Windows XP Wireless Network Security

Windows XP has been widely used, but we may not know how to set wireless network security for Windows XP. How can we set it?

Although the early wireless networks were not launched for special reasons, it was unable to attract network attention for a long time. Now, with the shift in wireless prices, we are entering the ordinary homes, and more Internet users are using wireless networks. Wireless Security is attracting increasing attention from all walks of life.

The objective factors that affect the security and instability of wireless networks are still viruses and malicious users. service theft, data theft, data destruction, and normal use of wireless networks have a great impact. The following is a step-by-step explanation!

We should still follow the above sentence: "Simplicity is synonymous with insecurity", the biggest factor in XP's wireless security risk, it is precisely from XP's simplest and easy-to-use feature-"WIRELESS Zero Configuration? ZERO? CONFIGURATION), because the access point can automatically send and receive signals, once the XP client enters the wireless network signal coverage, it can automatically establish a connection, if you enter the signal coverage of multiple wireless networks, the system can automatically contact the nearest access point and automatically configure the network card to connect, the established connection SSID will appear in the "available network". Because many vendors use the half MAC address of the network card to name the SSID by default, the default SSID name can be inferred, after the attacker knows the default name, it is easy to connect to the network at least to the access point.

There are three main measures:

1. Enable the non-broadcast function of the wireless device without spreading the SSID.

This function needs to be found in the options of the hardware device. When enabled, the network is closed,

At this time, the person who wants to connect to the network must provide an accurate network name, instead of the network name automatically provided by the XP system.

2. Use an irregular network name. Do not use the default name.

If the network name is not broadcast, attackers can still speculate that the network name is connected to the network. Therefore, it is necessary to modify the default name.

For more information, see password setting.

3. Client MAC address filtering

Set that only clients with the specified MAC can connect to the access point. You can further check the connection.
The above three methods are only the basic settings of XP Wireless Security. Don't expect to be able to rest assured after these three steps are configured. From the current security settings, although some wireless attacks can be prevented, because no encryption measures are taken for the transmitted data, as long as attackers use some specific wireless LAN tools, you can capture various data packets in the air. By analyzing the content of these data packets, you can obtain various information, including the SSID and MAC address, therefore, the preceding three methods are useless for such attacks. The next step is to solve the wireless transmission encryption problem ---- WEP.

This is a highly controversial topic. Therefore, to avoid mistakes, we will not give a detailed explanation of the strengths and weaknesses of this issue. We will only include one sentence: "WEP provides comprehensive security for wireless LAN from data security and integrity to data source authenticity, but the WEP Key is easy to be obtained by attackers ". Although the vendor has been strengthened to address this issue, Microsoft also released the related upgrade packages (KB826942, support.microsoft.com/default.aspx? Scid = kb; zh-cn; 826942), but this problem cannot be solved fundamentally.

WEP runs on the Access Point. If WEP is enabled on 2000, the shared key provided by the client software must be used. If it is XP, it is not required, the system will prompt you when WEP is enabled for the first access. after entering the key, you can continue with the following Configuration:

1. Open "network connection" and click the properties of the wireless network card.

2. Select "preferred network", select or Add an entry, and click Properties.

3. Enable "Wireless Network Properties" and perform the following operations:

1) modify the "Network Name"

2) Check "Data Encryption (WEP )"

3) Check "network verification"

4) Select the key format (ASCII or hexadecimal) and key length (40 or 104) that match the access point ).

5) enter the correct "Network key"

6) do not select "automatically select key ".

4. Save and close.

OK. The settings for WEP in XP are basically complete. However, to make the wireless network more stable, let's look at other security measures that need attention:

1. Try to include a verification server in the network.

Configuring the network as all connection requests must first pass the verification of the server, which will greatly improve the security of the wireless network.

2. Modify the WEP Key once a month.

Because WEP has a record defect, it is recommended that you modify the WEP Key every other time.

3. Avoid interconnection between wired and wireless networks.

Wireless Networks should be independent. In order to avoid mutual involvement and increase security risks, wired and wireless networks should be separated, at least a firewall should be established between the two.

4. establish VPN Verification

Add a VPN Server between the Access Point and the network. As a result, attackers may be able to connect to the access point. However, they cannot access the network and cause no damage to the network.

5. Regular Maintenance

The maintenance content is to check the network and audit logs, and check the network to use some scanning tools that attack wireless networks, Netstumbler (.netstumbler.com/"> www.netstumbler.com)

Kismet www.kismetwireless.net

The focus of Review logs is to review Account Login Events.

The following is a list of wireless network checks for Ed Bott:

1. Set a strong password for the access point.

2. Disable remote management of access points.

3. the FirmWare of the wireless network device (FirmWare) is updated to the latest version.

4. Modify the default network name of the Access Point.

5. Use MAC Filter Control

6. enable WEP and set strong passwords.