11 skills to protect Wi-Fi wireless network security (1)

Wi-Fi is inherently vulnerable to hacker attacks and eavesdropping. However, if you use the correct security measures, Wi-Fi can be safe. Unfortunately, the website is filled with outdated advice and misunderstandings. Below are some things that should be done and should not be done in Wi-Fi security.

1. Do not use WEP

WEP (Wired Equivalent encryption protocol) security has long been dead. Most inexperienced hackers can quickly and easily break through basic encryption. Therefore, you should not use WEP at all. If you are using WEP, immediately upgrade to the WPA2 (WiFi protected access) Protocol of 802.11i with 802.1X identity recognition. If you have legacy devices and access points that do not support WPA2, try to upgrade the firmware or replace the device.

2. Do not use WPA/WPA2-PSK

The secure pre-shared key (PSK) mode of WPA/WPA2 is not secure for business or enterprise environments. When this mode is used, the same pre-shared key must be input to each customer. Therefore, this PSK must be modified whenever an employee leaves the company and a customer loses or steals the key. This is unrealistic in most environments.

3. Be sure to apply 802.11i

The WPA and WPA2 secure EAP (Extensible Identity Authentication Protocol) modes use 802.1X identity recognition instead of PSK to provide each user and customer with their own login certificate capabilities, such as the user name and password and a digital certificate.

The actual encryption key is regularly changed and exchanged in the background. Therefore, to change or revoke user access, you must modify the logon certificate on the central server instead of changing the PSK on each client. This unique key-per-process approach also prevents users from listening to each other's communication. Currently, Firefox plug-ins such as Firesheep and Android DroidSheep are easy to intercept.

Remember, to achieve the best possible security, you should use WPA2 with 802.1X. This protocol is also known as 802.1i.

To implement 802.1X identity recognition, you need to have a RADIUS/AAA Server. If you are running Windows server or later, you need to consider using the Internet identity recognition Service (IAS) of the network policy server (NPS) or earlier Server versions ). If you are not running Windows server software, you can consider using open-source FreeRADIUS server software.

If you are running Windows Server R2 or a later version, you can set 802.1X to a client with a region connection through a group policy. Otherwise, you can consider using a third-party solution to help configure these clients.