Wireless NetworkAnd wirelessLanThe emergence of this greatly improves the speed and quality of information exchange, and provides many users with convenient and sub-even network services, however, due to the characteristics of wireless networks, security risks are also caused. With the rapid development of information technology, many networks have begun to achieve wireless network coverage to achieve electronic information exchange and resource sharing. Specifically, due to the open design of wireless media signal transmission, this makes it difficult to effectively protect the transmission media during transmission, which may lead to interception of transmission signals by others. Attackers can exploit this vulnerability to attack the network. Therefore, how to implement an effective security protection mechanism for wireless network signals and wireless LAN during the design of networking and network has become a major topic facing wireless networks.
I. Wireless Network Security Risk Analysis
The basic principle of a wireless LAN is to connect a single computer terminal through wireless communication technology within an enterprise or organization to form a resource sharing system that can connect and communicate with each other. Wireless LAN is different from wired LAN in that it uses space electromagnetic waves to replace traditional limited cables for information transmission and connection. Compared with the traditional wired LAN, the construction of wireless networks enhances the mobile capability of computer terminals. At the same time, it is easy to install and is not limited by geographical locations and space, greatly improving the efficiency of information transmission, however, due to the characteristics of the wireless LAN, it is difficult for it to adopt the same network security mechanism as the wired LAN to protect the security of information transmission, in other words, the security measures of wireless networks are more difficult than those of wired networks.
IT technicians are faced with two major problems in Planning and Building wireless networks: first, there are too many standards and security solutions on the market, so they have no choice but to choose what is best. Second, how can we avoid network intrusion or attacks? In the wired network stage, technicians can deploy firewall hardware security devices to build a line of defense against external attacks. However, "both protection lines are often broken from the inside ". Due to the convenience of wireless network access, the wired network defense devices that we originally deployed were easily bypassed, making them a "Maginot line of defense ".
The main security threats to wireless networks are as follows:
1. Data eavesdropping. Eavesdropping on network transmission can cause leakage of confidential and sensitive data, exposure of unprotected user creden。, and identity theft. IT also allows experienced intruders to use mobile phone information about the user's IT environment and then use this information to attack systems or data that are not easy to be attacked in other circumstances. It even provides attackers with a series of commercial information for social engineering attacks.
2. Intercept and tamper with transmitted data. If an attacker can connect to an internal network, he can use a malicious computer to intercept or even modify the network data transmitted by two legitimate swords by forging a gateway.
Ii. Common wireless network security measures
Based on the above security threats to wireless networks, it is not difficult to find that "Access Control" is the most direct measure to ensure the security of wireless networks. At present, the wireless network security measures are basically used to defend intruders at the access level. Common Security measures include the following.
1. MAC address filtering
MAC address filtering is a common security precaution in wired network security measures. Therefore, it operates in the same way as vswitches in wired networks. The physical address (MAC address) of the specified wireless network adapter is sent to each AP through the wireless controller, stored directly in the wireless controller, or set on the AP switch side.
2. Hide the SSID
A Service Set Identifier (SSID) is used to distinguish different networks. It acts like a VLAN in a wired network, after a computer connects to a network of another SSID, it cannot directly communicate with the network of another SSID. The SSID is often used as the identifier of different network services. A ssid consists of up to 32 characters. A valid SIID must be provided when a wireless terminal connects to a wireless network. Only the matched SSID can be accessed. Generally, Wireless AP broadcasts the SSID. In this way, the access terminal can scan to find out which wireless networks are available nearby, such as the built-in scanning function of Windows XP, you can list the SSID of all wireless networks that can be connected. Therefore, for security reasons, you can set the AP to not broadcast the SSID, and construct the SSID name into a long string that is not easy to guess. In this way, because the SSID is hidden, the access end cannot scan the existing wireless network through the built-in functions of the system, even if he knows that a wireless network exists, however, you cannot guess the full name of the SSID to access the network.
Iii. Selection of wireless network security measures
There is always a conflict between the convenience and security of applications. The higher the security, it must be at the cost of loss of convenience. However, in actual wireless network applications, we have to consider the convenience of applications. Therefore, we should consider convenience and security in our selection of wireless network security measures in a balanced manner.
The WAP encryption mode is used for Wireless AP access. Attackers can detect the SSID no matter whether the SSID is hidden or not through special software. Therefore, the SSID is not hidden to improve access convenience. In this way, you only need to enter the access password for the first time during access, and then you do not need to enter the access password.
The combination of forced Portal and 802.1x authentication methods can effectively solve the security of wireless networks and has certain practical significance. Visitors are concerned about convenience and efficiency, but do not have high security requirements. The Force Portal authentication method does not require additional client software to be installed on the user end. Users can directly access the Internet after authentication using a Web browser. This method is simple, convenient, and fast for visiting users, but the security is relatively poor.
In addition, if you use a wireless network intrusion detection device to actively defend against attacks in a wireless network, it is also an effective means to further enhance the security of the wireless network.
Finally, all network security technologies play a role in the use of people. Therefore, the last line of defense is for users. Only each user can enhance their awareness of wireless network security, in order to truly achieve wireless network security. Otherwise, a simple social engineering attack by a hacker or an attacker can make the various security measures configured by network administrators become useless within two minutes.
Now, many enterprises and organizations have achieved full wireless coverage. However, while building a wireless network, due to insufficient attention to the security of the wireless network, the security of the LAN wireless network is not considered timely, which also causes some impact and damage. Doing a good job in wireless network security management and completing Unified identity verification for the whole school wireless network is a must for the current establishment of wireless networks. Only in this way can we achieve seamless connection between wireless networks and existing wired networks, ensure high security of wireless networks, and improve the informatization level of enterprises.
The wireless network security questions have been introduced to you.