a guest Jun 27th, 2019 176 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- # Securing SOHO Networks
- Nowadays home office it's pretty common, as a matter fact big companies (Fortune 500 included) let their employees work from home once or twice a week. Remote jobs are increasing big time and many entrepreneur ideas starts from space without any critical network setup
- This writing presents tips for securing **SOHO** networks. **SOHO** stands for **Small Office - Home Office**
- Things may apply or may not, it will depend on your specific setup and functional compatibility.
- #### How should the connectivity be?
- 1. **Router** as a server that connects to Internet
- 2. A **Switch** which responsibility is to connect multiple local devices
- 3. A **Firewall** to protect your local network
- 4. And a **Wireless Access Points** for connecting tablets, printers and more.
- #### So, let's start
- 1. Change administrator accounts on the Router, rename administrative account if possible, change the admin account password.
- 2. Keep router firmware updated to avoid **DoS** attacks, b traffic exposure, Identity theft, etc.
- 3. It's also good idea to power-cycle the router periodically, once a month could be good.
- 4. Set up Port forwarding only as needed (permitting inbound traffic) where the incoming traffic goes to specific **LAN** address.
- 5. Disable universal plug and play, this makes port forwarding easier for remote access
- - Malware on LAN can Bypass firewall
- - Run router commands
- - Redirect local **IPs** to remote **IPs**
- - Disable or Restrict remote management
- 6. Remote management for disabling or restrictions.
- 7. Check public facing ports, by listing the ports with/without visibility to the Internet and take actions if needed.
- 8. Block Unnecessary ports
- 9. Block Undesired sites (particular **URLs**) on particular days or permanent
- 10. Consider Disabling **DHCP** (may work or not, depending on the usage). This makes its harder for intruders to access the **SOHO** networks by assigning each devices with a static **IP** Address
- 11. MAC address filtering to allow or deny some computers to control the network access. This can be spoofed easily
- 12. Choosing Overall Firewall security level:
- - Many gateways provide two or three simplified security levels
- - Use the strictest security compatible with the applications you run
- - Sometimes can interfere with remote access tools (Remote desktop or others)
- ## WiFi Settings
- 1. Change **SSID** (Service set IDentifier) to something different than default.
- 2. Consider disabling **SSID** broadcast (this is not strong at all)
- 3. Set strong encryption protocol and password.
- 4. Place WAP (Wireless Access Point) centrally.
- 5. Adjust Radio Power Level, set the lowest power level that covers the space.
- 6. Disable WPS from the **WPA** protocol, turn off **WPS**.
- 7. Set up a guest networks with a separate **IP** address range from the main network, separate **SSID**, password and restrict guests to the public Internet.
- One final tip: physical security also matter.
RAW Paste Data