Building Wi-Fi protection barriers-see the recommendations of the manufacturers

Wi-Fi development has three major stumbling blocks: security, roaming and coverage. And safety is the first one, in the Gao. How to solve the security problem, is always restricting Wi-Fi users, especially enterprise users large-scale application of the bottleneck problem. To this end, network equipment manufacturers have produced a series of related security devices in the application of existing service Set identifier (SSID), Physical Address (MAC) filtering, Wired Equivalent Privacy (WEP), Virtual private Network (VPN), Port access Control technology (802.1X) and other related technologies. At the same time, more security protection functions are integrated on the same equipment, in order to achieve the "Yiffang, the million husband difficult to open" results. The author here introduces several market on the wireless security products, for everyone to choose.
For enterprise users
Enterprise users to protect their own business secrets, wireless products security requirements are relatively high. In order to ensure safety, we have to take all other measures can be taken to manage and operate, the purchase of good safety products is a fundamental factor. Limited to space, here for enterprise-class users to introduce two security features of wireless products: a recent, a hot buy. The former application of the latest technology, security reached a reality in the latest level, the latter, because of product performance and price factors, has been the user's trust.
1.NETGEAR FWAG114
American Network Company (NETGEAR) July released the industry's first 802.11a+g dual-frequency three-mode wireless VPN firewall solution-netgear Prosafe Dual-frequency three-mode wireless VPN firewall FWAG114.
It provides users with wired Ethernet, Wireless LAN, SPI Firewall and VPN interconnection integrated security solutions, set a variety of functions in one: 10/100m WAN Port can connect all popular broadband access mode, and through NAT (Network address translation) to achieve multi-user sharing broadband access to the Internet The true SPI Firewall ensures the security of the internal local area network; 2 support for 3DES data encryption, PKI key exchange using digital certificates, IPSec based VPN tunneling can facilitate the interconnection of enterprise wide area networks; Support 802.11a/b/ G-Standard Wireless LAN access points to build flexible internal wireless LAN; 4 10/100m switching ports can build a high-performance internal wired LAN.
In terms of security, FWAG114 provides a range of enterprise-class security features: Advanced Security and Denial of service (DoS) protection and intrusion detection with connectivity based stateful packet filtering (SPI) technology, URL access and content filtering, logging, reporting, and real-time alerting. In addition, FWAG114 supports sophisticated VPN capabilities, 2 dedicated VPN tunnels, 56-bit DES and 168-bit 3DES data encryption, and supports PKI features for X.509 v.3 digital certificates, key lifetimes, and IKE lifecycle time settings. A networking approach that supports both LAN to local area network (site-to-site) and Remote access (Client-to-site) VPN, and supports IPSec, PPTP, and L2TP VPN penetration capabilities. For wireless LAN access Points, the IEEE 802.11b/g standard provides up to 128-bit WEP (152-bit 802.11g) encryption and provides the highest 152-bit WEP encryption for the IEEE 802.11a standard. With FWAG114 also provides a 8 users of anti-virus PC software, the product was Wi-Fi certification.
From this point of view, this really should be a pretty good firewall. As a result of the new launch, the author did not see their offer.
2. Cisco Aironet 1100
Cisco Aironet 1100 is the first access point product based on Cisco IOS software. It extends the End-to-end Intelligent networking feature to wireless access points with the Cisco Command Line Interface (CLI), enabling users to quickly and consistently implement the extended functionality in Cisco IOS software. Users can use the tools that are developed in-house for Cisco routers and switches to manage networks and standardize the network. Enterprise-class features include virtual local area network (VLAN), Quality of Service (QoS), proxy Mobile IP, supported standard Cisco Aironet features such as hot backup and load balancing, enabling enterprises to implement reliable intelligent network services. The Cisco aironet 1100 series can manage up to 16 VLANs, providing personalized LAN policies and services for different users.
In security, Cisco is at the forefront of wireless products, 802.1X certification, and since the introduction of some of the 820.11i core technology is based on Cisco technology, these security technologies together constitute a Cisco wireless product suite. Cisco Aironet 1100 uses this Cisco Security suite. The Cisco Wireless Security Suite uses the Extensible Authentication Protocol (EAP) framework to perform user-based authentication based on the 802.1X standards established for port network access. It supports all 802.1X authentication types, including EAP Cisco Wireless (LEAP), Protected Extensible Authentication Protocol (PEAP), Extensible Authentication Protocol Transport Layer Security (EAP-TLS), and EAP channel TLS (EAP-TTLS). Multiple remote access dial-up User Service (RADIUS) servers that support the same authentication type can be used to perform enterprise scalable, centralized user management. In addition, the Cisco Wireless Security suite includes the standard pre-interim Key Integrity Protocol (TKIP)-by-packet subdivision and message integrity Check (MIC), and broadcast key rotation. In summary, the CISCO aironet 1100 series integrates enterprise functionality, manageability, security, and availability in a scalable, easy to deploy, cost-effective WLAN solution. From this, we also know, why this product will be favored by enterprise users. Price: IT168 The quotation 3400~5200 the statistic.
Suitable for home users
Home users generally do not have anything that can cause hackers to focus on confidential information, most of them are good or curious people occasionally patronize, or try their own peeping ability. Because these are more than some of the primary technical staff, for home users, as long as the product security is better, do not need to take other complex layers of protection technology or equipment to achieve security needs. So here's a big introduction to two products for the home network. In the same way as described above, introduce a new, a hot.
1.3Com OfficeConnect 802.11g
3Com Company is a veteran wireless network products manufacturer, its products into series, high and low prices are available, quotations and purchase of all available, you can go to the IT168 network channels to view. 3Com this year in the United States held in the CeBIT exhibition at the Grand launch of the 802.11G standard fully compatible with the new wireless product series--3com OfficeConnect 802.11g Wireless solution. Includes the following three Wi-Fi certified devices:
Wireless access points: This new access point is not only compliant with the 802.11g and WPA security standards, but can be configured as a client bridge or access point, with a clear Channel Select (unblocked channel selection) feature to facilitate the execution of wireless configuration files.
Wireless gateways: Features such as the 802.11G Industrial Standard, WPA security, and clear Channel Select that are configured with access points, and additional wired security features are configured, including stateful packet checking firewalls, hacker mode detection, VPN passthrough, NAT, and URL filtering.
Wireless PC Card: integrates features such as 802.11g industry standards, WPA security features, and wireless LAN Manager to allow network administrators to perform wireless profiles and site scanning/browsing techniques.
The biggest feature of these three products is the unification of the Omni-directional IEEE 802.11g standard and the new WPA security features. 802.11G can be compatible with 802.11b, most notably the ability to reach the Mbps data rate. The new WPA security feature, which uses 256-bit encryption for wireless packets, enhances the encryption effect, eliminates the security constraints on existing wireless connection devices, and minimizes the risk of unauthorized access. This is a series of products adapted to the needs of home users, but it also applies to small businesses because of its WPA security features.
Because it is a new product, the author does not find the relevant price, interested friends, you can always focus on the company's homepage (www.3com.com.cn) or IT168 network channels.
2. Tsinghua Tongfang TFW3000
The reason to introduce this product, the most important point is that it is relative to the needs of the family, very affordable!
TFW3000 as a router for home users, provides 4 adaptive switching ports, and its WAN port also provides a switch button, in normal and uplink two states to convert, adapt to different connection cables, for the convenience of home users. It also provides PPPoE ADSL connections as well as static, dynamic cable WAN Connection Sharing. Generally this kind of broadband router will provide MAC address cloning, and this TFW3000 function is more simple. If you don't know the network card address of a PC that was bundled with a broadband service provider, just connect the PC to one of the 4 switching ports in TFW3000, and then click the Clone Mac button in the Setup interface to complete it, and the process is fairly straightforward. In addition, TFW3000 also has the print server function.
In the area of wireless network security, TFW3000 can provide a 64 or 128-bit WEP encryption connection to the user, or MAC address filtering for fixed wireless clients. When connected to the external Internet, TFW3000 provides locale server and DMZ host features that allow users to better leverage the IP address services of intranet or WAN. When subjected to external malicious attacks, the TFW3000 can close some of the attacked ports on its own, and can alert administrators by e-mail. For different needs, you can set different filtering rules for WAN to LAN, LAN to WAN, and TFW3000 also provides shielding for some URLs and keywords that should be restricted. Some of the more useful options for web filtering work are to mask embedded programs such as active controls, cookies, etc. on a Web page.
Such security settings for the enterprise, is not enough, but for the general family use, it is OK. Price: 999 yuan, plus a PCMCIA 802.11b wireless network card. Low prices should be the most attractive place for them.
By the way give friends a suggestion: ieee820.11i standard around September this year, in line with this standard products will be listed at the end of 2004, large-scale implementation in 2005. If we wait until the price is acceptable, it will be about 2006 years. Waiting is not always a way, then there are two better choices. One is the use of existing security technology and products, the formation of multi-level protection system, the other is the use of the market now has a WAP encryption function products. Of course, if it is enterprise users, regardless of what level of encryption products to adopt multi-level protection system is very necessary.