Shulou(Shulou.com)06/01 Report--

1 、 Open/NONE

No authentication or encryption at all, anyone can connect to the wireless base station to use the network.

2.WEP (Wired Equivalent Privacy) Wired equivalent encryption

The most basic encryption technology, mobile phone users, notebook computers and wireless network Access Point (network key AP) have the same network key in order to interpret the data transmitted to each other. This key is divided into 64bits and 128bits, and up to four different sets of keys can be set. Before the client enters the WLAN, it must enter the correct key to connect.

WEP encryption methods are fragile. Every customer or computer on the network uses the same secret words, which allows network eavesdroppers to spy on your keys, steal data, and cause chaos on the network.

Encryption method adopted by 3.WPA (Wi-Fi Protected Access) Business Bao

The wireless security standard proposed by Wi-Fi Alliance (http://www.wi-fi.com/)) is divided into WPA-PSK (Pre-Shared Key) for home use and WPA-Enterprise for corporate use.

1 、 WPA-PSK

Encryption technology developed to plug the loophole in WEP, using methods similar to WEP. The wireless base station and the notebook computer must have the same Key before the computer can connect to the base station. But when it enters the WLAN, it uses a longer phrase or string as the network key. And WPA-PSK uses TKIP (Temporal Key Integrity Protocol) technology, so it is more difficult to crack and more secure than WEP.

WPA-PSK works by assigning a unique key to each customer, but needs to give the employee a password to log in to the system. In this way, outsiders can enjoy network resources through them. If you want to change your password (it is recommended that you change it at regular intervals to prevent eavesdroppers from decoding it), you may have to run to each computer to enter a new password.

2 、 WPA-Enterprise

The adoption of IEEE 802.1x requires another RADIUS (Remote Authentication Dial-In User Service) server to store wireless user account data. when the notebook computer is connected to the wireless base station, the wireless base station will require the user to enter the account password or automatically request the user's digital certificate stored on the computer's hard disk from the notebook computer, and then confirm the identity of the user to the RADIUS server. The encryption key (Key) used to encrypt the wireless packet is also automatically generated in the process of authentication, and the key generated each time online is different (technically called Session Key), so it is very difficult to crack.

After logging in securely with a user name and password, each customer will automatically get a unique key, which is very long and will be updated at regular intervals. In this way, wi-Fi listeners cannot get enough packets to decode the key. Even if a key is decoded for some reason, the experienced may discover a new key, but the encryption lock has changed.

Once WPA-Enterprise is applied, unlike WPA-PSK, employees will not know the password. In this way, outsiders

You can't enjoy network resources through them. WPA-Enterprise can also save you a lot of time; you don't have to spend a lot of time manually changing customers' passwords.

IV. WPA2

As its name implies, WPA2 is the enhanced version of WPA, the IEEE 802.11i wireless network standard. There are also home versions of PSK and corporate versions of IEEE 802.1x. WPA2 differs from WPA in that it uses the more secure encryption technology AES (Advanced Encryption Standard), so it is harder to crack and more secure than WPA.

5. MAC ACL (Access Control List)

MAC ACL can only be used for authentication, not encryption. Enter the MAC address of the wireless card that is allowed to be connected to the wireless base station, and the wireless card that is not on this list cannot connect to the wireless base station.

VI. Web Redirection

This method is the most commonly used method of WISP (Wireless Internet Service Provider, such as Unified Anyuan WiFly). The wireless base station is set to Open System, but in addition, access control gateways (Access Control Gateway, ACG) are used in the background to intercept Web packets sent by notebook computers (open browsers to try to surf the Internet), and force redirect to the authentication web page to require account password, and then ACG confirms the identity of the user to the RADIUS authentication server, and the authentication is passed before you can freely go to other websites.

7. Comparison of various encryption methods

WEP secure encryption mode

The rc4 prng algorithm developed by rsa data Security is used in the WEP feature. Wired equivalent Privacy (Wired Equivalent Privacy,WEP) is a data encryption algorithm that provides the same protection capabilities as wired Lans. In a wireless local area network using this technology, the data of all clients and wireless access points are encrypted with a shared key, ranging from 40 bits to 256 bits. The longer the key, the more time it takes to crack it. Therefore, it can provide better security protection.

WPA secure encryption mode

WPA encryption is Wi-Fi Protected Access, and its encryption characteristics determine that it is more difficult to * than WEP, so if you have high requirements for data security, you must choose WPA encryption (Windows XP SP2 already supports WPA encryption).

As the upgraded version of WEP, the general encryption mechanism of IEEE 802.11, WPA is more careful than WEP in security protection, mainly reflected in identity authentication, encryption mechanism and packet inspection, and it also improves the management ability of wireless network.

Comparison of WPA and WEP

Unlike WEP, WPA uses a static key to encrypt all communications. WPA constantly changes keys. WPA adopts effective key distribution mechanism and can realize applications across wireless network cards of different manufacturers. Another advantage of WPA is that it makes it possible to deploy wireless networks securely in public places and academic environments. Until then, WEP has not been allowed in these places. The drawback of WEP is that its encryption key is static rather than dynamic. This means that in order to update the key, IT personnel must access each machine in person, which is not possible in academic environments and public places. Another way is to leave the key unchanged, which makes the user vulnerable. Due to the problem of interoperability, proprietary security mechanisms can not be used in academic environment and public places.

WPA2: the strongest wireless encryption technology at present

WPA2 is the authentication form of the IEEE 802.11i standard verified by the WiFi Alliance. WPA2 implements the mandatory elements of 802.11i, especially the Michael algorithm is replaced by the generally recognized thoroughly secure CCMP (counter mode cipher block chain message integrity code protocol) message authentication code, and the RC4 encryption algorithm is also replaced by AES.

In WPA/WPA2, the generation of PTK depends on PMK, and there are two ways of PMK, one is PSK mode, that is, pre-shared key mode (pre-shared key,PSK, also known as personal mode), in which PMK=PSK; and the other way require the authentication server and the site to negotiate to generate PMK. Let's look at the difference between WPA and WPA2 through the formula:

WPA = IEEE 802.11i draft 3 = IEEE 802.1X/EAP + WEP (optional) / TKIP

WPA2 = IEEE 802.11i = IEEE 802.1X/EAP + WEP (optional) / TKIP/CCMP

At present, the security protection capability of WPA2 encryption is very excellent, as long as your wireless devices support WPA2 encryption, then you will experience the most secure wireless network life. Even the hottest "rub network card" is difficult to get into your wireless network, users can rest assured to use.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.