Eight major technologies of wireless security and solutions

The vastness of the sea, the deep cliff hole, in a silvery white beach, with notebooks on your lap you are gracefully looking at the latest stock information and football information on the couch, enjoying the unlimited space of free, mobile, and anytime wireless networks. Suddenly, mouse stagnation, blurred screen, system paralysis, then automatically shutdown, in that moment, your first feeling is what? Yes, viruses, hackers, or Trojans, this is the dual nature of wireless networks.

On the one hand, it can bring users to fly the feeling of surfing the general web, on the other hand, it can also bring users to the uncertain network security. Like wired networks, viruses, hackers, worms, Trojans, and spyware are all the time threatening the safety of wireless networks, and wireless networks are more vulnerable than wired networks because users are less secure and technically skilled at using wireless networks. It is not possible to stop the production of a gun because someone has killed it, nor will it be able to promote the use of wireless networks because of the potential security implications of wireless networks. In fact, wireless network security risks are not scary, as long as the master of some basic wireless network security technology, you can swim network without fear of viruses.

Wireless network: Strengthening security precautions imminent

In the study to stay tired, Xiao Ming against the notebook came to the living room, strange find the speed of the Internet how suddenly become faster? is the access to the AP (AP in the study) faster? Of course not, this is because because the living room is closer to the study next door, Xiaoming accidentally visited the neighbor's wireless network, and the Neighbor application network speed is faster than Xiaoming's result. Let's assume that Xiaoming then visits the neighbor's shared disk, which has the bank card password, the tender, the personal diary, and even some personal pictures.

In order for more people to be able to access, wireless networks have chosen to transmit through specific radio waves, and within the effective range of this launch frequency, any person with a suitable receiving device can capture the signal of that frequency and then enter the target network an employee can also access the corporate network on the company's balcony, but it also means Squatting under the company balcony the competitor's intelligence can also visit the company's network, unimpeded, and the person holding a notebook, can also go to the country's competitors balcony down to get some information. (Computer science)

This is not a hypothetical, but a fact. A recent survey by relevant agencies found that 85% of the IT enterprise network managers believe that wireless network security awareness and means need to be further strengthened. Due to the poor consideration of the WiFi 802.11 specification security protocol, the wireless network has a security vulnerability, which gives an attacker a man-in-the-middle attack (the middle, DOS, and packet-cracking attacks). In view of the characteristics of the wireless network itself, attackers can find a network interface, in the company's building next to the customer network, wanton theft of corporate secrets or sabotage. In addition, the enterprise staff to the wireless equipment irresponsible misuse also can cause the security hidden danger, for example, irresponsible assumptions open AP, open Wireless network card ad hoc mode, or mistaken for other people fake legitimate access point leads to information disclosure and so on "wireless network industry next competition in security, to open up wireless network applications in the new era, You must weave a higher-secure wireless network. "The safety of wireless networks will trigger the next round of technological revolutions in wireless networks," said Mr. Guo Yong, the technical manager of ASUS Network Communications. Who is the first to break through the technical bottlenecks, to create the safest wireless network, who will become the leading force to promote industry progress, famous battlefield, commanding the warlords.

Technology: Analysis of advantages and disadvantages of eight technologies

From the security risks described above, we can see that many times, it is not the technology but the internal staff use the wireless network improper to create security risks. So, to solve the problem of wireless network security, we must start with the people who use the wireless network, strengthen their security awareness, strengthen their security technology means. At present, many people on the wireless network related security technology is only a smattering.

Below, this article will focus on the industry to exclude wireless network security risks of the eight mainstream technology of their pros and cons and the scope of application, hope to be in the confusion of wireless users and prepare the framework of WLAN equipment users some advice and guidance, in the actual implementation of the process of knowing, preparedness.

Hide SSID

The SSID, the short name of the service Set identifier, allows wireless clients to identify different wireless networks, similar to the mechanism of our mobile phone recognition of different mobile operators. The parameter is broadcast by the AP wireless access point in the device default setting, the client only receives this parameter or manually sets the same SSID as the AP to connect to the wireless network. And if we disable this broadcast, a typical roaming user cannot connect to the network without the SSID being found.

It should be noted that if the hacker uses other means to obtain the appropriate parameters, still access to the target network, therefore, the hidden SSID is suitable for the general Soho environment as a simple password security method.

MAC address filtering

As the name suggests, this approach is to access the specified wireless card's physical address (MAC address) into the AP by setting the AP. The AP will make a judgment on each packet received, and only those who meet the set criteria can be forwarded, otherwise they would be discarded.

This approach is cumbersome and does not support a large number of mobile clients. In addition, if hackers steal legitimate MAC address information, can still be used in a variety of ways to fake MAC address landing network, General Soho, Small Business Studios can use this security method.

WEP encryption:

WEP is the short name of Wired Equivalent privacy, and all WiFi-certified devices support the security protocol. The RC4 encryption algorithm with 64-bit or 128-bit encryption key is used to ensure that the transmitted data is not intercepted in plaintext.

This method needs to configure the password on each set of mobile devices and AP, the deployment is troublesome, the use of static non-exchange key, security is also questioned by the industry, but it can still block the general data interception attacks, generally used in Soho, small and medium-sized enterprises security encryption.

AP Isolation

A VLAN similar to a wired network that completely isolates all wireless client devices so that they can only access the fixed network of AP connections.

This method is used for the erection of hot spot in public hotspots such as hotels and airports, which keeps the wireless clients isolated and provides secure Internet access.

802.1X protocol

The 802.1X protocol is defined by IEEE for port Access and control in Ethernet and wireless LAN. 802.1X introduces the PPP protocol-defined Extended authentication protocol EAP. As an extended authentication protocol, EAP can use MD5, one-time passwords, smart cards, public keys, and more authentication mechanisms to provide a higher level of security. In the area of user authentication, 802.1X client authentication requests can also be authenticated by an external RADIUS server. The certification belongs to the transition period method and each vendor realizes the different methods, which directly cause the compatibility problem.

This approach requires expertise deployment and RADIUS server support, which is expensive and is typically used for enterprise wireless network layouts.

WPA

WPA, the abbreviation for Wi-Fi Protected Access, is a small part of the next-generation wireless Specification 802.11i transition program. WPA takes the lead in using the encryption technology in 802.11i-tkip (temporal Key Integrity Protocol), a technique that can significantly address 802.11 of security issues that were previously hidden by using WEP.

Many clients and APS do not support the WPA protocol, and TKIP encryption still does not meet the needs of high-end enterprise and government encryption, which is used for enterprise wireless network deployments.

WPA2

WPA2 is compatible with WPA and supports more advanced AES encryption to better address security issues in wireless networks.

Because some APS and most mobile clients do not support this protocol, although Microsoft has provided the latest WPA2 patches, it still needs to be deployed to the client. This method is applicable to enterprises, Government and SOHO users.

802.11i

IEEE is developing a new generation of wireless specs that are dedicated to solving the security problems of wireless networks completely, including encryption technology AES (Advanced encryption Standard) and TKIP, as well as authentication protocol ieee802.1x.

Although this protocol can theoretically address wireless network security issues in a thorough way, it applies to wireless deployments of all corporate networks, but so far no products are available to support this protocol.

To sum up, different wireless network users are exposed to different levels of security threats, and the technical support they need differs. Therefore, we recommend different security solutions according to the different needs of different users.

Soho Users

Soho users can use hidden Ssid,mac address filtering, WEP and other methods for simple protection, in addition, if the device support, can be deployed in WPA-PSK mode, because the PSK method is relatively simple.

SMB User:

Suitable for all the above security measures, including WPA,WEP, hidden Ssid,mac address filtering, and even VPN protocols.

Hot pot or public WLAN

can use the Web authentication and the AP wireless customer two layer isolation security

Large enterprises and government

It is recommended to use WPA2 security encryption scheme to ensure the best encryption effect at present. Since the advent of wireless networks, discussions on their security issues have not stopped, and the attitudes towards wireless networks have also been different. Opponents believe that the wireless network is too insecure, should be used sparingly, and proponents believe that should vigorously promote the convenient, free wireless network, as long as the user in accordance with the security to strengthen the prevention can be, because in technology, the network equipment manufacturers are spared no effort to explore solutions to the safety of wireless network methods, For example, domestic well-known network communications equipment manufacturers Asus rely on a strong independent research and development team, and constantly introduce new, to develop suitable for each layer of users of high security wireless network equipment, so that users in the family, enterprises, and even government applications can be handy.