Pace IT - Setting Up a SOHO Network

Setting up a basic SOHO network.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger

with 10+ years of experience turning complex issues

into efficient and effective solutions.

Strengths include developing and mentoring diverse

workforces, improving processes, analyzing

business needs and creating the solutions

required— with a focus on technology.

– The equipment list.

– Configuring the network.

PACE-IT.

Planning is the key to setting up any network, including the small office/home office (SOHO) network.

First, know what you and/or the client is trying to

accomplish. Know what type of infrastructure is already in

place. Is the space already prewired for Ethernet? Many

modern buildings and homes are coming prewired.

Know how complex the network is going to have to be. Is

this just for simple access to the Internet or will the

network be hosting a Web server? The plan should

always exceed the current need and the design should try

to incorporate future growth plans as well.


– Wide Area Network (WAN) connection.» How the network is going to access the outside world.

– Wired/Wireless router.» How the network is going to connect to the WAN connection.

– Switches/Wireless Access Points (WAPs).» How the components are going to connect to the router.

– The devices that need to connect.» Each device is going to need a method of connecting to the

network.

• Network interface card (NIC) for wired networks.

• Wireless adapter for wireless networks.

– Network cabling as required.


– The two options for configuring the SOHO

network.» Plug and play type network.

• Use the default configurations of the equipment and let the

equipment determine the network.

• Works best for small networks that don’t require a lot of

complexity or security—like the normal home network.

» The custom configuration.

• Do not use most of the default configurations of the

equipment; instead, you modify the configuration files to

specify exactly what the networking equipment and network

clients can do.

• Works best for networks that require more complexity and

security.


– Custom network configuration

considerations.» How clients will receive their IP addresses:

• Only allowing manually configured IP addresses creates more

security, but is harder to manage.

• Using Dynamic Host Configuration Protocol (DHCP) to

automatically assign IP addresses from a pre-configured pool. It

is easier to manage, but does create a possible weakness in

the network.

» Will media access control (MAC) address filtering be employed?

• MAC filtering will only allow specified MAC addresses onto the

network. It is an effective security measure, but it can be difficult

to control.

» A demilitarized zone (DMZ) will be required if a server will be

hosted on the network that needs to be accessed from outside

the network (e.g., a Web server).

• The DMZ is an area of the network in which outside

connections are allowed, while still protecting the internal

network.

• A DMZ will require a custom configuration of the firewall; in

most implementations, two firewalls are used.


– Custom network configuration

considerations continued.» Firewall placement and configuration considerations:

• Most SOHO WAN connection devices offer firewall services

as well and will be sufficient in most cases.

• If a DMZ needs to be deployed, the best method is to

introduce an additional router and firewall into the network,

with the DMZ residing between the WAN equipment and the

new router/firewall combination.

• If a DMZ is deployed, port forwarding should also be used at

the router/firewall level.

» Router/firewall configuration considerations:

• In the situation of a DMZ or hosted service, port forwarding

needs to be configured.

• Port forwarding is used to direct requests for specific

resources (like a request for a web page) to the computer that

has the resource.

• Network Address Translation (NAT) is when the internal non-

routable IP addresses are transformed into routable IP

addresses at the router. This is usually turned on by default,

but it can be configured.


– Wireless network configuration

considerations.» The name of the wireless network will need to be determined;

this is called the service set identifier (SSID).

» The SSID can be set to broadcast in the clear or it can be set

for the broadcasts to be hidden.

» Encryption needs to be turned on (by default wireless routers

and WAPs do not have encryption enabled), and, at the

minimum, WPA2-Personal should be enabled.

» Some wireless networking equipment comes with Wi-Fi

Protected Setup (WPS) enabled by default, allowing it to auto-

configure in a secure wireless network. This should be turned

off and not used as it creates a weakness in the wireless

network. WPS can be easily exploited by an attacker.


While there is a lot to consider in the custom configuration of a SOHO network, the effort will ensure a higher level of security and more control.

With some planning and practice, the perceived

complexity and difficulty in configuring a network is

greatly reduced. The custom configuration of a

network allows for a very high degree of control over

how the network behaves and how secure it is.



Planning is the key to any successful network setup. Some equipment that

will be needed in the SOHO network includes: the WAN connection,

wired/wireless routers, switches/WAPs, the devices that go on the network,

NICs and wireless adapters, and the appropriate cabling.

Topic

Equipment list.

Summary

There are two basic options when it comes to configuring the SOHO

network—the plug and play option or a custom configuration. The plug and

play option works best for simple networks that don’t require a lot of

security. A custom configuration of the network allows for a high degree of

control over how secure the network is and how it behaves.

Configuring the network.

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the

U.S. Department of Labor's Employment and Training Administration. The solution was

created by the grantee and does not necessarily reflect the official position of the U.S.

Department of Labor. The Department of Labor makes no guarantees, warranties, or

assurances of any kind, express or implied, with respect to such information, including

any information on linked sites and including, but not limited to, accuracy of the

information or its completeness, timeliness, usefulness, adequacy, continued availability

or ownership. Funded by the Department of Labor, Employment and Training

Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are

available upon request to individuals with disabilities. For those that are hearing

impaired, a video phone is available at the Services for Students with Disabilities (SSD)

office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call

425.354.3113 on a video phone for more information about the PACE-IT program. For

any additional special accommodations needed, call the SSD office at 425.640.1814.

Edmonds Community College does not discriminate on the basis of race; color; religion;

national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran

status; or genetic information in its programs and activities.

Pace IT - Setting Up a SOHO Network

Education

Transcript of Pace IT - Setting Up a SOHO Network