a guest Jun 27th, 2019 176 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Securing SOHO Networks
  3. Nowadays home office it's pretty common, as a matter fact big companies (Fortune 500 included) let their employees work from home once or twice a week. Remote jobs are increasing big time and many entrepreneur ideas starts from space without any critical network setup
  5. This writing presents tips for securing **SOHO** networks. **SOHO** stands for **Small Office - Home Office**
  7. Things may apply or may not, it will depend on your specific setup and functional compatibility.
  9. #### How should the connectivity be?
  11. 1.  **Router** as a server that connects to Internet
  13. 2. A **Switch**  which responsibility is to connect multiple local devices
  15. 3. A **Firewall**  to protect your local network
  17. 4. And a **Wireless Access Points**  for connecting tablets, printers and more.
  19. #### So, let's start
  21. 1. Change administrator accounts on the Router, rename administrative account if possible, change the admin account password.
  23. 2. Keep router firmware updated to avoid **DoS** attacks, b traffic exposure, Identity theft, etc.
  24. 3. It's also good idea to power-cycle the router periodically, once a month could be good.
  25. 4. Set up Port forwarding only as needed (permitting inbound traffic) where the incoming traffic goes to specific **LAN** address.
  26. 5. Disable universal plug and play, this makes port forwarding easier for remote access
  27.    - Malware on LAN can Bypass firewall
  28.    - Run router commands
  29.    - Redirect local **IPs** to remote **IPs**
  30.    - Disable or Restrict remote management
  31. 6. Remote management for disabling or restrictions.
  32. 7. Check public facing ports, by listing the ports with/without visibility to the Internet and take actions if needed.
  33. 8. Block Unnecessary ports
  34. 9. Block Undesired sites (particular **URLs**) on particular days or permanent
  35. 10. Consider Disabling **DHCP** (may work or not, depending on the usage). This makes its harder for intruders to access the **SOHO** networks by assigning each devices with a static **IP** Address
  37. 11. MAC address filtering to allow or deny some computers to control the network access. This can be spoofed easily
  38. 12. Choosing Overall Firewall security level:
  40. - Many gateways provide two or three simplified security levels
  41. - Use the strictest security compatible with the applications you run
  42. - Sometimes can interfere with remote access tools (Remote desktop or others)
  44. ## WiFi Settings
  46. 1. Change **SSID** (Service set IDentifier) to something different than default.
  47. 2.  Consider disabling **SSID** broadcast (this is not strong at all)
  48. 3. Set strong encryption protocol and password.
  49. 4. Place WAP (Wireless Access Point) centrally.
  50. 5. Adjust Radio Power Level, set the lowest power level that covers the space.
  51. 6. Disable WPS from the **WPA** protocol, turn off **WPS**.
  52. 7. Set up a guest networks with a separate **IP** address range from the main network, separate **SSID**, password and restrict guests to the public Internet.
  54. One final tip: physical security also matter.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand