4.0 Network+ Certification Cram Notes : Network Security

4.3 Explain the following network hardening best practices.

Wireless security techniques

1. MAC filtering: This technique involves allowing or denying access to a wireless network based on the unique Media Access Control (MAC) address of a device. The administrator creates a list of allowed or disallowed MAC addresses, and devices with MAC addresses not on the list will be unable to connect to the network.

2. Antenna placement: This refers to the physical placement of wireless antennas within a network. Proper antenna placement can help to improve the coverage and security of a wireless network.

3. Power levels: The power level of a wireless network's signal can be adjusted to limit the range of the network and prevent unauthorized devices from accessing it. Lowering the power level can also help to reduce interference from neighboring wireless networks.

4. Wireless client isolation: This feature prevents wireless clients from communicating directly with each other on a wireless network. This can help to reduce the risk of malicious activity, such as malware infections or unauthorized data transfers, between clients.

5. Guest network isolation: This involves creating a separate, isolated network for guests to use when accessing the Internet, separate from the primary network used by employees or other authorized users. This helps to prevent unauthorized access to the primary network and its data.

6. Preshared keys (PSKs): A PSK is a secret password shared between the client and the wireless access point (AP). This password is used to encrypt wireless data and is entered manually by the user.

7. EAP: EAP, or Extensible Authentication Protocol, is a framework used to support multiple authentication methods for wireless networks, such as passwords or digital certificates.

8. Geofencing: This involves using GPS or other location-based technology to restrict access to a wireless network based on geographic location. For example, a geofence could be created around a company's building, allowing only devices within the building to access the network.

9. Captive portal: A captive portal is a web page that is displayed to users before they can access a wireless network. This page is used to require users to enter login credentials or agree to terms and conditions before accessing the network.

IoT access considerations

IoT (Internet of Things) access considerations refer to the security measures that are put in place to control and regulate the access to IoT devices and the data they generate. The following are some of the key IoT access considerations:

1. Authentication: IoT devices should be equipped with robust authentication methods to prevent unauthorized access. This can include username and password combinations, encryption keys, or biometric data.

2. Access control: Access control lists and role-based access control systems can be used to manage which users have access to which devices and the data they generate.

3. Network segmentation: IoT devices should be isolated from the main network to prevent unauthorized access. This can be achieved through network segmentation, firewalls, and other security measures.

4. Device security: IoT devices should be equipped with security features such as firmware updates, secure boot, and tamper detection to prevent unauthorized access.

5. Data encryption: IoT data should be encrypted to prevent unauthorized access or interception.

6. Monitoring and logging: IoT devices should be equipped with logging and monitoring capabilities to detect and respond to security incidents in real-time.

By considering these IoT access considerations, organizations can ensure that their IoT devices and the data they generate are secure from unauthorized access, theft, and tampering.