Solve the problem of enterprise wireless network stability and security (I.)

Now the enterprise network not only has fixed line LAN, also has wireless LAN. In fact, both the wired network and wireless network are also facing security problems. Once a hacker said: As long as the default network settings have not been modified, it is a false wall, you can come, want to go on the walk ...

Why enterprise wireless networks are not safe

Because the wireless network access does not require a network cable connection, therefore, a hacker to pick up a rub screen, you can increase the network signal and connect to the intranet, and then through a variety of techniques to infiltrate the whole network, so you can control the entire enterprise intranet, the following summed up the Enterprise wireless network vulnerabilities.

Wireless network exposure is strong, compared to the wired network, wireless networks rely only on radio waves to transmit and receive, as long as malicious users have a certain wireless network knowledge, then the security of enterprise wireless network is problematic. Intruders can be damaged and invaded by highly sensitive receiving devices.

The default wireless LAN has absolutely no security at all, and almost all APS are configured to turn on WEP for encryption or use the default key provided by the original manufacturer. Because of the open access mode of WLAN, the hacker can enter the wireless network through its default password.

Once the wireless LAN is connected to the enterprise, the hacker can obtain the MAC address of the website in the simple way, then use these Mac camouflage address to carry on the further deception attack. Of course, hackers can also use the interception session frame to detect the presence of the AP in the authentication flaw, so as to carry out positioning attacks.

Because of the insecurity of WLAN, many enterprises only decorate the network in Rest and amusement center. And not to use it to the core of the Enterprise Exchange zone. In fact, as long as a good security policy, corporate wireless LAN can also be impregnable.

Enterprise Wireless LAN Security set combat

Large Enterprise network has always been the eye of the hacker's meat, in order to ensure the normal operation of its wireless network, as a large enterprise network administrator Lao Zhang has made the following steps of the wireless network adjustment and policy settings.

To change the password for the AP Default user name: Because many wireless routers of the default address and username and password are admin, if not change the username password, hackers or malicious users can easily connect to the Enterprise wireless network, so the old Zhang will password again to do the difficulty and the number of changes.

Prohibit the SSID broadcast in the AP: Because the current wireless network settings are in open break WEP encryption, they can be searched at any time to the SSID identity. At this time the old Zhang thought of turning off the SSID of the broadcast (note: If the enterprise does need to open the SSID, then you can try to get the name of a strange point, which makes hackers can not easily cracked the purpose. And WEP itself provides only a 40-bit, 64-bit, and 128-bit length key mechanism.

Binding Network MAC Address: In order to prevent the computer from random access between the intranet and the Internet, not by the current popular ARP virus attacks, old Zhang will be the Enterprise wireless network in the computer are bound Mac operation. The steps are as follows: Click the Start menu to run-enter CMD in the "Run" window, click OK, enter Ipconfig/all in the Open command window, and return to the MAC address of the current computer (physical address is the Mac). Then Lao Zhang fills the MAC address in the AP's interface to the MAC address list that allows access to the AP, not the MAC address in the license list that is not accepted by the AP.

Focus on the problem: The above is the old Zhang on the Enterprise wireless network security settings. However, in the face of complex wireless network threats, enterprises also need to do more security management for their own enterprise network environment, such as: LAN erection AP Authentication, SSID and WEP keys and Gualfang, and so on.

Back to the column page: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/