Exercise caution when deploying wireless networks.

When we configure wireless networks, we should exercise caution when deploying the six principles of wireless networks. Let's take a look at how this article introduces them.

Wireless Networks establish a secure wireless network access node access point) The starting point is to prevent information leakage from unauthorized external access. This principle is often difficult to understand. The security settings of wireless networks are much more complex than those of ordinary cable networks, because the access nodes of the cable networks are fixed and within the signal sending and receiving range of wireless networks, all nodes can be connected.

Problems caused by the characteristics of the wireless network itself are inevitable, but the adoption of correct wireless network system protection measures will protect users' systems and avoid serious security problems. If you configure it rashly, this non-secure wireless network will cause "service unavailability" or become a stepping stone to attack other networks ". To minimize the risks caused by security vulnerabilities, make sure that network technicians configure and test according to the following suggestions.

1. Configure the antenna installation position

This is the first step to achieve "non-leak" wireless access nodes. the wireless signal coverage is used to determine the location of the Access Node antenna. Do not place the antenna next to the window because the glass cannot block the leakage of the signal. Ideally, it is best to place the signal transmitting antenna in the center of the work area to minimize the signal leakage. Of course, the above situation is unlikely to be completely done, but as long as you try to ensure that the above principles are followed, there will be no errors.

2. Use WEP wireless encryption protocol)

WEP wireless encryption protocol) is a standard for data transmission encryption in wireless networks. Although it still has obvious vulnerabilities, it is quite effective to prevent common hackers. Many vendors of Wireless Access Node products set WEP to disable for easy installation. Therefore, once the node antenna starts to send and receive signals, hackers can use the sniffer to access wireless data in plaintext.

3. Change the SSID settings and cancel broadcasting.

The service set identifier (SSID) is used to identify the initialization string used by the Wireless Access Node. The client needs to initialize the connection through the SSID. This checker is set by the manufacturer. The same default value is used for the same manufacturer's products. For example, 3Com devices use the "101" string. If the hacker understands the corresponding initialization string, the unauthorized link can be easily established. Therefore, I suggest you change the SSID initialization string When configuring your wireless network so that it is difficult to guess, and restrict the SSID broadcast of the checker with conditional permission, to prevent illegal links. The network will still be available, but it will not give hackers a chance.

4. Cancel Dynamic Host Configuration Protocol DHCP)

This security policy sounds strange, but it is very effective for the security of wireless networks. After taking this measure, hackers will have to guess the IP address, subnet mask, and other necessary TCP/IP parameters of your organization's network. Even if hackers can access your organization's wireless network nodes, but if you do not know the IP address and other such content, it is still not allowed to access the door.

5. cancel or change SNMP settings

If your Access Node supports SNMP, cancel or change the Public and Private Public strings. If you do not take this step, hackers will use SNMP to obtain important information about your organization's network.

6. access list

To further protect your wireless network, set an access list. Not all wireless access nodes support this feature. However, if your organization's network administrator performs this step, it will implement precise rules for connecting machines that can access the node. Some access nodes that support this feature use the TFTP protocol to periodically download and update the access list. In this way, the Network Administrator does not need to synchronize the access list settings on each device.