With the development of business at full speed, the related wireless LAN (WLANs) is also moving towards a larger and faster direction. Therefore, many factors need to be considered, including security issues. 802.11n can expand network coverage and performance, but it also needs to consider the same or better security as in the past.
A brief history of past wireless IEEE802.11a/B/g Standards
Like the original 802.11a/B/g standard, the 802.11n high throughput standard has the robust security (robust security, RS) of the 802.11i standard ). In fact, all DraftN products require support for Wi-Fi network protection connection Version 2 (WPA2), a test program launched by the Wi-Fi Alliance for 802.11i.
The good news is that all 802.11n Wireless Networks starting from scratch can ignore WEP cracking and WPA (TKIPMIC) attacks because every 802.11n device can perform ASE encryption on data. Background: The Wireless LAN must support both the previous 802.11a/B/g clients and the new 802.11n clients. It may need to allow the temporary key integration protocol (TKIP ). In this way, the previous non-Advanced Encryption Standard (non-AES) users can be connected securely. Unfortunately, when TKIP is used, 802.11n disables high-throughput data streams.
Therefore, it is best to divide the original 802.11a/B/g client and the new 802.11n client into independent service setting Identifiers (SSID): AES (WPA2) is required for high-throughput WLAN) traditional WLAN can use TKIP or AES (WPA + WPA2 ). This can be done by defining two SSIDs at the virtual access point (AP), or enabling different RF Frequencies on the two Base Station AP. However, this is only a temporary measure. As long as you can stop using or remove and replace these legacy devices, you can remove TKIP to improve speed and security.
Advantages of using WPA2 to improve 802.11n Security
802.11n inherits the advantages and disadvantages of wpa2. 802.11a/B/g and 802.11n devices can use AES to prevent wireless data frame eavesdropping, forgery, and re-transmission. 802.11a/B/g and 802.11n access points (AP) can use 802.1X to connect authorized users. On the contrary, access from strangers is denied. However, 802.11n still cannot prevent intruders from sending fake management frame data-an attack by disconnecting legitimate users or disguising them as "eviltwin" access points.
Therefore, the new 802.11n network must be vigilant against wireless attacks. Very small WLANs can still use periodic scans to detect fraudulent access points, while commercial WLANs should be able to use a complete wireless Intrusion Prevention System (WIPs) to prevent fraud, unexpected union, unauthorized point-to-point mode, and other Wi-Fi attacks.
However, the WLANs that currently adopt one or all of these security mechanisms cannot only rely on this. An 802.11n device can be more than twice as many as its 802.11a/B/g device. Fraud, neighbors, or previously distant city APs can now become a threat. Intruders not only can easily connect to your wireless LAN, but also legitimate users will be more likely to accidentally connect to the Windows Internet. If you make a choice between your original 11ag Access Point and the faster 802.11n spoofing access point, the hybrid customers connected to any available network will go to the spoofing access point every time.
In short, the extended range of the 802.11n standard increases the frequency of traditional wireless network security events and exposes weak configurations that depend on poor performance. Even worse, the existing WIPS sensor-based 11a/B/g may completely miss many security events. The emergence of each 802.11n should include WIPS upgrade to monitor the larger script track of the new wireless LAN, and analyze the traffic of 11a/B/g and n in the 20 MHz and 40 MHz frequencies.
- Wireless Security Protection: IEEE 802.11i Wireless Security Technology
- Topic: 802.11n: Next-generation wireless network technology