Shulou(Shulou.com)06/01 Report--

In 2013, the company launched the first hardware version of the portable WIFI, because it well met the needs of smartphones to access the Internet through WIFI at any time, coupled with its convenience and portability in installation and use, portable WIFI quickly became the Internet partner of smartphones. Search the portable WIFI on JD.com 's Internet to find out the shipments of such devices. The number of user reviews of the portable WIFI has exceeded 300000. This shows the degree of its promotion and popularity.

At present, portable WIFI has developed into two categories: hardware version and free software version. Among them, the typical representatives of the hardware version are 360portable WIFI, Xiaomi WIFI, Xiaodu WIFI, etc., while the typical representatives of the free software version are 360free WIFI, Jinshan Cheetah, WIFI sharing wizard, WIFI sharing master, 160WIFI and so on.

The private access and use of portable WIFI by end users is a private extension and expansion of the original network boundary, which will bring unpredictable security risks to the original network. How to quickly carry out technical detection, here is a discussion on its detection technology:

(1) data-based monitoring

Through bypass monitoring and analysis of data packets within the network for detection, it is suitable for networks with public network exits (such as the Internet). The principle is to judge and distinguish portable WIFI access, smartphone access and NAT device access by analyzing packet headers and some special fields of the transmission protocol, such as:

1) use the TTL field change of the IP packet to detect the standard NAT access device.

2) use the jump of the ID logo of the IP package to confirm the number of devices privately connected by the user.

3) use the User-Agent field in HTTP protocol to detect the intelligent devices connected to the Internet privately.

4) identify the portable WIFI according to the back door of the portable WIFI and the free WIFI.

Its advantages are as follows:

1) can accurately find some smart phones and portable WIFI access, which is mainly related to the coverage of monitoring data packets.

2) can accurately identify NAT access devices and count the number of access through NAT.

The disadvantages are as follows:

1) the coverage of monitoring data determines its detection range, and there are omissions, so it is suitable for networks with public exit links, and is not suitable to be used as an inspection tool.

2) due to the limitation of detection technology, there is the possibility of false alarm.

3) it is mainly based on detection, and basically does not have the ability to block and control the source.

The convincing Internet behavior management system uses this kind of technology, and most of the deployment locations are at the Internet exit, which can restrict private WIFI devices from being unable to access the Internet, but cannot control WIFI devices to access the internal network privately.

(2) based on client agent

Supervising the use of the wireless network by installing a client agent on the terminal desktop system is mainly aimed at the supervision of the terminal's own wireless network card, private wireless WIFI and the use of free wireless WIFI.

1) the detection time is short, and the above violations of using wireless network can be quickly detected without false positives.

2) the response speed is fast, and the above illegal use of wireless network can be quickly blocked and controlled.

The disadvantages are as follows:

1) unable to control the terminal desktop system without client agent installed

2) it is not possible to regulate the private connection of wireless routing devices because such devices cannot install client agents

3) the workload of implementation and maintenance is heavy, because the client agent is easy to be unloaded and other reasons, affect the overall supervision effect, easy to fail to report.

Beixinyuan's desktop management system uses this kind of technology and is deployed on the terminal PC. It can restrict the use of wireless network cards, portable WIFI and free WIFI, but cannot restrict private access to wireless routing devices.

(3) based on network scanning

Mainly through ICMP, SNMP, TCP and UDP scanning technology, learn from the operating system fingerprint identification technology to form a local protocol feature library, in order to determine whether the target is NAT access devices, smart phone devices, portable WIFI access devices and free WIFI access devices and so on.

Its advantages are as follows:

1) can accurately find some smart phones and portable WIFI access, the coverage is related to the scanning range, suitable for large and medium-sized networks, and can be used as inspection and management tools.

2) it can accurately identify the routing devices accessed through NAT

3) can accurately identify the wireless AP access and provide the SSID number of the wireless AP.

4) the network positioning and blocking control of illegal access devices can be carried out by combining switch port positioning technology.

The disadvantages are as follows:

1) due to the use of remote network scanning mechanism, there may be false positives and false positives.

Huaxin's network boundary integrity automatic inspection and management system mainly uses network scanning technology, and can provide client agents according to the needs of users, which can be used not only as a checking tool, but also as a management tool for regular deployment.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.