Detailed description of wireless access network security specifications

Source: Internet
Author: User

Here we mainly introduce the Service Set Identifier (SSID), including the port access control technology (802.1x) and the link peer-to-peer Security (WEP. Nowadays, wireless Internet access is becoming increasingly popular, but the security of wireless Internet access is also becoming in danger. To protect personal privacy, the awareness of wireless Internet access security needs to be enhanced. Let's talk about wireless Internet access security specifications, which will be used by new users in the future. What are the specifications for wireless security? The following describes in detail.

Service Set Identifier (SSID)

You can set different SSID for the AP (Access Point) of multiple wireless Access points and require the wireless workstation to display the correct SSID to Access the AP. This allows users of different groups to Access the wireless network, and restrict resource access permissions. Therefore, it can be considered that the SSID is a simple password to provide certain security. However, if an AP is configured to broadcast its SSID outward, the security level will decrease. Generally, the user configures the client system on his/her own, so many people know the SSID and it is easy to share it with illegal users. Currently, some manufacturers support the "ANY" SSID mode. As long as the wireless workstation is within the range of any ap, the client will automatically connect to the AP, which will skip the SSID security function.

Physical address filtering (MAC)

Because each Nic of a wireless workstation has a unique physical address, you can manually maintain a list of MAC addresses that are allowed to access the AP to filter physical addresses. This scheme requires the MAC address list in the AP to be updated at any time, with poor scalability. In theory, MAC addresses can be forged, so this is also a low level of authorization authentication. Physical address filtering is a hardware authentication rather than user authentication. This method requires that the MAC address list in the AP be updated at any time. Currently, it is performed manually. If the number of users increases, the scalability is poor. Therefore, it is only suitable for small networks.

Wired peer-to-peer confidentiality (WEP)

RC4 symmetric encryption technology is used at the link layer. The user's encryption key must be the same as the AP's key to allow access to network resources, thus preventing unauthorized user listening and unauthorized user access. WEP provides a 40-bit (sometimes called 64-bit) and 128-bit key mechanism, but it still has many drawbacks. For example, all users in a service area share the same key, if a user loses a key, the entire network is insecure. In addition, 40-bit keys are easily cracked today. Keys are static and need to be manually maintained with poor scalability. To improve security, we recommend that you use a 128-bit encryption key.

Wi-Fi protection Wireless Access Network (WPA)

WPA (Wi-Fi Protected Access) is a new technology that inherits the basic principles of WEP and solves the disadvantages of WEP. Because the algorithm for generating encryption keys is enhanced, even if the group information is collected and parsed, it is almost impossible to calculate a general key. The principle is to generate different keys for each group based on the general key and the serial number indicating the computer MAC address and group information. This key is then used for RC4 encryption like WEP. Through this processing, the data exchanged for all group information of all clients is encrypted by different keys. No matter how much data is collected, it is almost impossible to crack the original universal key. WPA also adds functions and authentication functions to prevent data tampering in the middle. With these features, all the shortcomings that were previously criticized by WEP have been solved. WPA is not only a more powerful encryption method than WEP, but also has a richer connotation. As a subset of the 802.11i standard, WPA consists of authentication, encryption, and data integrity verification. It is a complete security solution.

National Standard (WAPI)

WAPI (WLAN Authenticationand Privacy Infrastructure) is the basic structure of Wireless LAN authentication and confidentiality. It is designed for the security of WEP protocol in, the WLAN security solution proposed in GB15629.11, China's national wireless LAN standard. At the same time, this scheme has been reviewed and approved by the ISO/IEC authorized Authority (IEEE registry Authority. It uses a certificate mechanism based on the public key cryptography system to implement bidirectional identification between mobile terminals (MT) and wireless access points (AP. You only need to install a certificate to roam across different regions that cover the WLAN for your convenience. Services that are compatible with existing billing technologies can be billed on time, by traffic, or by monthly subscription. After the AP sets the certificate, it no longer needs to set up the AAA Server in the background. It is easy to install, set up, and expand easily, and can meet the needs of multiple application modes such as home, enterprise, and carrier.

Port Access Control Technology (802.1x)

This technology is also an enhanced network security solution for wireless LAN. When the STA of the wireless workstation is associated with the AP of the wireless access point, whether the AP service can be used depends on the 802.1x authentication result. If the authentication succeeds, the AP opens the logical port for the STA. Otherwise, the user is not allowed to access the Internet. 802.1x requires the wireless workstation to install 802.1x client software. The wireless access point must be embedded with an 802.1x Authentication Proxy. It also serves as a Radius client to forward user authentication information to the Radius server. In addition to port access control, 802.1x also provides user-based authentication systems and billing, which is particularly suitable for Public Wireless Access Network Solutions.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.