabilities, and could even add additional features And finally, configure the router's firewall settings. Most SOHO routers will have an integrated firewall feature that blocks external attacks. Make sure the firewall is enabled and configured properly. The firewall can block specific services, such as torrent applications, that use up a lot of bandwidth If the router also functions as a wireless access point, you should also change the default SSID, and configure authentication and encryption. For most SOHO environments, selecting WPA2 personal is the best wireless configuration
Internet Configuration After you've selected the appropriate router and connected it physically to the Internet, you need to configure it to have the right configuration to communicate with the Internet The most common method to establish an Internet connection is to configure the router to use DHCP. With DHCP, the router contacts the ISP's DHCP server, which provides the router with all the necessary configuration information, including IP address, subnet mask, and DNS server Sometimes the ISP will provide you with this information, which you then need to manually configure on the router as a static configuration If the Internet service is DSL, you may have to configure the router to use PPPOE. PPPOE is a protocol, that allows an ISP to regulate Internet access using username and password authentication.
Network Address Translation (NAT) After the Internet connection has been established, the next step is to allow hosts to connect to the network and obtain Internet access.To do this, the router uses a networking technique called network address translation (NAT) Without NAT, every single device on this network would need to have a unique Internet IP address, but unfortunately IP addresses are limited. Because of this, ISP's will typically only assign a single Internet IP address, also called a public IP address, to subscribers NAT assigns internal devices a private IP address (such as 10.0.0.1) and associates the private IP address with the public IP address used by the router
NAT and PAT Using NAT, let's say a host visits a website. The request is sent to the router, with the website as the destination,and the host's private IP address as the source address. When the router receives this request, it does it does two things First, it strips off the source address and replaces it with the router's public IP address Since it stripped the source address, the router will no longer know where to send responses, so, before sending the request, NAT uses a technique called port address translation (PAT) PAT appends a random port number between 49,152 and 65,535 to the end of the public IP address. The router then places an entry in its translation table to associate the random port number with the private IP address that was removed. The request is then sent to the website When the router receives the website's response, it'll compare the port number with the translation table to see which private IP address made the request, and it'll forward the information on to the host. By assigning internal hosts private IP addresses and using a NAT router, the same public IP address can be shared by hundreds of devices
Private IP Range The Internet assigned number authority, IANA, has assigned 3 IP address ranges for private use - 10.0.0.0/8, 172.16.0.0/16, and 192.168.0.0/24 By default, most routers are configured to assign hosts an IP address in the range of 192.168.0.0/24. This is a class C address, so it has a default subnet mask of 255.255.255.0, which gives us 254 unique IP addresses Since the router is considered a device on the network, it is assigned a private IP address. Routers will typically be assigned the first available host address (192.168.1.1 for example). This IP address is used to connect to the router, and make configuration changes. It's also used as the default gateway, and typically the DNS server and DHCP server when configuring hosts
Wireless Access Points Configuration If the SOHO network includes a wireless access point, there will be further steps to configure and secure the wireless network: Configure the wireless protocol If your access point supports multiple wireless protocols, select the protocols to support, such as 802.11n only or mixed mode (both 802.11n and 802.11g). Be aware that when using mixed mode, most access points will throttle all clients to the slowest connected protocol speeds (i.e. if a 802.11g client connects to the network, 802.11n clients will operate at 802.11g speeds) Configure the channel The channel identifies the portion of the wireless frequency used by the access point Use a channel that does not conflict with other devices in the area. A simple rule to minimize conflicts is to remember that the frequencies used by channels 2–5 compete with the frequencies used by channels 1 and 6, while the frequencies used by channels 7–10 compete with the frequencies used by channels 6 and 11. Many access points have an automatic channel feature that detects other access points and automatically selects the channel with the least amount of traffic
Wireless Access Points Security (1) Change the default SSID Many manufacturers use a default SSID that contains identifying information, such as device manufacturer and model number In addition to changing the default SSID, it is also possible to disable the SSID broadcast. This is known as SSID suppression or cloaking. The SSID will need to be manually entered into devices for them to connect to the network. This is only a slight deterrent unfortunately Configure encryption and authentication Add authentication to allow only authorized devices to connect and use encryption to protect wireless communications from eavesdropping Always use WPA2 when possible. If WPA2 isn't available, use WPA. Because WEP has several known security vulnerabilities and can be easily cracked, it should only be used as a last resort. When using WEP, never use shared key authentication; only use open authentication
Wireless Access Points Security (2) Enable MAC address filtering By specifying which MAC addresses are allowed to connect to your network, you can prevent unauthorized devices from connecting to the access point. Unfortunately, this is considered a cumbersome and weak form of security. Permitted MAC addresses can be very easily captured and spoofed by even casual attackers Disable DHCP for wireless clients Disabling DHCP on the wireless access points allows only users with a valid, static IP address in the range to connect. An attacker would have to be able to discover or detect the IP address range, subnet mask, and default gateway information to connect to the access point. Configure Wi-Fi Protected Setup (WPS) The WPS security protocol makes it easier for WPS enabled devices (like a wireless printer) to connect to the wireless network. WPS can use several methods for connecting devices, including the PIN method and the push button method. The method used to connect devices must be supported by both the access point and the wireless device. Because of the inherent security vulnerabilities with WPS, it is best to disable this feature on the access point
Wireless Access Point Placement The location of the access point can affect signal strength and network access. Keep in mind the following recommendations: Place access points in central locations. Radio waves are broadcast in each direction, so the access point should be located in the middle of the area that needs network access. Devices often get better reception from access points that are above or below. In general, place access points higher up to avoid interference problems caused by going through building foundations. For security reasons, do not place access points near outside walls. The signal will extend outside beyond the walls. Placing the access point in the center of the building decreases the range of the signals available outside of the building. Do not place the access point next to sources of interference, such as other wireless transmitting devices (cordless phones or microwaves) or other sources of interference (motors or generators).
Windows Network Location Profiles (1) The Windows operating system uses network location profiles to determine the security settings for a particular network connection Home network The Home network location is designed for use on networks where you know and trust each device on the network. With the Home network location: Network discovery is enabled. This means other computers and devices on the network are able to see and connect to each other Connected devices are able to join the network homegroup. The Windows firewall configuration is changed to allow certain types of network communication through. Because this network location is the least secure, only select this location if you know all the devices and people that are connected to the network.
Windows Network Location Profiles (2) Work network The Work network location is designed to be used in a SOHO environment or other small business network Network discovery is enabled; however, the computer is unable to create or join a homegroup The Windows firewall configuration allows certain types of network communication Public network The Public network location is designed for use on unknown or public networks (e.g., a coffee shop or other public Wi-Fi network) Network discovery is disabled. This means other computers on the network cannot see you and you cannot see them Network sharing, such as printers and scanners, is disabled The Windows firewall configuration is changed to block almost all communications. For applications to be able to communicate, they need to be manually allowed