7.1 - 7.5 Wireless Networking
Public Network
A profile designed for use on unknown networks.
Open authentication
A token-based authentication standard that requires a MAC address to use.
Channel bonding
Combining channels into one to increase bandwidth.
Dual-band access point
A network device that connects Wi-Fi devices to form a Wi-Fi network.
Small home/home office network (SOHO)
A small office/home office network.
Work network
A profile designed to be used in a SOHO.
Configure Encryption and Authentication
Add authentication to allow only authorized devices to connect. Use encryption to protect wireless communications from eavesdropping. > Always use WPA2 when possible. If WPA2 isn't available, use WPA. > Use pre-shared key (PSK) authentication with either AES (more secure) or TKIP (less secure) encryption for a SOHO network without a domain, > Configure the shared secret (passphrase) value used with WPA2 or WPA. Each client needs to be configured with same secret value. *Because WEP has several known security vulnerabilities and can be easily cracked, it should be used only as a last resort. When using WEP, never use shared key authentication; use only open authentication.
Disable DHCP for Wireless Clients
Disabling DHCP on the wireless access points allows only users with a valid, static IP address in the range to connect. An attacker would have to be able to discover or detect the IP address range, subnet mask, and default gateway information to connect to the access point.
Wi-Fi protected setup (WPS)
A network security standard for wireless home networks/
Home network
A profile designed for networks in which you know and trust every device.
Ad hoc
A temporary peer-to-peer mode network.
A technician is tasked with preparing a conference room so that at least 20 guests will be able to wirelessly connect laptop computers to the company network. Which of the following network devices would be the BEST choice for this connectivity? Router Access point Switch Firewall
Access point An access point gives Wi-Fi access to a network. A firewall filters network traffic based on a set of rules. A switch maintains a table of MAC addresses by port and forwards network frames only to the port that matches the MAC address. A router manages IP traffic between networks.
Secure the SOHO Network
Although the router should now be configured to connect hosts to the private network and provide internet access, the following steps should be taken to properly secure the network from external threats: > Configure the firewall on the device. Enabling the basic firewall on the router provides an additional level of security for the private network. If necessary, configure exceptions on the firewall to allow specific traffic through the firewall. > Configure content filtering and parental controls. Most SOHO routers provide content filtering and parental controls that prevent hosts from accessing specific websites or using a specific internet service, such as chat, torrent, or gaming applications. > Physically secure the router. Anyone with physical access to the router can make configuration changes and gain access to the network. To prevent this, limit physical access to the router. For example, place the router and other networking equipment in a locked closet.
Which of the following are characteristics of the 802.11g wireless standard? (Select THREE.)
Operates in the 2.4 GHz range Maximum bandwidth of 54 Mbps Backwards compatible with 802.11b devices
7.3 SOHO Configuration
As you study this section, answer the following questions: > In a SOHO network, which types of devices are typically used to connect the location to the internet? > What function does enabling NAT on the router provide for a SOHO network? > What is the difference between a public IP address and a private IP address? What are the private IP address ranges? > What are the advantages of turning off SSID broadcasting? > What is the purpose of MAC address filtering? > Once DHCP is disabled on a wireless access point, what three elements would an attacker have to configure to be able to connect? > What guidelines should you consider when selecting the location of the access point to ensure the signal strength and network access? In this section, you will learn to: > Configure a wireless infrastructure Key terms for this section include the following:
802.11n Technologies
802.11n modified the previous 802.11a (5 GHz) and 802.11g (2.4GHz) standards in order to increase its potential bandwidth and transmission distance. This was done by implementing the following technologies:
Which type of configuration would you use if you wanted to deploy 802.11n technology to communicate directly between two computers using a wireless connection?
Ad hoc Configure an ad hoc connection to connect one computer directly to another using a wireless connection. An infrastructure configuration uses a Wireless Access Point (WAP) to create a network. Devices communicate with each other through the WAP. WEP is a security mechanism used for authentication.
7.3.8 Practice Questions
CIST 1130
Channel Bonding
Channel bonding is used to combine even more channels in the 5 GHz band, allowing for up to 160 MHz wide channels. Even though 160 MHz wide channels are supported, most 802.11ac networks use 80 MHz wide channels.
SOHO Characteristics
Most SOHO networks have the following characteristics: > Supports between 1-10 connected hosts (computers, mobile devices, or printers) > Uses Ethernet or 802.11 wireless networking (or both) as the network medium > Uses a single internet connection that is shared among all hosts > Uses a single subnet > Employs a workgroup networking model (i.e., there are no dedicated servers and a domain is not used)
Which of the following locations will contribute the greatest amount of interference for a wireless access point? (Select TWO.) In the top floor of a two-story building Near cordless phones Near backup generators Near DCHP servers Near exterior walls
Near cordless phones Near backup generators Other wireless transmitting devices (such as cordless phones or microwaves) and generators cause interference for wireless access points. In general, place access points high up to avoid the interference problems caused by going through building foundations. DHCP servers provide IP information for clients and do not cause interference.
Service set identifier (SSID)
network name
Which IEEE wireless standards specify transmission speeds up to 54 Mbps? (Select TWO.)
802.11a 802.11g Both the 802.11a and the 802.11g wireless standards specify maximum transmission speeds up to 54 Mbps. Bluetooth is a wireless standard commonly used to connect peripheral devices and operates at 720 Kbps. The 802.11b wireless standard provides transmission speeds of 11 Mbps. 802.1x is a wireless security standard that provides an authentication framework for 802-based networks.
You have been contacted by OsCorp to recommend a wireless internet solution. The wireless strategy must support a transmission range of 150 feet, use a frequency range of 2.4 GHz, and provide the highest possible transmission speeds. Which of the following wireless solutions would you recommend?
802.11n Of the technologies listed, only the IEEE 802.11n wireless standard addresses the desired requirements. The 802.11a wireless standard offers maximum speeds of 54 Mbps and uses the 5 GHz frequency range. The 802.11g wireless standard offers maximum speeds of 54 Mbps. 802.11b uses the 2.4 GHz frequency range but supports only 11 Mbps transfer speeds.
7.3.2 SOHO Configuration Facts
A small office/home office (SOHO) is a small network that is typically based in the home or a small business center. This lesson covers the following topics: SOHO characteristics SOHO devices SOHO router configuration
SOHO Devices
A typical SOHO network uses the following devices: > A modem or router connects the location to the internet. This connection provides a single IP address for connecting to the internet. > A router connects the private network to the internet connection. This router is typically a multifunction device, which includes a four port switch, wireless access point, and firewall functionality. > Additional wired connections can be provided by connecting additional switches to the router. A SOHO network uses multiple devices that share a single internet connection. The connection to the internet is typically through an access point or router that includes switch ports and/or a wireless access point to connect devices to the local area network and the internet. The type of device you use depends on the internet connection type (DSL, cable, fiber, etc.). The following table describes general steps you would take to configure a SOHO router and set up the network:
Shared key authentication
A wireless network access protocol that uses WEP.
Multiple-input multiple-output (MIMO)
An enhancement that allows multiple antennas to use the same radio frequency.
Multi-user multiple-input multiple-output (MU-MIMO)
An enhancement to MIMO that allows a set of devices with individual antennas, rather than just one device with an antenna, to communicate with each other.
Infrastructure wireless network
An infrastructure wireless network employs an access point that functions like a hub on an Ethernet network.
Channel Bonding
Channel bonding combines two, non-overlapping 20 MHz channels into a single 40 MHz channel, resulting in slightly more than double the bandwidth. > The 5 GHz range has a total of 23 channels, with 12 non-overlapping. This allows for a maximum of 6 non-overlapping bonded (combined) channels. > The 2.4 GHz range has a total of 11 channels, with 3 non-overlapping. This allows for a maximum of 1 non-overlapping bonded channel. For this reason, channel bonding is typically not practical for the 2.4 GHz range.
You have been asked to help a small office with a limited budget set up and configure a Windows network. There are only five computers in this office. In addition to the ability to share network resources, security is a top priority. Which of the following is the BEST course of action in this situation? Install a WorkGroup to provide a single login and simplify security and sharing. Install a HomeGroup to allow each computer to control which items are shared and who can access them. Install a HomeGroup to provide a single login and simplify security and sharing. Install a WorkGroup to allow each device to control what is shared and with whom.
Install a WorkGroup to allow each device to control what is shared and with whom. With only five PCs in this company, a Windows WorkGroup will let you organize your computers in a peer-to-peer network. This WorkGroup network lets you share files, internet access, and printers between the five employees. Unlike Windows HomeGroup, a WorkGroup has no centralized authority. Therefore, each workstation controls the database of users and privileges. Each device that is part of the WorkGroup can allow access on a user-by-user or group-by-group basis. The HomeGroup is the least secure approach to networking and sharing. A HomeGroup allows anyone with access to the Homegroup access to everything shared on any computer in the group. A single password is used for access to the group, providing equal access to all joined devices.
You are an IT technician for your company. Your boss has asked you to set up and configure a wireless network to service all of the conference rooms. Which of the following features lets you allow or reject client connections by hardware address? MAC address filtering WEP DHCP SSID
MAC address filtering MAC address filtering allows or rejects client connections by hardware address. Wi-Fi Protected Access II (WPA2) provides encryption and user authentication for wireless networks. Wired Equivalent Privacy (WEP) also provides security, but WPA2 is considered more secure than WEP. The SSID is the network name or identifier.
Which of the following is used on a wireless network to identify the network name? WPA2 passphrase MAC address SSID WEP key
SSID Wireless devices use the SSID (Service Set Identification) to identify the network name. All devices on a wireless network use the same SSID. The MAC address is a unique physical device address. The WPA2 Personal passphrase and the WEP key are both mechanisms used to secure wireless communications.
Service Set Identifier (SSID)
The SSID, also called the network name, groups wireless devices together into the same logical network. All devices on the same network must use the same SSID.
Work Network
The Work network location is designed to be used in a SOHO environment or other small business network. With the Work network location: > Network discovery is enabled; however, the computer is unable to create or join a homegroup. > The Windows firewall configuration is changed to allow certain types of network communication.
Wireless Networking Architecture
The following table describes details of a wireless networking architecture:
7.1.5 Wireless Security Facts
This lesson covers the following topics: > Authentication methods > Wireless security standards
While configuring a wireless access point device, a technician is presented with several security mode options. Which of the following options will provide the most secure access?
WPA2 and AES Of the three wireless security protocols (WEP, WPA and WPA2), WPA2 is the most secure. Of the two encryption algorithms (TKIP and AES), AES is the most secure.
Wi-Fi Protected Access 3 (WPA3)
WPA3 is a new authentication launched in 2018. It is a more resilient version of WPA2. WPA3: > Uses password-based authentication > Provides better protection against password guessing attempts by using Simultaneous Authentication of Equals (SAE) > Offers 192-bit cryptographic strength, giving additional protection for networks dealing with sensitive data *When transmitting data on a wireless network, it's important to know if the channel you are using is encrypted. Information sent on unencrypted channels, where no security is being used, can be easily intercepted and viewed. If needed, IPsec can be used to provide security when sending information on an unencrypted channel.
A technician is installing a new SOHO wireless router in a home office. The customer wants to secure the wireless network so only a smartphone, tablet, and laptop can connect. Which of the following router settings should the technician change? Enable MAC filtering Enable port forwarding Disable DHCP Disable SSID broadcast
Enable MAC filtering MAC filtering can be used to limit connectivity to a list of MAC addresses. Disabling the SSID broadcast will increase security, but SSID can be easily captured using wireless analyzers and then used to connect to the wireless network. Disabling DHCP will require static IP addresses, but will not limit network connectivity. Enabling port forwarding allows the router to redirected on the internal network. It will not limit network connectivity.
7.1.3 Wireless Networking Facts
This lesson covers the following topics: > Wireless networking architecture > 802.11 standards > 802.11n technologies > 802.11ac technologies > Additional speed facts > Additional radio frequency facts > Additional wireless standards facts
Which of the following is true when the DHCP setting is disabled in a wireless network? Wireless clients with specific MAC addresses are denied access to the network. Wireless clients must use the correct encryption key with its packets. Wireless clients must use the correct wireless access point identifier (SSID) to connect to the network. Wireless clients must use a static IP address within the correct IP address range to connect to the network.
Wireless clients must use a static IP address within the correct IP address range to connect to the network. Disabling DHCP prevents addresses from being automatically assigned to wireless systems. If DHCP is disabled, clients must use a static IP address and only those who know the IP address range and other parameters will be able to connect. Enabling MAC address filtering denies access to clients with unauthorized MAC addresses. Encryption keys are only needed when wireless networks implement some type of encryption (WEP, WPA, or WPA2). The SSID is the identifier for the wireless access point and is used to associate wireless clients with the access point.
Wi-Fi Protected Access II (WPA2)
A wireless security that adheres to 802.11i specifications.
802.1x
802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. Originally designed for Ethernet networks, the 802.1x standards have been adapted for use in wireless networks to provide secure authentication. 802.1x authentication requires the following components: > A RADIUS or TACACS+ server to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells but authenticate using the same account information > A PKI for issuing certificates. At a minimum, the RADIUS server must have a server certificate. To support mutual authentication, each client must also have a certificate *Use 802.1x authentication on large, private networks. Users authenticate with unique usernames and passwords.
Network Address Translation (NAT)
A method for remapping one IP address space into another by modifying network address information in packets' IP headers while they are in transit.
Connection Method
Ad hoc - An ad hoc network works in peer-to-peer mode. The wireless NICs in each host communicate directly with one another. An ad hoc network is difficult to maintain for a large number of hosts because connections must be created between a host and every other host, and special configurations are required to reach wired networks. You will typically use an ad hoc network only to create a direct, temporary connection between two hosts. Infrastructure - An infrastructure wireless network employs an access point that functions like a hub on an Ethernet network. With an infrastructure network, you can easily add hosts without increasing administrative efforts (scalable), and the access point can be easily connected to a wired network, allowing clients to access both wired and wireless hosts. You should implement an infrastructure network for all but the smallest of wireless networks.
7.1 802.11 Wireless
As you study this section, answer the following questions: > What type of device is required to create an infrastructure wireless network configuration? > What is the purpose of an SSID? > Which wireless standards are typically backwards compatible with 802.11g? > Two access points are part of the same wireless network. Should they use the same channel, or a different channel? Why? > How does MIMO differ from channel bonding? > What happens to the speed of a wireless connection as you move away from the access point? > Which authentication and security method should be used on a wireless network? > Why should default security settings be changed when dealing with wireless networking? In this section, you will learn to: > Connect to a wireless network > Create a home wireless network > Secure home wireless network > Configure a wireless profile Key terms for this section include the following:
The 802.11ac wireless networking standard provides increased bandwidth and communication speeds by using which of the following technologies? (Select TWO).
Channel bonding to combine more channels in the 5 GHz band to allow for up to 160-MHz-wide channels. MU-MIMO to allow multiple users to use the same channel. The 802.11ac wireless network standard increases bandwidth and communication speeds using the following technologies: MU-MIMO is an enhancement to MIMO that allows multiple users to use the same channel. In addition to adding MU-MIMO, 802.11ac doubled the number of MIMO radio streams from four to eight. Channel bonding is used to combine even more channels in the 5-GHz band, allowing up to 160-MHz wide channels. (Even though 160-MHz-wide channels are supported, most 802.11ac networks use 80-MHz-wide channels.)
A technician receives notification from a SOHO router manufacturer of a specific vulnerability that allows attackers to exploit SNMP traps to take over the router. The technician verifies the settings outlined in the notification. Which of the following actions should the technician take NEXT? Enable MAC filtering. Disable DHCP. Enable content filtering. Check for and apply firmware updates.
Check for and apply firmware updates. Manufactures often accompany a vulnerability notification with firmware updates to address the vulnerability. These updates should be applied immediately. Parental controls or content filters restrict or block specific web traffic based on keywords, URLs, or the time of day, but do not address network hacker vulnerabilities. Disabling DHCP will require static IP addresses, but does nothing to address network hacker vulnerabilities. MAC filtering can be used to limit connectivity to a list of MAC addresses, but does nothing to address network hacker vulnerabilities.
802.11a
Frequency - 5 GHz(U-NII) Maximum speed - 54 Mbps Maximum distance - 100 ft. Channels (non-overlapped) - 23 (12) Modulation technique - OFDM Backwared Compatibility - N/A
Open
Open authentication requires that clients provide a MAC address in order to connect to the wireless network. > You can use open authentication to allow any wireless client to connect to the AP. Open authentication is typically used on public networks. > You can implement MAC address filtering to restrict access to the AP to only known (or allowed) MAC addresses. *Because MAC addresses are easily spoofed, this provides little practical security.
802.11 Standards
The original 802.11 specification operated in the 2.4 GHz range and provided up to 2 Mbps. Additional IEEE subcommittees have further refined wireless networking, resulting in the following standards:
Wired Equivalent Privacy (WEP)
WEP is an optional component of the 802.11 specifications that were deployed in 1997. WEP has the following weaknesses: > A static pre-shared key (PSK) is configured on the AP and the client. It cannot be dynamically changed or exchanged without administration. As a result, every host on large networks usually uses the same key. > Because key values are short and don't change, the key can be captured and easily broken. *Because of the inherent security flaws, avoid using WEP whenever possible. If using WEP cannot be avoided, implement it only using open authentication. Shared key authentication with WEP uses the same key for both encryption and authentication, exposing the key to additional attacks.
Which data transmission rate is defined by the IEEE 802.11b wireless standard?
11 Mbps The IEEE 802.11b standard defines wireless transmission rates up to 11 Mbps. 802.11b wireless network interface cards and wireless access points (also called wireless hubs or wireless routers) will automatically negotiate the best transmission speed up to 11 Mbps based on current network traffic load and the quality of the wireless connection between the client and access point. The wireless communications are affected by distance, dense physical obstructions, and other electromagnetic interference producing devices. IEEE 802.11a and 802.11g defines wireless transmission rates up to 54 Mbps. The IEEE 802.3 standard defines Ethernet 10baseT cable based transmissions of 10 Mbps. IEEE 802.11n defines wireless transmission rates of 150 and 300 Mbps.
Which wireless standard can stream data at a rate of up to 54 Mbps using a frequency of 5 GHz?
802.11a 802.11a can stream data at a rate of up to 54 Mbps using a frequency of 5 GHz. 802.11b can stream data at a rate of up to 11 Mbps using a frequency of 2.4 GHz. 802.11g can stream data at a rate of up to 54 Mbps using a frequency of 2.4 GHz. 802.11n can stream data at a rate of up to 600 Mbps using a frequency of 2.4 GHz or 5 GHz.
Which of the following wireless networking standards uses a frequency of 5 GHz and supports transmission speeds up to 1.3 Gbps?
802.11ac The 802.11ac standard uses the 5 GHz frequency and supports data transmission speeds up to 1.3 Gbps. 802.11n supports data transmission speeds up to 600 Mbps. 802.11g and 802.11a both support data transmission speeds up to 54 Mbps. 802.11b supports data transmission speeds up to 11 Mbps.
A customer is experiencing a sporadic interruption of their Wi-Fi network in one area of their building. A technician investigates and discovers signal interference caused by a microwave oven. The customer approves replacing the wireless access point that covers the area, but asks that the wireless speed also be increased. Which of the following Wi-Fi standards should the replacement device support to BEST fulfill the customer's needs?
802.11ac The microwave oven interferes with wireless signals operating at 2.4 GHz. The 802.11ac standard is the best choice. It operates at 5.0 GHz and has a maximum throughput of 1300 Mbps. Both the 802.11b and 802.1g standards operate at 2.4 GHz. The 802.11a standard operates at 5.0 GHz, but has a maximum throughput of 54 Mbps.
802.11ac Technologies
802.11ac increased bandwidth and communication speeds by using the following technologies:
You are designing a wireless network for a client. Your client needs the network to support a data rate of at least 150 Mbps. In addition, the client already has a wireless telephone system installed that operates 2.4 GHz. Which 802.11 standard will work best in this situation?
802.11n 802.11n is the best choice for this client. 802.11b and 802.11g both operate in the 2.4 GHz to 2.4835 GHz range, which would cause interference with the client's wireless phone system. 802.11a operates in the 5.725 GHz to 5.850 GHz frequency range, which doesn't interfere with the phone system. However, its maximum speed is limited to 54 Mbps.
Additional Radio Frequency Facts
> The ability of newer devices to communicate with older devices depends on the capabilities of the transmit radios in the access point. Some 802.11n devices are capable of transmitting at either 2.4 GHz or 5 GHz. However, a single radio cannot transmit at both frequencies at the same time. *When you connect a legacy device to the wireless network, all devices on the network operate at the legacy speed. For example, connecting an 802.11b device to an 802.11n or 802.11g access point slows down the network to 802.11b speeds. > A dual band access point can use one radio to transmit at one frequency, and a different radio to transmit at a different frequency. For example, you can configure many 802.11n devices to use one radio to communicate at 5 GHz with 802.11a devices, and the remaining radios to use 2.4 GHz to communicate with 802.11n devices. Dual band 802.11a and 802.11g devices are also available.
Additional Speed Facts
> Transmission speeds are affected by distance, obstructions (such as walls), and interference. > Maximum signal distance depends on several factors, including obstructions, antenna strength, and interference. For example, for communications in a typical environment (with one or two walls), the actual distance would be roughly half of the maximum. > Because transmission speeds decrease with distance, you can either achieve the maximum distance or the maximum speed, but not both.
Additional Wireless Standards Facts
> When you configure an access point, some configuration utilities use the term mixed mode to designate a network with both 802.11n and non-802.11n clients. In this configuration, one radio transmitter is used for legacy clients, and the remaining radio transmitters are used for 802.11n clients. > Many 802.11n access points can support clients running other wireless standards (802.11a/b/g). When a mix of clients using different standards are connected, the access point must disable some 802.11n features to be compatible with non-802.11n devices, which decreases the effective speed. > Some newer 802.11a and 802.11g devices provide up to 108 Mbps using 802.11n pre-draft technologies (MIMO and channel bonding).
Wi-Fi Protected Access (WPA)
A wireless security based on 802.11i specifications.
Devices
An STA (station) is any device that is able to use the 802.11 protocol to communicate on a wireless network. Devices on a wireless network include: > A wireless NIC for sending and receiving signals. > A wireless access point (AP) is a lot like a hub. It receives wireless signals from several nodes and retransmits them to the rest of the network. > A wireless bridge connects two wireless APs into a single network or connects your wireless AP to a wired network. Most APs today include bridging features. *Many wireless access points include ports (i.e., switches or routers) to connect the wireless network to the wired portion of the network.
802.1x authentication
An authentication standard that uses username/passwords, certificates, or devices such as smart cards to authenticate clients.
Wired Equivalent Privacy (WEP)
An optional component of the 802.11 specifications.
Authentication Methods
Authentication to wireless networks is implemented using the following methods:
Configure the Router
Before setting up the network, some basic settings on the router need to be configured. Most important is to change the default administrator username and password. Default usernames and passwords are easily guessed or discovered by checking the device documentation. By changing the password, you protect the system from unauthorized access.
Configure the Internet Connection
Begin by connecting the router to the internet connection using the device's WAN port. > For a DSL or ISDN router, connect the device directly to the DSL/ISDN line. > For a cable, fiber optic, or satellite connection, connect the router to the Ethernet port on the modem or connection device. Many routers will automatically detect and configure the internet connection. If not, follow the ISP instructions for setting up the connection. This could include: > Configuring the internet connection with a static IP address assigned by the ISP or configuring the device to use DHCP for addressing > Configuring the protocol used for the connection. This will often be PPPoE for an always-on internet connection > Configuring logon information (username and password) to access the internet > Configuring a default gateway and DNS server addresses that the router will use in order to access the internet
Enable MAC Address Filtering
By specifying which MAC addresses are allowed to connect to your network, you can prevent unauthorized devices from connecting to the access point. MAC address filtering can be implemented in one of two ways: > All MAC addresses are allowed to connect to the network, except for those specified in the deny list. > All MAC addresses are denied access, except for those specified in the allow list. *MAC address filtering is considered a cumbersome and weak form of security. Permitted MAC addresses can be very easily captured and spoofed by even casual attackers.
7.1.11 Practice Questions
CIST 1130
A SOHO customer finds that their VoIP conversations frequently break up and become unintelligible. This happens most often when one person in the office streams video from the internet. Which of the following configuration changes on the SOHO router is MOST likely to improve VoIP performance? Create a DMZ and add the VoIP phone to it. Change QoS settings to give VoIP traffic more priority. Change DHCP to give the VoIP phone a static IP address. Forward UDP ports 5060 to 5065 to the VoIP phone.
Change QoS settings to give VoIP traffic more priority. Poor VoIP performance is likely due to insufficient bandwidth to support both video streaming and VoIP calls. Changing the router's QoS settings to give a higher priority to VoIP traffic will most likely improve VoIP performance. Since VoIP functions correctly but gives poor performance, any port forwarding needed for VoIP must already be in place. Configuring the VoIP phone with a static IP address will not improve performance. Creating a DMZ and adding the VoIP phone to it will not resolve any traffic contention between video and VoIP traffic.
A technician is installing a new SOHO wireless router. Which of the following is the FIRST thing the technician should do to secure the router? Adjust the radio power levels Press the WPS button Disable SSID broadcast Change the router's default password
Change the router's default password The first security configuration on the router should be to change the router's default password. Disabling the SSID broadcast may be desirable for added security, but it is not the first action you should take. Adjusting the radio power levels will limit the broadcast area and may be desirable for added security, but it is not the first action you should take. Pressing the WPS button temporarily broadcasts the SSID and passphrase, which would degrade security.
One of your customers wants to configure a small network in his home. The home has three floors, and there are computers on each floor. This customer needs to share files between computers, print to a centrally located printer, and have access to the internet. Which of the following print solutions would BEST meet this client's needs?
Configure a Wi-Fi infrastructure network. In infrastructure mode, each wireless host connects to a central connecting device called a wireless access point (AP). In this configuration, hosts communicate with each other through the AP instead of communicating with each other directly. The AP behaves much in the same way as a wired switch in this mode. The wireless AP not only controls communication between devices, but is also able to bridge the wireless network with a wired network and the internet. In an ad hoc configuration, devices can't use the internet unless one of them is connected to the internet and sharing it with the others. If internet sharing is enabled, the client performing this function will experience massive performance issues, especially if there are lots of interconnected devices. Since a device connected to the internet is required for ad hoc, it would be best to use infrastructure to alleviate some of the limitations of ad hoc. A space network is used for communication between spacecraft, usually in the vicinity of the Earth, such as NASA's Space Network. A global network is a network used to support mobile across an arbitrary number of wireless LANs, satellite coverage areas, or other configurations.
A technician is replacing a SOHO router and has configured DHCP to assign private IP addresses to hosts on the local network. These hosts can communicate with each other, but users can't browse the internet. Which of the following changes to the SOHO router is MOST likely to restore internet connectivity? Remove any QoS settings that give low priority to HTTP traffic. Configure the SOHO router for NAT. Update the firmware on the SOHO router. Disable DHCP and configure the hosts with static IP addresses.
Configure the SOHO router for NAT. Configuring NAT to translate the private IP addresses on the local network to public IP addresses on the internet will most likely restore internet connectivity. QoS settings may cause HTTP traffic to be slower, but would not completely interrupt it. Static IP addresses will not restore internet connectivity. Updating the firmware is not likely to restore internet connectivity.
Configure for a Network Environment
Depending on the implementation, it may be necessary to take the following steps in order to configure the SOHO router for a particular network environment: > Enable and configure a DMZ (demilitarized zone) host. Configuring a DMZ on a SOHO router causes all incoming port traffic to be forwarded to the specified DMZ host. Because this can open up the network to a variety of external threats, configure a DMZ only if you understand all the implications associated with it. > Configure quality of service (QoS) settings. Most SOHO routers provide basic QoS functionality. When enabled, QoS prioritizes certain network communications over others. For example, VoIP network traffic would be given higher priority and more bandwidth than HTTP (web browser) traffic. > Enable the Universal Plug and Play (UPnP) networking protocol. UPnP is a networking protocol that allows UPnP enabled devices to easily discover each other on the network and share data and media content.
A technician is installing a SOHO router at an after-school community center. The customer would like to keep children from accessing inappropriate while browsing the web. Which of the following actions would help accomplish this goal? Enable content filtering Disable DHCP Disable SSID broadcast Update firmware
Enable content filtering Parental controls or content filters restrict or block specific web traffic based on keywords, URLs, or the time of day. Disabling the SSID broadcast would increase security, but does nothing to restrict web browsing results. Disabling DHCP would require static IP addresses, but does nothing to restrict web browsing results. Updating firmware may improve security by fixing vulnerabilities, but does nothing to restrict web browsing results.
802.11b
Frequency - 2.4 GHz (ISM) Maximum speed - 11 Mbps Maximum distance - 150 ft. Channels (non-overlapped) - 11 (3) Modulation technique - DSSS, CCK, DQPSK, DBPSK Backwared Compatibility - None
802.11g
Frequency - 2.4 GHz (ISM) Maximum speed - 54 Mbps Maximum distance - 150 ft. Channels (non-overlapped) - 11 (3) Modulation technique - DSSS (and others) at lower data rates; OFDM, QPSK, BPSK at higher data rates Backwared Compatibility - 802.11b
802.11n
Frequency - 2.4 GHz (ISM) or 5 GHz (U-NII) Maximum speed - 600 Mbps Maximum distance - 300 ft. Channels (non-overlapped) - 2.4 GHz: 11 (3 or 1) 5 GHz: 23 (12 or 6) Modulation technique - OFDM (and others, depending on implementation) Backwared Compatibility - 802.11a/b/g, depending on implementation
802.11ac
Frequency - 5 GHz (U-NII) Maximum speed - 1.3 Gbps Maximum distance - 150 ft. Channels (non-overlapped) - Depends on configuration Modulation technique - OFDM Backwared Compatibility - 802.11b/g/n
7.3.5 Access Point Configuration Facts
If the SOHO router includes a wireless access point, or if a standalone wireless access point is being used, use the following configuration steps to configure and secure the wireless network:
Configure the Wireless Protocol
If your access point supports multiple wireless protocols, select the protocols to support, such as 802.11n only or mixed mode (both 802.11n and 802.11g). Be aware that when using mixed mode, most access points will throttle all clients to the slowest connected protocol speeds (i.e. if a 802.11g client connects to the network, 802.11n clients will operate at 802.11g speeds).
Multiple-Input, Multiple-Output (MIMO)
MIMO increases bandwidth by using multiple antennas for both the transmitter and receiver. A system is described by the number of sending and receiving antennas. The 802.11n specifications allow up to four sending and four receiving antennas. The benefit of adding additional antennas declines as the number increases; going above 3x3 provides a negligible performance increase.
Multi-User MIMO (MU-MIMO)
MU-MIMO is an enhancement to MIMO that allows multiple users to use the same channel. In addition to adding MU-MIMO, 802.11ac doubled the number of MIMO radio streams from four to eight.
Change the Default SSID
Many manufacturers use a default SSID that contains identifying information (such as device manufacturer and model number), so it is important to change the device's SSID from the default. In addition to changing the default SSID, it is also possible to disable the SSID broadcast. This is known as SSID suppression or cloaking. With broadcasting disabled, the SSID needs to be manually entered into devices for them to connect to the network (the SSID will not show up in the list of available networks). *Even with the broadcast disabled, it's relatively easy to identify the SSID of a network by using readily available applications. Because of this, SSID suppression should not be the only form of protection.
A technician is installing a network-enabled smart home control system in a SOHO. To access the system from the internet, which of the following configurations is MOST likely required on the SOHO router? QoS Port forwarding DHCP NAT
Port forwarding Access to the smart home control system from the internet through the SOHO router is most likely gained using port forwarding. QoS gives priority to certain types of network traffic, such as VoIP phone traffic. DHCP dynamically assigns IP addresses to clients in the local network. NAT translates private IP addresses on the local network to public IP addresses on the internet.
Wireless Security Standards
Security for wireless networking is provided from the following standards:
Enable NAT
Small networks use a single public IP address to connect to the internet. This IP address is shared by all devices on the private network. Network address translation (NAT) is a protocol that allows multiple computers to share a single public IP address used on the internet. > The internet is classified as a public network. All devices on the public network must have a registered IP address. This address is assigned by the ISP. > The SOHO network is classified as a private network. All devices on the private network use private IP addresses internally, but share the public IP address when accessing the internet. > A NAT router associates a port number with each private IP address. Communications with the private hosts from the internet are sent to the public IP address and the associated port number. Port assignments are made automatically by the NAT router. > The private network can use addresses in the following ranges that have been reserved for private use (i.e., they will not be used by hosts on the internet): 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255
Home Network
The Home network location is designed for use on networks where you know and trust each device on the network. With the Home network location: > Network discovery is enabled. This means other computers and devices on the network are able to see and connect to each other. > Connected devices are able to join the network homegroup. The Windows firewall configuration is changed to allow certain types of network communication through. *Because this network location is the least secure, select this location only if you know all the devices and people that are connected to the network.
Public Network
The Public network location is designed for use on unknown or public networks (e.g., a coffee shop or other public Wi-Fi network). With the Public network location: > Network discovery is disabled. This means other computers on the network cannot see you and you cannot see them. > Network sharing, such as printers and scanners, is disabled. > The Windows firewall configuration is changed to block almost all inbound and most outbound communications. For applications to be able to communicate, they need to be manually allowed through the firewall. *The Public network profile should be used when connecting to any unknown network location, such as a hotel's Wi-Fi network.
Configure Wi-Fi Protected Setup (WPS)
The WPS security protocol makes it easier for WPS-enabled devices (e.g., a wireless printer) to connect to the wireless network. WPS can use several methods for connecting devices, including the PIN method and the push button method. The method used to connect devices must be supported by both the access point and the wireless device. *Because of the inherent security vulnerabilities with WPS, it is best to disable this feature on the access point.
7.3.6 Windows Network Profile Facts
The Windows operating system uses network location profiles to determine the security settings for a particular network connection. The following table describes each network location profile and the situations in which they should be selected:
Configure the Channel
The channel identifies the portion of the wireless frequency used by the access point and connected devices. > You should use a channel that does not overlap or conflict with other access points in the area. A simple rule to minimize conflicts is to remember that the frequencies used by channels 2-5 compete with the frequencies used by channels 1 and 6, while the frequencies used by channels 7-10 compete with the frequencies used by channels 6 and 11. > Many access points have an automatic channel feature that detects other access points and automatically selects the channel with the least amount of traffic.
SOHO Router Configuration
The following table describes the general steps you would take to configure a SOHO router and set up the network:
Determine Best Access Point Placement
The location of the access point can affect signal strength and network access. Keep in mind the following recommendations: > Place access points in central locations. Radio waves are broadcast in each direction, so the access point should be located in the middle of the area that needs network access. > Place access point to take advantage of the fact that devices often get better reception from access points that are above or below. > In general, place access points higher up to avoid interference problems caused by going through building foundations. > For security reasons, do not place access points near outside walls. The signal will extend outside beyond the walls. Placing the access point in the center of the building decreases the range of the signals available outside of the building. > Do not place the access point next to sources of interference, such as other wireless transmitting devices (cordless phones or microwaves) or other sources of interference (motors or generators).
Wi-Fi Protected Access (WPA)
WPA is the implementation name for wireless security based on initial 802.11i drafts that was deployed in 2003. It was intended to be an intermediate measure to take the place of WEP while a fully secured system (802.11i) was prepared. WPA: > Uses Temporal Key Integrity Protocol (TKIP) for encryption > Supports both pre-shared key (WPA-PSK or WPA Personal) and 802.1x (WPA Enterprise) authentication > Can use dynamic keys or pre-shared keys > Can typically be implemented in WEP-capable devices through a software/firmware update *WPA keys can also be predicted by reconstructing the Message Integrity Check (MIC) of an intercepted packet, sending the packet to an AP, and observing whether the packet is accepted by the AP.
Wi-Fi Protected Access 2 (WPA2) or 802.11i
WPA2 is the implementation name for wireless security that adheres to the 802.11i specifications. It was deployed in 2005. It is built upon the idea of Robust Secure Networks (RSN). Like WPA, it resolves the weaknesses inherent in WEP. It is intended to eventually replace both WEP and WPA. WPA2: > Uses Advanced Encryption Standard (AES) as the encryption method > Supports both pre-shared key (WPA2-PSK or WPA2 Personal) and 802.1x (WPA2 Enterprise) authentication > Can use dynamic keys or pre-shared keys
Create a Whitelist and Blacklist
When securing devices or navigation access, there are two options to create lists that either allow or deny access through the Firewall security: > Whitelisting means that only the devices on the list are allowed access. Basically, everyone is blocked access except for the devices on the whitelist. > Blacklisting means all devices are allowed access except for the ones on the blacklist. It's just the opposite of Whitelisting.
Shared Key
With shared key authentication, clients and APs are configured with a shared key (called a secret or a passphrase). Only devices with the correct shared key can connect to the wireless network. > All APs and all clients use the same authentication key. > Shared key authentication should be used only on small, private networks. > Shared key authentication is relatively insecure, as hashing methods used to protect the key can be easily broken.
7.1.7 Connect to a Wireless Network
You are the IT administrator for a small corporate network. You need to connect the workstation in the Support Office to the wireless corporate network. The wireless corporate network has the following characteristics: Transmission speeds of 54 Mbps and greater. Distances of 300 ft and longer. Wireless standard that is not susceptible to interference from cordless phones. As you've learned, 802.11a networks operate on the 5.75 GHz range and up to 54 Mbps. 802.11n networks: Have transmission speeds up to 600 Mbps. Have transmission distances of up to 1200 ft. Transmit in the 2.4 or 5.75 GHz range (Because cordless phones transmit in the 2.4 GHz range, 802.11n and 802.11a networks are immune from interference from this source.). In this lab, your task is to complete the following: > Select the USB wireless adapter that meets the requirements and connect it to the computer. > When connected, switch to the operating system and connect to a wireless corporate network using the following settings: SSID: CorpNet Password: @CorpNetWeRSecure!& Allow the computer to be discoverable on your network. Complete this lab as follows: 1. Select the USB wireless adapter as follows: a. Above the computer, select Back to switch to the back view of the computer. b. On the Shelf, expand Wireless Adapters. c. Read the description for each device and identify the one that meets the requirements. d. Drag the device from the Shelf to a USB port on the computer. *Connect the 802.11n wireless adapter to the Support computer *Do not connect other wireless adapters 2. Connect to a wireless corporate network as follows: a. On the monitor, select Click to view Windows 10. b. In the notification area, select the Network icon. c. Select CorpNet. d. Select Connect. e. Enter @CorpNetWeRSecure!& as the network security key. f. Select Next. g. Select Yes.
7.1.10 Configure a Wireless Profile
You are working on a small network. Recently, you increased the security of the wireless network. In this lab, your task is to complete the following: > Manually create a wireless network profile on the laptop as follows: Network name (SSID): PoliceVan (the SSID name is case sensitive.) Security type: WPA2-Personal. Encryption type: AES. Security Key/Passphrase: 4WatchingU (the security key is case sensitive.) Start the connection automatically. Connect even if the network is not broadcasting. > Delete the out-of-date TrendNet-BGN wireless profile. Complete this lab as follows: 1. Manually create the wireless network profile on the laptop as follows: a. Right-click the Network icon in the notification area and select Open Network & Internet settings. b. Maximize the window for easier viewing. c. Select Network and Sharing Center. d. Select Set up a new connection or network. e. Select Manually connect to a wireless network; then click Next. f. Enter the network name. g. Select the security type from the drop-down list. h. Make sure AES is selected as the encryption type. i. Enter the security key. j. Make sure Start this connection automatically is selected. k. Select Connect even if the network is not broadcasting; then click Next. l. Click Close. m. Close the Network and Sharing Center. 2. Delete the out-of-date profile as follows: a. From the left menu, select Wi-Fi. b. Select Manage known networks. c. Select the network to be deleted from the list. d. Select Forget.
7.1.8 Create a Home Wireless Network
You are working on a small office/home office (SOHO) network. The homeowner recently changed his Internet Service Provider (ISP) and has an existing Ethernet router connected to an RJ45 jack on the wall plate. He has a new laptop and would like to connect this laptop to the internet with a wireless connection. You need to create a wireless network. In this lab, your task is to create a wireless network as follows: > Select a wireless access point that meets the following criteria: Transmission speeds up to 600 Mbps. Backwards compatible with other wireless standards that use 2.4GHz. > Install the wireless access point as follows: Place the wireless access point on the computer desk. Select the correct cable to connect the wireless access point to a free LAN port on the existing router .Connect power to the wireless access point through an outlet on the surge protector or wall plate. > Configure the owner's new laptop to connect to the wireless network: Slide the wireless switch on the front of the laptop to the On position. This will enable the integrated wireless network interface card on the laptop. Use the default settings as you connect the laptop to the wireless network, and save the wireless profile with these settings. Complete this lab as follows: 1. Select and install a wireless access point on the Workspace as follows: a. On the Shelf, expand Wireless Access Points. b. Read the device descriptions to identify the correct wireless access point. c. Drag the Wireless Access Point, 802.11b/g/n to the Workspace. d. Above the wireless access point, select Back to switch to the back view of the wireless access point. 2. Provide power to the wireless access point as follows: a. On the Shelf, expand Cables. b. Select the Power Adapter. c. In the Selected Component window, drag the DC Power Connector to the port on the wireless access point. d. In the Selected Component window, drag the AC Power Adapter end to an outlet on the surge protector. 3. Connect the wireless access point to the router as follows: a. On the Shelf, select the Cat6a cable. b. In the Selected Component window, drag a connector to the Ethernet port on the back of the wireless access point. c. Above the router, select Back to switch to the back of the router d. In the Selected Component window, drag the other connector to one of the free LAN ports on the switch. 4. On the front of the laptop, click the wireless switch to enable the integrated wireless network interface on the laptop. This will slide the switch to the ON position. 5. Connect the laptop to the TrendNet-BGN wireless network and create a wireless network profile as follows: a. On the laptop's monitor, select Click to view Windows 10. b. In the notification area, select the Network icon. c. Select TrendNet-BGN. d. Make sure Connect automatically is selected. e. Select Connect. f. Select Yes to make the computer discoverable on the network.
7.1.9 Secure Home Wireless Network
You are working on a small office/home office (SOHO) network. You recently created a wireless network to allow the owner's laptop and mobile devices to make a connection to the wired network and the internet. However, without additional configuration, the wireless access point will allow connections from any laptop or mobile device. You need to secure the wireless network from unauthorized access. To view and configure the wireless access point: 1. Use Chrome on Home-PC. 2. Go to 192.168.0.254, and use the following default authentication credentials:Username: adminPassword: password In this lab, your task is to secure the wireless network using the following settings: > Change the settings on the wireless access point as follows: Use PoliceVan for the SSID. The SSID name is case sensitive. Use WPA2-PSK authentication with AES for encryption. Configure 4WatchingU as the pass phrase. The pass phrase is case sensitive. > Change the wireless access point's administrator authentication credentials from their defaults as follows: Username: @dm1n Password: StayOut! (O is the capital letter O)Do not save the credentials in Chrome. > Configure the laptop to connect to the wireless network and save the wireless profile with the settings as listed above. Complete this lab as follows: 1. Change the settings on the wireless access point as follows: a. From the taskbar, open Chrome. b. In the URL field, type 192.168.0.254 and press Enter. c. In the Username field, enter admin. d. In the Password field, enter password. e. Make sure Remember my credentials is not selected. f. Click OK. g. Maximize the window for easier viewing. h. In the left menu, select Wireless. i. Select Basic. j. In the Wireless Name (SSID) field, enter PoliceVan. k. Click Apply. l. In the Username field, enter admin. m. In the Password field, enter password. n. Click OK. o. In the left menu under Wireless, select Security. p. From the Security Mode drop-down list, select WPA2-PSK. q. In the Pass Phrase field, enter 4WatchingU as the pass phrase. r. Select Apply. 2. Change the wireless access point's administrator authentication credentials from their defaults as follows: a. On the left, select Administrator. b. Select Management. c. In the Account field, enter @dm1n as the new username. d. In the Password field, enter StayOut! (O is the capital letter O). e. Click Apply. f. Close Chrome. 3. Configure the Home-Laptop to connect to the wireless network and save the wireless profile as follows: a. From the top navigation tabs, select Computer Desk. b. On the monitor of Home-Laptop, select Click to view Windows 10. c. In the notification area, select the Network icon. d. Select PoliceVan. e. Make sure Connect automatically is selected. f. Select Connect. g. In the Security Key field, enter 4WatchingU. h. Click Next. i. Select Yes to make your PC discoverable on the network *To confirm the connection, select the Network icon in the notification area or open the Network & Internet settings.
7.3.7 Configure a Wireless Infrastructure
You work at a computer repair store, and you are on-site at a customer's office. They have signed up for cable internet access. The cable company has come and installed the line into their office. You need to configure the network so that wired and wireless computers can share the cable internet connection. In the customer's office, all connectors on the wall plate are for WAN connections only; you do not have LAN connections inside the office. In this lab, your task is to connect the components to make the internet connection. > Add the cable modem to the Workspace. Connect the modem to the WAN connection. Plug in the modem. > Add the wireless router to the Workspace. Connect the internet port on the router to the cable modem. Connect the computer to a LAN port on the wireless router. Plug in the wireless router. *In this lab, you will only configure the hardware to make the internet connection. You will not complete operating system tasks, configure the cable modem, or configure the wireless router. Complete this lab as follows: 1. Connect the modem to the WAN connection as follows: > On the Shelf, expand Routers. > Drag the cable modem from the Shelf to the Workspace. > Above the cable modem, select Back to switch to the back view of the cable modem. > On the Shelf, expand Cables. > Select the coaxial cable. > Under Selected Component, drag a Coaxial Type F Connector to the port on the cable modem. > Under Selected Component, drag the other Coaxial Type F Connector to the port on the wall plate. 2. Connect the wireless router to the cable modem as follows: > On the Shelf, expand Routers. > Drag the wireless router from the Shelf to the Workspace. > Above the wireless router, select Back to switch to the back view of the wireless router. > On the Shelf, expand Cables. > Select the Cat6a cable. > Under Selected Component, drag a RJ45 Connector to the Internet port on the wireless router. > Under Selected Component, drag the other RJ45 Connector to the port on the cable modem. 3. Connect the computer to the wireless router as follows: > Above the computer, select Back to switch to the back view of the computer. > On the Shelf, select the Cat6a cable. > Under Selected Component, drag a RJ45 Connector to the network port on the computer. > Under Selected Component, drag the other RJ45 Connector to a LAN port on the wireless router. 4. Plug in the cable modem as follows: > On the Shelf, select the Power Adapter. > Under Selected Component, drag the DC Power Connector to the port on the cable modem. > Under Selected Component, drag the AC Power Adapter to the power outlet. 5. Plug in the wireless router as follows: > On the Shelf, select the Power Adapter. > Under Selected Component, drag the DC Power Connector to the port on the wireless router. > Under Selected Component, drag the AC Power Adapter to the power outlet.