Four basic measures to ensure wireless Internet access security

It has become a reality to connect to the LAN or Internet via wireless means. However, it is not so easy to achieve efficient and secure access. After all, you can access the LAN or Internet via wireless means, it is much more complicated than setting up a LAN or Internet access through twisted pair wires. As wireless networks continue to mature, security risks of wireless networks are becoming the focus of attention, and preventing external intrusion into wireless networks is the first thing wireless network users need to face.

What are the risks of wireless Internet access?

As you know, wireless network nodes can normally reach a range of about 300 meters. Therefore, any computer with a wireless network card installed within 300 meters can access wireless network nodes, and may enter the wireless network. Obviously, this convenient access method is easy to bring security threats to wireless networks. For example, a hacker computer within 300 meters also has the opportunity to access your wireless network to control "every action" in your computer "; although wireless networks are not as strict as wired networks in terms of information confidentiality, you certainly do not want illegal attackers to easily know your whereabouts on the network, such as the websites you visit, any privacy emails sent to external users may be clearly understood by illegal visitors.

Even more seriously, illegal visitors not far from you will easily steal information about your various online accounts once they enter your wireless network, this will cause greater security losses to you. Therefore, in the face of various security risks in wireless networks, you must take actions in time to take countermeasures, such as through encryption or network verification and identification technologies, make sure that only the user or network device specified in advance can access your wireless network, and other operations that want to forcibly use various wireless network technologies to access your wireless network will be rejected.

Security Status of wireless Internet access

Due to the inherent technical defects of wireless networks, the security of wireless Internet access has not been fully guaranteed until now. However, if wireless Internet users take timely and effective measures, it is still difficult for illegal attackers to intrude into wireless networks.

In general, network security is mainly manifested in data encryption and Access Control. Data Encryption often ensures that the transmitted information can only be accepted and understood by the desired network users, access control ensures that the network information can only be obtained by authorized users. For a common network, its information is transmitted to a specified destination through a cable. As long as the physical link is not damaged, the information of the common network will not be leaked; however, because the wireless network information is transmitted through microwave radiation, all wireless workstations may receive Network Information in the area covered by wireless network nodes, wireless Network Nodes cannot ensure that information can only be transmitted to specific devices. Therefore, the data confidentiality of wireless Internet access is worse than that of wired networks.

Currently, the IEEE 802.11a, IEEE 802.11b, and IEEE 802.11g protocols used by wireless networks support wireless Internet access security settings. By setting network parameters properly, it can ensure that the wireless network authenticates the identity of each online user. Of course, the security setting function of the wireless network only prevents General intrusion. If a user with a higher level of attacks encounters, the security setting function of wireless networks is powerless.
Measures for wireless security

For ordinary wireless network users, what measures should be taken to ensure their wireless network security? In order to make wireless Internet access as secure as possible, this article provides you with the following wireless network security measures:

1. Set the network key correctly.

As you know, by default, the wireless network node producer sets the data transmission encryption function of the wireless network node to "Disable" to help beginners install the wireless network ", in this way, the first time the user accesses the network, it is not safe. Illegal attackers can easily use professional sniffing tools to intercept the plaintext data transmitted in the wireless network. Therefore, when you connect to a wireless LAN for the first time, you must remember to set up a network key to encrypt the data transmitted in the wireless network, so as to effectively resist illegal intrusion by common hackers.

 

Before setting the network key, you must install the wireless network card and set the IP address and mask address of the wireless network card to the same network segment as the IP address and mask address of the wireless network node; next, open the IE browser in the workstation and enter the default IP address of the wireless network node in the address bar (currently, the IP addresses of most wireless network nodes are "192.168.1.1". If it cannot be connected, you can view the operation manual of the corresponding device), go to the wireless network node management logon page, enter the logon password (this password can be found in the Manual of the wireless network node ), you can set the security of wireless network nodes on the subsequent page. Click Security Options on the wireless network node Management page, select the WEP encryption function, and set the password string according to different encryption types. If you choose a 64-bit encryption type, you must enter a 10-Bit String as the encryption password. If you use the 128-bit encryption type, you must set the number of digits of the password to 26. After the password is set, turn off the power of the wireless network node, and then power on again, so that the wireless network node will restart and the network key will take effect.
Next, you must set the connection attribute of the wireless network in the workstation to Securely connect to the wireless LAN. Click "start", "set", "network and dial-up connections", and right-click the "wireless connection" option under the option, right-click the "properties" command to open the wireless network attribute settings window. Click the "wireless network configuration" tab in the window, on this tab page, select a wireless network with encryption enabled, click "properties", and select the "associate" tab in the subsequent Properties window, then, select the "Data Encryption (WEP enabled)" option on the tab page so that the "Network key" setting item is activated, then, you can enter the access password of the wireless network node and click "OK" to connect the workstation to the wireless network safely.

2. Change the default SSID settings

By default, the manufacturers of wireless network nodes use the SSID (initialization string) to check connection requests that attempt to log on to wireless network nodes. Once the verification is successful, it is possible to connect to the wireless network smoothly. However, because the wireless network nodes launched by the same manufacturer all use the same SSID name, this gives attackers who attempt to connect to the wireless network illegally, it facilitates intrusion. Once they connect to a wireless network using a common initialization string, it is easy to build an unauthorized link to threaten the security of the wireless network. Therefore, when installing a wireless LAN for the first time, you must log on to the Management page of the wireless network node in time, enable the SSID Setting option, and reset the initialization string, which is hard to guess; in addition, to avoid illegal connections more effectively, you 'd better cancel the SSID network broadcast to minimize the chance of hacker intrusion.

Of course, after the SSID name in the wireless network node changes, you must also modify the SSID service name in the wireless network attribute settings window of the workstation, in this way, your workstation can be smoothly connected to the wireless network. Changing the SSID name in a common workstation is actually very simple. As long as you click the "wireless network configuration" tab in the wireless network Connection Properties window, and then select the wireless network node name on the tab page, click "properties". On the "join" tab page that appears, enter the new SSID name in the "service name (SSID)" text box, click OK to make the setting take effect.
3. suitable antenna placement

Because the wireless network node is the hub for converting wired and wireless signals, the antenna position in the wireless network node not only determines the signal transmission speed and communication signal strength of the wireless LAN, it also affects the communication security of wireless networks. Therefore, it is necessary to place wireless network nodes in a suitable location! Before placing an antenna, you 'd better figure out the communication signal coverage range of the wireless network node, and then place the antenna in a location that other users cannot "Touch" based on the range size. For example, if the signal transmission capability of a wireless network node is less than 30 meters, and you want to build a small wireless LAN in 100 m² of the space, it is best to place the wireless network nodes in the center of the space and distribute other workstations around the wireless network nodes, in this way, workstations in other rooms will not automatically find your wireless network, so wireless networks will not be prone to the risk of signal leaks. If you place any wireless network node in the position of a window or wall, it will not only affect the external transmission of the signal, but also the workstation users located on the other side of the wall, you can easily search for and connect to your wireless network. As a result, your network security will be greatly reduced.

4. Do other preventive work well

To better protect the security of wireless networks, you can also take other effective security measures based on the features of wireless network nodes. For example, if wireless network access nodes Support Simple Network Management (SNMP), I suggest you disable this function as much as possible to prevent unauthorized attackers from easily accessing wireless network nodes, to obtain the privacy information of the entire Wireless LAN. If your wireless network node also supports the access list function, you can use this function to precisely limit which workstations can be connected to wireless network nodes, and those workstations that are not in the access list, you are not authorized to access the wireless network. For example, since each wireless network card has its own MAC address, you can create a "MAC access control table" on the wireless network node device ", then, enter the MAC addresses of the NICS that you think are valid one by one in this table. Then, only the MAC addresses displayed in the "MAC Access Control List" can enter your wireless network.