Installing and getting a Small Office Home Office (SOHO) network set up is a simple task when using “Off The Shelf” equipment and the default configuration. Sadly it is not as secure as one would like. Using the default configuration leaves the network open to would be hackers, hijackers and the next door neighbor looking to get some free internet.
Today we are going to discuss the equipment used to build our SOHO and then how to step outside of the box and ensuring that we are secure. Our small businesses has a total of 5 employees working out of a converted basement. We use Verizon FIOS for our ISP using a Actiontec Wireless Broadband Router (GigE), 5 laptops, 1 PC and 1 ...view middle of the document...
168.0.1 all other IPs are assigned by DHCP. WEP is set for encryption and the transmit power is set to high.
New security configuration
After setting up the network and ensuring that all user stations were able to connect with the network in its default state we will implement our security policy. First and foremost is the reconfiguring of the network itself. Our goal is to make the network secure while still allowing for our systems to connect and be productive. The first step would be to connect to the router using the default user name and password. Once connected the username will be changed to something other than “Admin” and the password will be changed to a more complex password using at least 9 characters and most include Upper Case, lower case letters, numbers and special characters (!#$^* for example).
The SSID will be changed from the default to one that is more fitting for our network while at the same time the SSID will no longer be broadcasted. This will help keep prying eyes that are searching for our network from finding it listed in the list of available networks in the area. The transmit power that is set to high by default will be lowered to the point that only out furthest asset from the router will be able to see it.
DHCP will be turned off and static IPs will be assigned to each asset using the IP Schema of 10.0.0.x over the standard 192.168.0.x addresses. We will also tune on MAC address filtering. Each of our assets MAC addresses will be recorded and then entered into the filtering on the router. This will make it so only the...