Wireless LAN network is transmitted through the microwave signal, so the wireless LAN signal transmission security for many wireless internet users a bit worried, in fact, as long as the familiar with the wireless network signal transmission mechanism, and can use some security measures, we can make wireless LAN security work in the end.
and wired LAN network is obviously different, the Wireless LAN network is transmitted through the microwave signal, this thing can not see, touch, so wireless LAN signal transmission security for many wireless internet users a bit worried, in fact, we just familiar with the wireless network signal transmission mechanism, And can be targeted to use some security measures, we will certainly be able to make wireless LAN security work in the end.
Prohibit the use of point to point working mode
Generally speaking, the common workstation in WLAN often has two basic work transfer modes, one mode is the infrastructure pattern, the other is the point-to-point working mode. When the Wireless LAN network is working in infrastructure mode, all wireless workstations in the LAN need to use a wireless router device for signal processing; in other words, whether we surf the Web content on the Internet or share the communication with other workstations in the same LAN, All data signals of the wireless workstation are required to pass through the wireless router device. Most units of wireless LAN networks belong to this type of network.
If the Wireless LAN network is working in a point-to-point mode, the communication between workstations and workstations in the WLAN can be carried out directly without recourse to a wireless router device or other wireless node device. In some specific situations, this mode of work is more conducive to rapid network access to the workstation, for example, if we want to share with other workstations in the LAN transfer files, we can select the point-to-point mode of work. But the trouble is, as long as we enable point-to-point mode, the local wireless network in the vicinity of illegal users can be without our knowledge secretly access to the local network of important privacy information, so that the local wireless LAN job security will be greatly reduced.
In order to effectively avoid the disclosure of privacy information on the local network, we strongly recommend that you remove the use of point-to-point mode, unless you have to enable it in the last resort, and once you have completed the information exchange task between workstations, you must immediately disable the point-to-point mode of work.
Deny broadcast wireless network identifier
In order to facilitate the common workstation in wireless LAN to quickly discover the connection to the wireless node devices, each wireless node device basically has a network service identification name, this name information is generally called the wireless node's SSID identifier, Normal workstations can only use this identifier to establish a normal wireless network connection with the wireless node device, and if the SSID identifier is not known, the normal workstation cannot be added to the wireless LAN. Therefore, in order to prevent illegal users from secretly using the local wireless network, we must find ways not to let illegal users know the local wireless LAN SSID identifier information.
At present, many wireless node devices introduced by the market default settings are allowed to broadcast the wireless network identifier, once the feature is enabled, the equivalent of wireless node devices automatically to the wireless coverage of all normal workstations to publish the local wireless network identifier name information. Although enabling the SSID identifier broadcast feature makes it easy to join a local wireless network, this feature also makes it easy for some illegal users to find a local wireless network, so the security of the local wireless network is compromised. To protect the security of your local wireless network, we strongly recommend that you turn off this SSID identifier broadcast feature.
Of course, we need to remind you that if the illegal user already knows the local wireless network SSID identifier, even if we refuse the wireless router to broadcast the wireless network identifier information in the future, the illegal user can also sneak into the local wireless network, so we set the SSID name information for the wireless node device , try to set the name more complex, avoid too fragile, too simple, to ensure that illegal users can not easily guess the local wireless network SSID identifier name.
Strengthen the management password for the wireless node
We know that once illegal users near the Wireless LAN network search the local wireless node, they often try to log in to the wireless node's background management interface, to modify its wireless network parameters, if they guessed the password, then the local wireless internet parameters may be arbitrarily modified by illegal users, Thus, the local wireless LAN network can not work properly; what's more, when these illegal users change the background management password of the wireless node, even the local network administrator may not be able to access the background interface of the wireless node, to manage and maintain the wireless internet equipment.
This column more highlights: http://www.bianceng.cn/Network/wxwl/
Because many wireless node devices are set in the default state of the background management password is relatively simple, for example, set the password to "admin", "0000", "1234" or "AAAA" and so on. If we do not modify these default admin passwords in time to connect our wireless node devices to the wireless network, as long as illegal users use professional tools to learn the local wireless node equipment manufacturers and specific models, then the local wireless node device management password is no doubt that the illegal users have mastered the The security of the local wireless network is now seriously compromised. In view of this, before we connect the wireless node devices to the wireless network, must refer to the specific operating instructions, timely login to the device's background management interface, find the background Management password modification options, and the default password to adjust to a very strong password, to ensure that illegal users can not guess the wireless node management password, In order to ensure the security of local wireless LAN work.
Protection of wireless signal by encryption method
In addition to the above several methods to protect the working security of WLAN, there is a more effective protection method, that is, the wireless transmission signal encryption, this method often has a very high security effect.
The current wireless node devices are more commonly used encryption methods include two kinds, one is WEP encryption technology, the other is WPA encryption technology. The WEP technology is also called the equivalent secrecy technology, this technology generally carries on the RC4 symmetric encryption in the network link layer, the wireless Internet user's key content must be identical with the wireless node's key content, in order to correctly access the network content, This will effectively prevent unauthorized users from eavesdropping or other means of attack to sneak access to local wireless networks. Normally, WEP encryption provides us with 40-bit, 128-bit, or even 152-bit-length key-algorithm mechanisms for our average users. Once the wireless internet signal is encrypted by WEP, illegal users in the vicinity of the local wireless network will not be able to see the specific contents of the Internet, even if they steal it through professional tools, so that the local wireless internet signal is not easy to disclose. Then the wireless LAN data sending security and receiving security will be greatly improved. And the higher the number of options for WEP encryption, the more difficult it is for illegal users to crack wireless internet signals, and the higher the safety factor of local wireless networks.
However, there are also obvious flaws in the WEP encryption technology, for example, all users in the same wireless LAN often share the same key, and only one user loses the key, then the entire wireless LAN network will become unsafe. And given that the WEP encryption technology has been found to have significant security flaws, illegal users are often able to decode the encrypted signals within a limited number of hours.
Because of the congenital inadequacy of WPA encryption technology, the emergence of another, more secure encryption technology,-WPA, which can be viewed as an enhanced product of WEP encryption, is more secure and more secure than WEP encryption, which includes TKIP encryption and AES encryption methods.
When setting encryption keys for a wireless node device, we can do it in two ways, one is simpler and the other is not so simple. The simpler approach is that we can use the key generator from the wireless node device to generate the key automatically, the other way is to use the manual method to select the appropriate encryption key, for example, we can mix the letter a-f and the number 0-9 combination to set the encryption key.
To encrypt a wireless internet signal, we can first from the ordinary wireless workstation running IE browser program, and in the Browse window to enter the wireless node device default Admin address, and then correctly enter the Administrator account name and password, access to the device's background management page, click on the page "Home" tab, and click the Wireless network item on the left display area of the corresponding Options settings page. On the right list area for the project, find the "safe" setting option, and with the mouse click the Drop-down button next to the settings item, we can see from the pop-up Drop-down list that the wireless node device is generally able to support the "WEP" Encryption protocol and the "WPA" encryption protocol.
Select the most commonly used "WEP" encryption protocol, after choosing a good authentication method, the general wireless node devices provide users with a shared secret key, automatic selection and open system of the three authentication methods, in order to effectively protect the wireless network transmission information Security, we should choose the "Shared Key" authentication method here. Then correctly enter the appropriate wireless network access password in the WEP Password text box. Click the "Execute" button on the corresponding Settings page to save the settings above, and then reboot the wireless node device so that we successfully encrypt the local wireless network in the wireless node device.