Security Tutorial: view the network security level from the perspective of Wireless Network Encryption

Wireless networks are becoming more and more mature, but how can we enhance the security level? This requires us to understand the network security level.

On the one hand, network security is ensured by encryption. The following describes common wireless network encryption methods. Through the introduction of these encryption methods, you can learn how to set up security and what security vulnerabilities are.

Although the name seems to be a security option for wired networks, this is not the case. The WEP standard has been created in the early stages of wireless networks and is designed to become a necessary security protection layer for WLAN in Wireless LAN. However, the performance of WEP is undoubtedly disappointing. It is rooted in design defects.

In WEP systems, data transmitted over wireless networks is encrypted using a random key. However, the method WEP uses to generate these keys is quickly discovered to be predictable, so that it is easy for potential intruders to intercept and crack these keys. Even a medium-tech wireless hacker can quickly crack WEP encryption within two to three minutes.

The dynamic Wired Equivalent Security (WEP) model of IEEE 802.11 was designed later in 1990s. At that time, powerful wireless network encryption as an effective weapon was severely restricted by the U.S. exports. Wireless Network products are banned from being exported due to fear of cracking powerful encryption algorithms. However, two years later, the dynamic Wired Equivalent security mode was found to have serious disadvantages. However, the 1990s error should not be caused by wireless network security or IEEE 802.11 standard. The wireless network industry cannot wait for the association of Electrical and Electronics Engineers to revise the standard, therefore, they launched the temporary Key Integrity Protocol TKIP (Dynamic Wired Equivalent confidential patch version ).

Although WEP has been proven to be outdated and inefficient, it is still supported in many modern wireless access points and routers. In addition, it is still one of the most popular encryption methods used by individuals or companies. If you are using WEP wireless network encryption, if you pay great attention to the security of your network, do not use WEP as much as possible in the future, because it is really not very secure.

Wireless Networks initially adopted the WEP (Wired Equivalent private) security mechanism, but later found that WEP was insecure. 802.11 organizations began to develop new security standards, that is, the later 802.11i protocol. However, it takes a long time for the establishment of standards to the final release, and considering that consumers will not give up their original wireless devices for the sake of network security, before the launch of the Wi-Fi Alliance standard, based on the draft 802.11i, a security mechanism called WPA (Wi-Fi Procted Access) is developed. It uses TKIP (temporary Key Integrity Protocol ), it uses the encryption algorithm RC4 used in WEP, so it does not need to modify the hardware of the original wireless device. WPA has the following problems in WEP: IV is too short, key management is too simple, and there is no effective protection for message integrity. The network security is improved through software upgrade.

The appearance of WPA provides users with a complete authentication mechanism. The AP determines whether to allow users to access the wireless network based on the user's authentication results; after successful authentication, You can dynamically change the encryption key of each access user based on multiple methods (the number of data packets transmitted, the time when the user accesses the network, and so on. In addition, perform MIC encoding on the data packets transmitted by the user over the wireless network to ensure that the user data is not changed by other users. As a subset of the 802.11i standard, the core of WPA is IEEE802.1x and TKIP (Temporal Key Integrity Protocol ).

WPA takes into account different users and different application security needs. For example, enterprise users require high security protection (enterprise level). Otherwise, very important commercial secrets may be leaked; home users usually only use the network to browse the Internet, send and receive E-mail, print, and share files. These users have relatively low security requirements. To meet the needs of users with different security requirements, WPA specifies two application modes: Enterprise mode and home mode (including small office ).

Based on the two different application modes, WPA authentication also has two different methods. For applications of large enterprises, "802.1x + EAP" is often used, and users provide the creden。 required for authentication. However, for some small and medium-sized enterprise networks or home users, WPA also provides a simplified mode that does not require dedicated Authentication servers. This mode is called "WPA pre-shared key (WPA-PSK)", which requires only one key in advance on each WLAN node (AP, wireless router, Nic, etc.

This key is only used for authentication, not for wireless network encryption for data transmission. The data encryption key is dynamically generated after authentication. The system will ensure "one user and one password". There is no situation where the entire network shares an encryption key like WEP, therefore, the system security is greatly improved.