Establish a Secure and Efficient wireless LAN on three sides

Source: Internet
Author: User

Wireless LAN technology has become the mainstay of many technologies. How can we efficiently establish Wireless LAN? Next let's take a look at this article.

As a supplement to wired networks, wireless networks have become a hot topic of Internet applications. With wireless networks, we do not need to be subject to time and space constraints when working through networks, the ability to access any content in the Internet network anytime, anywhere, and no longer need to worry about cabling, so many units have begun to build wireless LAN.

However, to build a secure and efficient wireless LAN, we should proceed from the actual needs of the organization to ensure that the establishment and successful establishment of a wireless LAN can more effectively improve the office efficiency of the Organization, ensure that the organization's network information is not exposed at will, and ensure that the organization's network can be smoothly upgraded in the future.

Attack from security

Safe operation is the primary condition for establishing a wireless LAN network. Because the wireless LAN transmits information through radio waves, wireless Internet access signals are more or less affected by transmission distance and spatial obstacles during information transmission, many organizations require the most basic use of wireless LAN networks to ensure secure and stable network operation.

At the same time, considering that the wireless LAN itself is a fully open network, any laptop or workstation with a wireless Nic device can access the content in the wireless network, obviously, this poses a great security risk for wireless LAN in many organizations. Therefore, we should first ensure security when establishing a wireless LAN.

The easiest way to protect a wireless LAN is to disable the SSID identifier Broadcast Function and set a more complex SSID name for the wireless network, in this way, even if some illegal workstations are within the coverage of the wireless LAN network, they cannot access the content in the wireless LAN because they cannot know the SSID name. However, this method is relatively simple, it is easy to be guessed by some advanced users.

Currently, the commonly used security measures for wireless LAN are a series of security mechanisms proposed by 802.11. For example, If WEP or WPA is used to encrypt or decrypt wireless Internet access signals, illegal users who do not know the specific key content cannot access the data in the wireless LAN.

In addition, to avoid the theft of some professional eavesdropping tools, WEP encryption technology provides us with several key algorithms with 40-bit, 128-bit, or even 152-bit length, WPA encryption technology provides two encryption methods: TKIP and AES, which can effectively prevent the encrypted signal from being cracked.

In addition, the 802.11 standard provides us with security protection mechanisms such as Access Control tables, key management, shared key authentication, open system authentication, and closed network access control; by cleverly combining these security protection mechanisms, we can enable the established Wireless LAN to achieve the same security operation level as the wired LAN.

Of course, the series of security mechanisms proposed in the 802.11 standard also have some obvious security defects. To make up for these shortcomings, many companies have begun to take remedial measures. For example, VPN technology can effectively improve the secure performance of the wireless LAN. By Using VPN technology, we can provide three levels of security protection for wireless LAN, namely user authentication, encryption, and data authentication. User Authentication ensures that only authorized users are eligible for wireless network connection and access.

Encryption ensures that even if illegal users use professional tools to intercept wireless Internet access signals, they do not have enough energy and time to decrypt these encrypted wireless Internet access signals; data Authentication ensures data integrity transmitted in the wireless LAN, and ensures that all signal streams come from authenticated devices. We can also use the system firewall to perform security interaction with the intrusion monitoring system. By Correctly Setting the intrusion monitoring system, we can make policy interaction with the system firewall, this ensures the security of Wireless LAN access.

For example, we can dynamically check the information packets that come in and out of the wireless LAN. Once an exception occurs in or out of the network, an alarm is triggered in a timely manner, and policy interaction is performed through the firewall, it can effectively block illegal network intrusion.

Attack from scope

The range actually refers to the signal coverage of the wireless LAN. If a unit is large in size and has many office areas and living rooms, then the wireless LAN signal we set up must cover all areas of the unit, in this way, employees of the Organization can access the Internet conveniently anywhere in the Organization.

To improve the signal coverage of a wireless LAN, we should first clarify the transmission protocol of the wireless network. Generally, the wireless network protocols that we often use include the following types: 802.11, IEEE802.11a, IEEE802.11b, and IEEE802.11g.

Although IEEE 802.11, IEEE802.11a and other standards are no longer used, these protocols are the first generation of communication standards used by wireless networks. Currently, the mainstream communication protocol used by wireless LAN is IEEE802.11g. This standard protocol not only provides fast communication speed, but also provides better system compatibility and is easy to accept in terms of price.

When building a wireless LAN, many people often choose wireless node devices with very strong signals. They think that the higher the signal of wireless node devices, therefore, the larger the coverage range of the wireless LAN signal formed by the device is. In fact, this recognition is wrong! We know that the main measures to enhance the signal transmission of wireless nodes are to enhance the antenna gain and improve the transmit power.

The higher the gain of the selected wireless node device, the higher the signal transmission capability of the wireless node device, and the higher the sensitivity of wireless Internet access. The higher the transmit power of the selected wireless node device, the wider the signal coverage of the wireless node device and the stronger the penetration capability.

However, if the signal of the wireless node device is too strong, the signal coverage of the wireless LAN is also very large, but the range of the actual controllable area is reduced, and the security of the wireless LAN is affected. For example, if a unit is in a remote dead corner, although the employee may receive a signal at this location, the security of the employee accessing the wireless LAN in this location is not the best.

According to the previous communication protocol introduction, many friends may think that the higher the standard of the selected wireless communication protocol, the better. Indeed, on the surface, the higher the selected communication protocol standard, the farther the signal coverage of the wireless node device is. This is precisely because many friends often spend a lot of money to pursue wireless node devices with high technical indicators when setting up a wireless LAN, rather than considering the ease of use of wireless node devices.

In fact, although the latest standard wireless communication protocol is relatively advanced, its technology is not very mature, and its compatibility with other devices is not very good, more importantly, the price of wireless node devices using the latest standard technology exceeds 7-8 times that of mainstream products in the market. Therefore, for small and medium-sized enterprises, it is more than enough to use the very mature IEEE802.11g protocol.

Attack from expansion

In general, a unit tends to grow and grow with the passage of time, so the area of the office area of the unit tends to expand constantly. Therefore, when we set up a wireless LAN for the Unit, we must consider the scalability of the network. Although the wireless LAN is different from the wired LAN, if we do not reserve a good place in advance, we will also encounter a lot of trouble when upgrading the network in the future.

Considering that there may be many obstacles in the office space within the Organization, we should try our best to use wireless node devices with High Penetration ability when setting up a wireless LAN, at the same time, ensure that the selected wireless node device has a large signal coverage range.

For example, we can place one or more wireless node devices in the center of the office area based on the Space Location and actual usage requirements of the office space, connect these wireless node devices with wired cables to ensure that these wireless node devices can work in a reliable environment, this not only improves the stability of the wireless LAN, but also facilitates smooth expansion of the wireless network.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.