Five major precautions for wireless network security

Protection of wireless network security first requires the same security measures as the protection of traditional networks, followed by other special measures. In the area of wireless networking, you need to consider the problem in the face of Wi-Fi networks and devices: strong enough encryption, proper preservation of certificates, and safe operation.

Compared with the wired network, wireless network security is not another kind of network security, but a more comprehensive and reliable network security.

Not destroying your own firewall is almost certain that you have installed a firewall for both wired and wireless networks, which is absolutely correct. However, if you do not place the wireless system access point outside the firewall, the configuration of the firewall is useless. You should make sure that this is not the case, otherwise you can not only create a necessary barrier for the network, but also open a convenient channel from the existing firewall.

Do not underestimate media access control media access control (media access controls that is Mac) is often overlooked because it does not prevent spoofing behavior. But for the protection of the entire system of barriers, it is undoubtedly an important brick. In essence it is another address filter and is able to block potential hacker intrusions. What it does is restrict network access to specific devices based on the address-based access control list you have identified.

The MAC also provides the ability to adjust access control lists for potential intruders. Its principles and intruders must be knocked out before they are shut out.

If you already have a Mac, the intruder is sure to bump into the system before it hits it, and then only make a comeback to try to cross it. Now your network can already know what the intruder looks like. So your Mac list includes three categories of visitors: first, a friendly visitor in the list of visitors; second, there are no visitors on the list and unintended visitors, and third, visitors who are not in the list but are sure that they have uninvited and tried to break in before. If they are going to try to break in, they can now be sure.

In short, if you detect a wireless network and find that a visitor is not on the Mac list trying to initiate a visit more than once, you are already being spied upon by a potential attacker, and he will not know that you have found him.

Do not ignore WEP Wired equivalent encryption (Wired equivalent PRIVACY,WEP) is a wireless network security protocol that conforms to the 802.11B standard. It encrypts data when it is sent by wireless data, and the encryption range covers any data you use. Be sure to use it. However, it must be emphasized that it is based on a key, so do not always use the default key. You should even create a separate WEP key for the individual user who first accesses the system. Of course, you can't think of WEP as the right one. Even multiple encryption does not guarantee that you are foolproof, so you should combine WEP with other wireless security measures.

Prohibiting unauthorized access point access points can now be easily set up, and for a task-intensive IT department, it may often simply take simple access rules and follow on-demand policies (as-needed basis) to allow users to set access points. But please do not be tempted by this convenience. Access points are the number one target for intruders. Configuration strategies and processes should be studied in detail, and they should be strictly adhered to.

What should be included in these policies and procedures? First, you must carefully work out the correct guidelines for placing access points, and ensure that anyone has a policy at hand when configuring AP. Second, you must have an installation note to indicate the AP that already exists in your wireless network configuration (for future reference), as well as the specific process of properly releasing the configuration and allowing you to review the configuration. And regardless of who set up the AP, you should immediately specify another person to review the installation. Is this a problem? But because of the AP cheat or slip through the safety of the accident will give you more headaches.

Reject notebook Ad-hoc mode Access this drastic measure should be taken in any enterprise. The Ad-hoc mode will allow Wi-Fi users to connect directly to another adjacent notebook, which will constitute a horrible network environment that you cannot imagine at all.

As part of the 802.11 standard, Ad hoc mode allows your notebook network interface card to run in the standalone basic service set (independent basic services SET,IBSS) mode. This means that it can connect to another laptop via RF. When you use Ad-hoc mode, you will naturally want to connect to other notebooks via a wireless network. From a superficial point of view, this will be a fascinating trick, because no one can shut out the connection. But it must be realized that it allows access to the entire hard drive of the notebook. If you set it to be allowed, and forget it, all of your things will be left to the world without reservation.

And the danger is not limited to your defenseless machine. An intruder can use a networked laptop as a gateway to the Internet. If you put the machine in ad hoc mode and someone invades it, you are exposed to more than just your own computer, but the entire network.

You must avoid the dangerous habit of never trying to allow ad hoc mode from the start of first use. The risk of accepting this model is far greater than the convenience it offers.