6.11.8 SOHO Configuration Practice Questions
NAT translates the Internet IP addresses and the IP addresses on your private network. This allows for multiple computers to share the single IP address used on the Internet. Firewalls prevent unauthorized users from accessing private networks connected to the Internet, including the DHCP server. A proxy server caches web pages.
169.254.0.1 – 169. 254.255.254 is the range of IP addresses assigned to Windows DHCP clients if a DHCP server does not assign the client an IP address. This range is known as the Automatic Private IP Addressing (APIPA) range. The other three ranges listed in this question are defined as the private IP addresses from RFC 1918 which are commonly used behind a NAT server.
Of the addresses listed here, the following are in the private IP address ranges: 10.0.12.15 (private range = 10.0.0.0 to 10.255.255.255) 172.18.188.67 (private range = 172.16.0.0 to 172.31.255.255)192.168.12.253 (private range = 192.168.0.0 to 192.168.255.255).
You should update the firmware on the router to fix bugs or security holes. You will typically download the firmware and use a Web browser to update the firmware. Enable the DHCP service to assign IP addresses to hosts on the private network. Enable NAT so multiple computers can share the single IP address used on the Internet. Configure port triggering to dynamically open incoming ports based on outgoing traffic from a specific private IP address and port.
Wi-Fi Protected Access 2 (WPA2) is currently the most secure wireless security specification. WPA2 includes specifications for both encryption and authentication. WPA was an earlier implementation of security specified by the 802.11i committee. WEP was the original security method for wireless networks. WPA is more secure than WEP, but less secure than WPA2. Kerberos is an authentication method, not a wireless security method.
You should disable SSID broadcast. Disabling SSID broadcast will make the WAP not appear when the unauthorized user is looking for available wireless networks. Implementing WPA2 will enable encryption and authentication on the WAP. Without the correct passphrase, the neighbour will not be able to connect to the wireless access point. Changing the signal channel sometimes helps eliminate interference problems with neighbouring wireless systems. however, network cards automatically detect the channel, so changing the channel offers no security benefits. By itself, 802.11g is no more secure than any other wireless networking standard.
To connect to the wireless network using WPA, you will need to use a preshared key and TKIP encryption. When using a preshared key with WPA, it is known as WPA-PSK or WPA Personal. AES encryption is used by WPA2. The channel is automatically detected by the client. The Basic Service Set Identifier (BSSID) is a 48-bit value that identifies an AP in an infrastructure network or a STP in an ad hoc network. The client automatically reads this and uses it to keep track of APs when roaming between cells.
In this case, implementing WPA2 with AES and using the same pre-shared key on each client provides the greatest amount of security with the least amount of effort, and does not require the replacement of any of the wireless infrastructure. WPA-2 Enterprise uses 802.1x for authentication and requires the configuration of an authentication server. WPA2 is more secure than WPA-PSK.
A wireless router, or wireless access point is the primary device that is needed to set up a SOHO network. The router is the device that provides the connection that computers, printers, and mobile devices use to communicate with each other. (A wireless router can be a multi functioning device that also function as a modem, 4 port switch, NAT router, DHCP server, and a firewall.).
A cable or DSL modem provides the needed Internet connection, but a modem only gives one device access to the Internet. A SOHO network isn’t possible unless the device you connect to the modem is a wireless router. A NAT router, a DHCP server, and a firewall are all very useful SOHO network services; wireless routers are available that include these functions.
Configure the wireless router.
Secure the SOHO network.
– Configure the Internet connection- Begin by connecting the wireless router to the DSL or cable modem that provides the Internet connection, using the router’s WAN port. If the router does not automatically detect and configure the Internet connection follow the configuration instructions provided by the Internet Service Provider.
– Configure the wireless router- Before setting up the network, the default administrator username and password should be changed and the firmware on the router should be updated to fix bugs or security vulnerabilities.
– Enable NAT- Before the network host devices (computers, mobile devices, and printers) can receive IP addresses, NAT must be enabled on the router. NAT allows multiple computers to share a single public IP address used on the Internet. The host devices will communicate with each other using private network addresses from of the private address ranges.
– Configure DHCP- After NAT is configured to use a range of private network addresses, DHCP can be configured to assign IP addresses from that range to the host devices.
– Secure the SOHO network- Secure the SOHO network by; configuring the firewall on the router, configuring content filtering and parental controls, and physically securing the router.
There are other wireless communication technologies, but Wi-Fi based on the 802.11 standard is the only practical option for the typical SOHO environment. A SOHO network does not need a server so you will generally not configure a network server. A SOHO network only uses one subnet, so there is no need to design a subnetting scheme. Using a wireless router means the physical network star topology is already determined.
Enable quality of service (QoS) on a SOHO network allows you to prioritize certain network communications over others. For example, you could give VoIP network traffic higher priority and more bandwidth than HTTP (web browser) traffic.
Enabling and configuring a demilitarized zone (DMZ) would allow you to cause all incoming port traffic to be forwarded to a specified DMZ host. Enabling the Universal Plug and Play (UPnP) and media content. Configuring content filtering and parental controls allows you to prevent hosts from accessing specific websites or using a specific Internet service, such as chat, torrent, or gaming applications.