kenpat/comptia-a-plus-core2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
comptia-a-plus-core2/labs/SEC-10-soho-network-security-lab.md

3.2 KiB
Raw Blame History

Lab SEC-10: SOHO Network Security Inspection

Domain:

  • 2.0 Security

Works on:

  • Windows
  • Linux
  • Optional macOS

Goal

Inspect local network information and practice SOHO hardening decisions without changing router settings.

Do not change router settings, passwords, firmware, port forwarding, guest networks, or Wi-Fi settings during this lab unless you own/administer the router and intentionally choose to do that outside the lab.

Windows Steps

Run:

ipconfig
Get-NetConnectionProfile
netsh wlan show interfaces

Record:

  • IPv4 address:
  • Default gateway:
  • Network profile:
  • Wi-Fi SSID:
  • Wi-Fi authentication type:
  • Wi-Fi cipher:

What the commands show:

  • ipconfig shows IP address and default gateway.
  • Get-NetConnectionProfile shows whether Windows treats the network as Public or Private.
  • netsh wlan show interfaces shows connected Wi-Fi details.

Linux Steps

Run:

ip route
nmcli connection show --active
nmcli dev wifi list

Record:

  • Default gateway:
  • Active connection:
  • Connected SSID, if shown:
  • Security type for your Wi-Fi, if shown:

What the commands show:

  • ip route shows the path to the router.
  • nmcli connection show --active shows active NetworkManager connections.
  • nmcli dev wifi list shows Wi-Fi networks and security, when supported.

If nmcli is not installed, record that and continue.

Optional macOS Steps

Run:

route -n get default
networksetup -getairportnetwork en0
system_profiler SPAirPortDataType

Record:

  • Default gateway:
  • Connected Wi-Fi network:
  • Security type, if shown:

What the commands show:

  • route -n get default shows the default router.
  • networksetup -getairportnetwork en0 shows the connected Wi-Fi network on many Macs.
  • system_profiler SPAirPortDataType shows detailed Wi-Fi information.

Router Hardening Checklist

Answer based on your own router if you administer it, or as a paper exercise if you do not.

Record:

  • Was the default admin password changed?
  • Is firmware update status known?
  • Is remote administration disabled or restricted?
  • Is UPnP disabled unless needed?
  • Is Wi-Fi using WPA2 or WPA3?
  • Is the SSID non-personal and non-default?
  • Is guest network disabled or isolated?
  • Are router and network devices physically protected?
  • Is content filtering or parental control needed?

Scenario Matching

Choose the best SOHO security action:

  1. A router still uses the factory admin password.
  2. A router has a known security vulnerability.
  3. A game console requires inbound connectivity, but UPnP is currently enabled for every device.
  4. Visitors need Internet but should not access office computers.
  5. A Wi-Fi network is open with no password.
  6. A router admin page is reachable from the Internet.
  7. A business hosts a public service but wants to separate it from internal PCs.

What You Should Learn

  • The default gateway is usually the router.
  • Router admin credentials must not remain default.
  • Firmware updates patch router vulnerabilities.
  • WPA2/WPA3 protects Wi-Fi better than open access.
  • UPnP can open inbound ports without approval.
  • Guest networks should be isolated and encrypted.
  • A screened subnet separates public services from internal systems.