Download presentation
Presentation is loading. Please wait.
Published byEustace Wheeler Modified over 8 years ago
1
SOHO Security Recommendations
2
Change default user/password Of the AP/router Typical admin – admin root – root root – 1234 Admin - There are web site with this information Strong password 14 characters letters, numbers and symbols …… at least Change it every 3 months ……. at least
3
Change the default SSID Service Set Identifier Identifies the Wireless LAN The router has one from factory LINKSYS6557 PRODIGY-2341 WIRENET4536 They give away mark/model A search in google will give manufacturer and model And configuration commands Eight characters long, minimum Alphanumeric and symbols Change the name “often”
4
Disable SSID broadcast Better to be anonymous The attackers do not know of your existence They know there is network but the don't know the name The beacon frame carries the SSID
5
Enable WEP encryption …. at least WEP is not the best, but …......... it's better than not to have anything at all
6
Do not allow remote access Do not access your router remotely over the Internet It is the default Web server in the router (embedded) is dangerous If it is really needed SSH or VPN (configure NAT)
7
Do not use default IP ranges Typical addresses are well known Network 192.168.1.0, 192.168.254.0 Assign new ones manually The attacker will know less about your network Less information → more work OR Disable DHCP
8
Change the AP default IP address Everyone knows 192.168.1.254, 192.168.1.1, 192.168.0.1, 192.168.0.254 It is the most important device in your network Hide its IP address
9
Logout after any configuration Logout from the router Some attacks work if an account is still authenticated CSRF (Cross Site Request Forgery)
10
Do not enable WPS Wi-Fi Protected Setup Very easy to set up clients and repeaters But lately known flaws make it easier for attackers to find out your password
11
Enable MAC filtering Every one can enter the network If they cannot enter they cannot do anything They cannot receive anything Besides encryption not instead of But sometimes is the only viable solution Big companies ITESM
12
Adequate AP location Maximize internal reception Get to every machine Minimize external reception Machines from the outside cannot receive aproper signal
13
Enable the firewall You have MAC/IP addresses and port numbers ……. and more Design good rules The AP/router is the first point of defense And sometimes the only one
14
Monitor and Log Monitor wireless traffic To identify unauthorized activity WIDS Review the logs Check for unknown devices Enable router logging Device access, intrusions, attacks, etc Review the logs…………….periodically
15
Disable UPnP Universal Plug and Play Allows the discovery among devices and establish connections for data sharing Intended for residential networks Connections from and to the Internet Seamlessly Can you live without P2P?
16
Utilizar 802.11i Much more robust than WEP It is alittle more complicated (?), but ….....
17
Turn off the network when not in use Disable DMZ Disable unnecessary services Disable PING response
18
Don’t forget to update your router firmware PERIODICALLY
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.