Shulou(Shulou.com)06/01 Report--

The vast sea, the deep cliff cave, on a silver beach, with a notebook on your knee, you are gracefully looking at the latest stock price information and football information on the recliner. Enjoy the unlimited space brought by free, mobile, anytime and anywhere wireless network. Suddenly, the mouse stagnated, the screen blurred, the system paralyzed, and then automatically turned off. At that moment, what was your first feeling? Yes, virus, *, or *!

These are the two sides of wireless networks. On the one hand, it can give users the feeling of surfing the Internet, and on the other hand, it can also bring users uncertain network security. Like wired networks, viruses, worms, and spyware threaten the security of wireless networks at any time, and wireless networks are more vulnerable than wired networks. because users have poor security awareness and technical skills when using wireless networks. We should not stop the production of guns just because someone uses them, nor should we not promote the use of wireless networks because of the security risks posed by wireless networks. In fact, the hidden danger of wireless network security is not terrible, as long as you master some basic wireless network security technology, you can swim the network without fear of virus.

Network: it is urgent to strengthen security

Tired of staying in the study, Xiaoming came to the living room with his notebook and was surprised to find that the speed of surfing the Internet suddenly became faster. Is it faster to surf the Internet without AP (AP in the study)? Of course not, this is because the living room is close to the study next door, Xiaoming inadvertently accessed the neighbor's wireless network, and the neighbor applied for the network faster than Xiaoming's. Let's assume that Xiao Ming then visits his neighbor's shared disk, which happens to contain bank card passwords, tender books, personal diaries, and even some personal pictures.

In order to make it accessible to more people, the wireless network chooses to transmit through specific radio waves, and within the effective range of this transmission frequency, anyone with a suitable receiving device can capture the signal at that frequency. and then into the target network an employee can also access the corporate network from the company balcony, but it also means The intelligence agents of competitors crouching under the company balconies can also access the company's network without hindrance, while this person with a notebook can also go down to the balconies of competitors across the country to get some information.

This is not a hypothetical, but a fact. A recent survey by relevant organizations shows that 85% of IT enterprise network managers believe that the security awareness and means of wireless networks need to be further strengthened. Due to the poor consideration of the security protocol of WiFi 802.11 specification, there are security loopholes in wireless networks, which gives people the opportunity to act as middlemen (man in the middle, dos, packet cracking, etc.). In view of the characteristics of the wireless network, people can easily find a network interface, connect to the customer network next to the building of the enterprise, and wantonly steal corporate secrets or destroy them. In addition, irresponsible abuse of wireless devices by enterprise employees will also cause security risks, such as irresponsible assumption of opening AP, opening the Ad hoc mode of wireless network cards at will, or mistakenly leading to information leakage caused by other people's fake legal AP. "the next competitive point in the wireless network industry is security. If we want to open up a new era of wireless network applications, we must weave a higher security wireless network. Mr. Guo Yong, Technical Manager of Asustek Network Communications Department, said that wireless network security will trigger the next round of wireless network technological revolution. Whoever takes the lead in breaking through the technical bottleneck and creating the safest wireless network will become the leading force in promoting the progress of the industry, famous battlefield and leading the group.

A detailed interpretation of the advantages and disadvantages of the eight major wireless network security technologies (2)

At present, many people have only a limited understanding of the security technologies related to wireless networks.

Next, this article will focus on analyzing the respective advantages and disadvantages and scope of application of the eight mainstream technologies in the industry to eliminate the hidden dangers of wireless network security, hoping to give some suggestions and guidance to wireless users in confusion and users preparing to build WLAN devices, so as to be well-informed and prepared in the actual implementation process.

Hide SSID:

SSID, short for Service Set Identifier, allows wireless clients to identify different wireless networks, similar to the mechanism that our mobile phones identify different mobile operators. The parameter is broadcast by the AP wireless access point in the default setting of the device, and the client can connect to the wireless network only if it receives this parameter or manually sets the same SSID as AP. If we ban this broadcast, ordinary roaming users will not be able to connect to the network if they cannot find the SSID.

MAC address filtering

As the name implies, this method is to input the physical address (MAC address) of the specified wireless network card into the AP by setting the AP. AP will judge every packet received, and only those that meet the set criteria can be forwarded, otherwise they will be discarded.

This approach is troublesome and cannot support a large number of mobile clients. In addition, if * * steals legitimate MAC address information, you can still log in to the network with fake MAC addresses through various methods. In general, SOHO, small business studios can use this security means.

WEP encryption:

WEP is short for Wired Equivalent Privacy, and all WIFI-certified devices support this security protocol. The RC4 encryption algorithm with 64bit or 128bit encryption key ensures that the transmitted data will not be intercepted in clear text.

This method needs to configure passwords on each mobile device and AP, which is troublesome to deploy. The security of using static non-exchangeable keys has also been questioned by the industry, but it can still block general data interception. It is generally used for secure encryption of SOHO and small and medium-sized enterprises.

AP isolation

VLAN, similar to wired networks, completely isolates all wireless client devices so that they can only access fixed networks connected by AP.

The method is used for erecting public hot spots such as hotels and airports, keeping wireless clients isolated and providing secure Internet access.

802.1x protocol

The 802.1x protocol is defined by IEEE and is used for port access and control in Ethernet and wireless Lans. 802.1x introduces the extended authentication protocol EAP defined by PPP protocol. As an extended authentication protocol, EAP can adopt more authentication mechanisms such as MD5, one-time password, smart card, public key and so on, so as to provide a higher level of security. In terms of user authentication, the client authentication request of 802.1x can also be authenticated by an external Radius server. The certification belongs to the transitional method and the implementation methods of different manufacturers are different, which directly causes the compatibility problem.

This method requires professional knowledge deployment and Radius server support, and the cost is high, so it is generally used for enterprise wireless network layout.

WPA

WPA, short for Wi-Fi protected access, the transition scheme before the next generation wireless specification 802.11i, is also a small part of the standard. WPA pioneered the use of TKIP (Temporal Key Integrity Protocol), the encryption technology in 802.11i, which can significantly solve the security problems hidden by the original use of WEP in 802.11.

Many clients and AP do not support WPA protocol, and TKIP encryption still can not meet the encryption needs of high-end enterprises and governments. This method is mostly used in enterprise wireless network deployment.

WPA2

WPA2 is backward compatible with WPA and supports more advanced AES encryption, which can better solve the security problems of wireless networks.

Because some AP and most mobile clients do not support this protocol, although Microsoft has provided the latest WPA2 patches, it still needs to be deployed one by one. The method is suitable for enterprises, governments and SOHO users.

802.11i

IEEE is developing a new generation of wireless specifications, which are committed to thoroughly solve the security problems of wireless networks. The draft includes encryption technologies AES (Advanced Encryption Standard) and TKIP, as well as authentication protocol IEEE802.1x.

Although in theory this protocol can completely solve the problem of wireless network security and is suitable for the wireless deployment of all enterprise networks, there are no products that support this protocol so far.

A detailed interpretation of the advantages and disadvantages of the eight major wireless network security technologies (3)

Solution: different users have their own solutions. To sum up, different wireless network users are threatened by security risks to different degrees, so they need different technical support. Therefore, we recommend different security solutions according to the different needs of different users.

SOHO user

SMB users:

It is suitable for all kinds of security measures mentioned above, including WPA,WEP, hidden SSID,MAC address filtering, and even × × protocol.

Hot pot or Public WLAN

Security measures such as Web authentication and AP wireless customer layer 2 isolation can be adopted.

Large enterprises and governments

It is recommended to use WPA2 security encryption scheme to ensure the best encryption effect at present. Since the advent of wireless network, the discussion on its security has never stopped, which makes the attitude towards wireless network different. Opponents believe that wireless networks are too unsafe and should be used as little as possible, while supporters believe that convenient and free wireless networks should be vigorously promoted, as long as users can take precautions in accordance with enhanced security, because technically, various network equipment manufacturers are sparing no effort to explore ways to solve the hidden dangers of wireless network security. For example, the well-known domestic network communication equipment manufacturer Asustek relies on a strong independent research and development team. Constantly push through the old and bring forth the new, and develop high-security wireless network devices suitable for users at all levels, so that users can be handy in home, business, and even government applications.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.