China's wireless access technology is developing very rapidly. It may not matter if many people do not know how to solve the security problems in wireless access technology. After reading this article, you will certainly have a lot of GAINS, I hope this article will teach you more things. If you ask any IT professional who is familiar with security about the use of wireless networks in an enterprise environment, they will tell you that Common AP security measures cannot really solve the problem. The broadcast nature of wireless communication, the increasingly advanced wireless access technology listening tools, and the means to crack the wireless access technology AP to transmit data, all indicate that no additional measures are adopted, and the wireless access technology network is not safe. Most experts suggest placing the Wireless AP in their own CIDR blocks and using a firewall to protect the CIDR Block from connecting other parts of the Intranet to the Wireless AP.
The next step is to allow all your wireless users to use virtual private network software. Your wireless access technology will be safer. At the same time, if your network has a DMZ semi-military area, the semi-secure area between the internal network and the External Internet), use this DMZ. If there is no DMZ, we will stick to the old method and use a separate cable isolation or AP virtual network to allow data to pass through a firewall before entering the Intranet, only let this communication stay on the security side of the network.
There are two ways to combine virtual private network and Wireless AP. The first method is to place the AP on the interface of the Windows Server, and use the built-in Virtual Private Network Software of Windows to increase the coverage of wireless communication. This method allows you to use the built-in Windows client software and L2TP and IPSec software to encrypt your wireless network communication. This technology is also applicable to other operating systems that support the same built-in or free virtual private network client software.
The advantage of this method is the use of built-in software, the client software changes very little, it is very easy to set and apply, no additional server or hardware costs. The disadvantage of this method is that the additional load on the existing Server is increased. The load varies depending on the number of APS you provide and the number of customers who use these aps ). The server may fail to execute other tasks. If the same server also provides firewall functions, additional loads may prompt other servers or adopt different methods.
The second method includes using a wireless ap that contains the built-in Virtual Private Network Gateway Service. Companies such as SonicWall, WatchGuard, and Colubris currently provide a single chassis solution. This solution integrates AP and virtual private network functions, making it easier to use wireless access technology to secure networks. These two pre-encapsulated functions are combined together, and the device can easily install, set, configure, and manage, and it is easy to enforce policies, let every wireless connection use a virtual private network to complete the connection. Because this method is easy to choose when used, encryption is more reasonable, avoiding the cost of 802.1x encryption for virtual private network connections. The weakness of this method includes the high price. purchasing new machines can only meet the needs of new wireless LAN subnets, without changing hardware, it is difficult to upgrade from one wireless access technology to another.
A hybrid approach may include using client software with existing Wireless AP and planning to transition to a new device-based product. Another method is to specify a server in DMZ or in its own network segment to handle wireless access technical connections, VPN gateway requirements, and firewall information, and enable or disable the wireless network segment. However, by adding a virtual private network, you can improve security and feel more confident. Sometimes daily network communication is as secure as in a wired network.