WAPI is a wireless security protocol standard developed by China. It is more secure than other standards. Here, WAPI is not the focus of this article, but wireless network security is the center of our discussion. Security first, and others are second. I hope this article will give some inspiration to the network security problems in enterprises.
Wireless Network Security
Because wireless transmission is transmitted through open air waves, wireless network data is more easily eavesdropped or interfered. If your wireless network is not well protected, unauthenticated wireless eavesdroppers war driver) or other people in your wireless network can do the following:
Theft of the company's Internet bandwidth, free access to the network, and manufacturing traffic, reducing access by legal users.
Use your network as a stepping stone to attack other computers or conduct illegal activities, such as downloading or spreading pirated software, pirated music or child pornography.
View, copy, modify, or delete computer files on the company's wireless wired network.
Infect the company's computers with viruses, trov Trojans, worms, and other malware.
Service blocking is triggered by taking the workstation on the company's network as a machine or overloading the network, making it unable to provide services to legal users.
Small-scale and low-budget Wireless Network Security
Small companies generally only have a limited budget, which often means they do not have around-the-clock network administrators and cannot afford to properly set up wireless network security management experts. However, the good news is that it is safer to make the Internet than the "factory default" without spending a lot of money. The key is correct settings.
The goal of each security management plan is to prevent potential intruders or attackers by making intrusion procedures more complex, taking more time and getting caught. Even if you install a barrier in your yard, lock the door, raise a dog in the yard, plug in a bolt in the window and door, and install an anti-theft device, you cannot guarantee that the thief will not come in-in fact, A professional thief can almost avoid these things-but you can increase their difficulty. This means that sudden intruders are more likely to avoid your home and find a house with easier access to steal.
Generally, hackers on the internet tend to find simple targets like traditional thieves to intrude into the network. Therefore, the more obstacles you put, the more likely they will give up and find another network that is more easily infiltrated. In particular, many wireless networks do not even have any security protection.
Some wireless network security experts may tell you that protection measures such as changing the preset SSID, disabling SSID broadcast, and Enabling MAC filtering are useless because there is always a way to crack these protections. This is a bit like saying that if your lock is cheap and easy to crack, you don't need to lock it at all. Although your overall enterprise wireless network security cannot only rely on these simple methods, any one of them can slow down intruders and increase their difficulty, therefore, these measures should be put into your wireless network security plan.
Small enterprises can also use the following cheap or free security measures to connect to a cheap wireless network:
Use a fixed IP address to disable dhcp on the vrowap or WAP, so that unauthorized users cannot easily obtain a usable IP address.
Minimize the coverage of wireless access points. remote intruders must use a high-gain antenna to receive signals.
Disable WAP when you do not need a wireless network. Some small companies may need wireless networks only occasionally, for example when their partners come to the company or when employees who move around in the office need to use laptops.
Of course, encryption is one of the best security measures you can install for free. Please be sure to use wireless networks to protect access to WPA) instead of wireless peer-to-peer Security WEP) for encryption, because the latter is far more vulnerable than the former. To use WPA, you can update your WAP and/or your wireless NIC, but this is worth the cost. If you have not continuously updated your operating system, you may also need to install the WPA client on your computer. However, if you are safe with the latest Windows XP service pack, or you can switch to Windows Vista to support WPA, which also provides other security protection ).
Wireless Network Security for large organizations
As the company grows, it is more important to restrict the use of wireless networks. It is important to establish a policy to prevent the emergence of unspecified wireless access points and to regularly monitor and track them. However, good policies are not enough. You also need to spend some money to implement them.
Use firewall separation to separate one or more wireless networks of the company, or consider deploying a Wireless Access Network in DMZ or the surrounding network, even if the wireless client is cracked, intruders still cannot attack the wired network. At the same time, users on the wireless network are required to use VPN when connecting to the wired network.
Use IDS or response sensors to monitor all connections on the wireless network. Use network access protection to manage wireless clients so that they can be correctly set before the computer uses the network.
Conducts penetration tests on wireless networks to assess the security threats of wireless networks and then resolve them.
Conclusion
Wireless Networks can make it easier for you to process your business. However, they can also make it easier for intruders to conduct illegal activities. It is important to establish a wireless network plan to meet the company's needs. As the company and wireless network security budget grow, you can join more and more complex security mechanisms.