Time
10 hours 41 minutes
Difficulty
Beginner
CEU/CPE
12

Video Transcription

00:05
this module. We're gonna talk about how you should think important things considered when setting up a small office or home office network are often known as SoHo S O H. O.
00:17
So the Net requirements would set up a home office
00:20
or a home network.
00:22
They're gonna have a lot of different choir mints. Then you would have in a large corporate network, lot cheaper requirements
00:28
the hardware that's available for consumers a lot cheaper and as complex.
00:35
If if you're doing a home office type set up for a small business, you won't consider if need. Thio allow VPN access. So do you need to buy a kind of device that has VPN technology built into it?
00:46
You don't want to go build your own VPN solution.
00:50
You have to share data
00:53
and have storage available either on site or available remotely.
01:02
Something's consider. Besides the VPN and,
01:06
uh, the different choir mints. These some of the questions you ask yourself. What are the job functions within the office?
01:14
How did those job functions relate to our network
01:17
so I can determine the capability that my network needs to support?
01:23
You mean a compatible issues, compatibility issues with the existing
01:27
network I have in my small home office.
01:33
What kind of internal external connections do I need to allow remote users to connect to my office?
01:38
Do I need a multi function printer that can connect the network as a peripheral? We need digitize er's
01:45
what kind of security? How sensitive is the information I use on a day to day basis?
01:49
Do I need to have any special caveats to protect my network or information?
01:59
So a small office you may already have cabling in the building If you're renting out of space,
02:04
may already have WiFi jacks, and you just need to provide
02:07
the network equipment
02:13
in the home office you're most likely not gonna have cabling.
02:16
Where you end up doing is probably have WiFi for the rest of the house. And then inside your office, you'll probably have cat five cables running around the corners of the
02:25
on the corners of the room to connect all your devices together with a switch sitting somewhere.
02:38
How are you gonna connect out to the Internet from your home office?
02:43
You d a cellar cable? Do you need more speed for
02:46
what kind of ah external connection you know both D S L and cable modems. Usual providers usually also offer a higher data speed rate for commercial users. So if you're running a small business, you could pay a little more to get higher speeds. And they also allow youto have service is running on your
03:04
I pee. They'll give you a dedicated external i p address in some cases that you can pay for.
03:07
If you're gonna need the host,
03:08
any kind of server,
03:14
consider the size of the rocker switches. Most home routers that you'd buy come with, like four ports.
03:20
So do I need to buy a second switch to plug in there? Because I'm gonna have more devices that in my home office That's not gonna be enough
03:30
again with peripherals. Do I need all one person that can do fact scan?
03:37
Do I need to wireless or am I gonna run a cable across the
03:40
the floor to get to it?
03:44
Or am I just gonna plug it into a one computer and have everyone use that one computer to use it?
03:51
So the Home office router This is one of the most important pieces.
03:54
It kind of puts in a lot of independent devices you see in a corporate environment. One easy to use
04:00
interface in device
04:04
serves as a route router switched firewall and wireless access point on one.
04:11
So and these settings were usually easily accessed through a Web interface as opposed to a corporate environment, you'd be using more complicated command lines and remote access capabilities. These air designed to be user friendly,
04:25
so we'll be configured through a Web interface.
04:28
So we're gonna talk about some of the common setting that you should have for your WiFi or for your home router to ensure that secure for, ah, home officer
04:38
Small business.
04:40
So first you access the admin page through the Web.
04:45
Very first thing you wanna do is change that. The fault, username and password. I can't tell you how many assessments I bet on where I have to do is
04:54
find out what kind of router it is or even just test some common default passwords. And I'm able to get in because they don't change it.
05:00
We just walked by a clause and see Oh, so that's the link, sis.
05:03
Then I see a wireless network available. I'll just try. You can look on the Internet to find the default admin passwords for all these routers.
05:10
You know, download the manual and try using default username password for the admin account and you're in.
05:16
So once you're in, you could start giving yourself access to other stuff
05:19
or changing settings.
05:30
So
05:30
we're the so WiFi saying to be concerned about our which channel you're gonna be on.
05:36
Why pick a child has the least amount of interference for your wife. I
05:41
So some of them will do it automatically where they're gonna look at all the WiFi networks that are broadcasting and what channel their on. And we'll try to pick a channel for you
05:49
that has less interference than the other one, then the other networks around you.
05:55
If you don't have that setting, you can set it yourself. And you can use a tool like insider,
06:00
which is for Windows and Lennox, which will basically give you a graph.
06:05
Yet the wireless card to do it. But I'll give you a graph that shows you the strength and the channel of all the networks around you. And then you just find
06:14
you find the area where you see the least number of chip least number of networks transmitting at the lowest rate. And then that's the channel that you'd want to pick for your
06:21
WiFi access point.
06:25
Do you want to have the S I d broadcast on her off?
06:29
I used to be said that it was best to keep it off,
06:30
um, security through obscurity. If they don't know it's there
06:34
that they wouldn't be our connect to it. But
06:38
it's very easy to discover. It's just turning it off. It doesn't completely hide it. Most tools, even tools like insider will still
06:46
easily determine the S s I. D. The broadcast name for your network with broadcast turned off. So turn it off. Really? Just blood time just causes more difficulties
06:57
for incompatible WiFi nix. That can't seem to connect because it can't. You can't put in the name
07:02
for encryption.
07:04
You pay. Two is recommended.
07:08
That's the standard. Right now it supports 256 A s encryption.
07:14
One of things to consider here is some legacy devices might not support the beauty p two. If you have the wireless devices that only that came out five or six years ago, they may only do wept
07:25
uh, for encryption.
07:28
So you have to really make a
07:31
a hard business decision there. That is it more important that this device is on the network, that is, to encrypt my data.
07:38
You might wanna consider replacing that device or, if it's possible, plug it into a network card or network cable than having it
07:46
than downgrading all the rest of your WiFi connections to a lower security standard.
07:57
Almost all ah small office Home office Roger Support
08:01
Provide DE a. C P Service is,
08:05
um,
08:05
one thing you want is sure that it's a small business. You might be running some kind of small window service and, ah, small business server.
08:15
You're doing that That might be revived. DCP. So you want to make sure you only have one gate C P server in your network.
08:22
So if you already have some kind of UNIX or Windows server from providing day CP, you want to make sure you turn off the A, C, P and your router.
08:31
It's usually on by default.
08:39
Most several routers all support what's called Mac. Fill it filtering through black listen, white lists.
08:45
This is where we can say
08:46
certain Max certain certain network cards based off their Mac idea are allowed to attack, Connect to my network or not. This could be over the WiFi or over the network ports actually on there if you're not using any additional switches,
09:03
So I do a blacklist. We say that all Mac dress, they're allowed to connect, except the ones I specifically say.
09:07
So that way I'm going to say I know which
09:11
Mac addresses. I don't want to connect my network.
09:15
That's probably not gonna be that common. But for some reason you just have you lost laptop, you could Maybe if you knew the Mac address of lack topper device you lost, you could put that Mac address in there.
09:26
The opposite is the white list, which is the more common way to implement it. Where we say knows, lots connect unless I specifically say they can.
09:33
So we deny by default.
09:41
So your hours I'll support firewalls and D m zis for security.
09:48
The fire will determine which service is of any need to be access inside from the Internet. So by default, it won't let the only lead web traffic in and out by default. Ah, firewall on us. The whole router,
10:01
which is good unless you're hosting something that needs to be access from the Internet. So if you're hosting any kind of server like a Web server
10:07
or mail server, then you have to set rules in your firewall to allow
10:13
user from the air nets specifically connected to the server that's hosting the Web server and over poor 80 for Web report 25 for mail.
10:24
This could also be if you're hosting any kind of VPN solution, you have to be sure you're enabling,
10:30
which have report your VPN is working on through the
10:33
firewall
10:37
DMC Stanford Demilitarized zones
10:41
drive from the military term
10:43
A. D, M Z and network terms
10:46
is,
10:46
ah, host that sits between your network and the Internet. So we have all our host behind the firewall.
10:54
Everyone's playing the same router, but for some reason
10:56
we have one host that we need to have full access into and out of the Internet.
11:01
We could put it in the D. M Z, and it basically logically, logically takes that host from behind the firewall and puts it in front of the firewall.
11:09
So it is
11:11
unfiltered, unadulterated access
11:13
to him from the Internet.
11:16
So any service is there running on that host
11:18
will be accessible from the Internet.
11:22
Highly un. It's not recommended solution to ever use
11:28
it. Probably a very customized solution. You're better off setting a specific firewall rule to allow that port. But
11:37
if you go into the software will say Okay, what's the Mac address for the IP address of the machine that you want to put in the D M Z and you don't physically unplug it and plug it back in somewhere else. It just logically
11:48
puts it in front of the firewall that puts in front of the
11:52
the fire hose.
11:54
Um,
12:01
maybe the only time I've ever used in practical experiences for testing. I think something's not working on my firewall. So I'm gonna take a PC and put it in the demilitarized zone, see if it still works. But, you know, that's very short term. I right away, bring it back behind the firewall.
12:22
It's like lowering the drawbridge, sending someone else and raising it back up and see what happens. You know, these guys get okay bringing back in. No one out there

Up Next