How does a wireless LAN prevent network attacks, prohibit mobile phone network attacks, and prohibit external computers from network attacks?
Nowadays, there are often some network software on the Internet, which teaches people how to get rid of the network, not only encroaching on the company's network bandwidth resources, but also triggering some network security risks. To this end, the company must take effective measures to prevent network attacks. How does one prohibit non-lan computers from hacking or mobile phones? You can use the following methods:
Method for querying whether the network has been compromised by others
Enter 192.168.1.1 in the address bar of IE, and then enter the password and user name. Both the password and user name are admin, and the current connection project is displayed, if there are redundant computers, the network will be hacked. If it is a wireless router, it is best to disable the wireless broadcast.
END
Defense measures against network attacks by others
1, the use of WPA/WPA2-PSK Encryption:
Hackers generally use dummies to crack software. They can only crack WEP-encrypted wireless signals. A Slightly advanced hacker will use packet capture tools to analyze the content in the data packets, to crack the WEP Key. But if you use WPA-PSK or WPA2-PSK encryption, it is generally difficult for someone to rub your network. This is the most effective way to prevent network attacks! The setting method is also very simple, as long as you enter the wireless settings, the encryption mode to the WPA-PSK, and then enter the key is OK.
2. Disable SSID (Network Name) broadcast:
After setting wireless encryption, we need to hide ourselves. By disabling the SSID broadcast of the wireless route/AP, it is difficult for the network owner to find your wireless network when searching for wireless networks, this reduces the chances of your wireless network being compromised. Of course, it is also very important to modify a personal SSID, which can be prevented from being guessed by "Net. The setting method is very simple. Go to the Web configuration interface of wireless routing/AP, find the "Basic settings" menu, modify the SSID name in it, and then select "Disable SSID broadcast ", click OK.
3. disable DHCP:
If the SSID broadcast is disabled, we also need to disable the DHCP function, that is, the wireless route/AP cannot automatically assign IP addresses to the wireless client. To further prevent network attacks, we 'd better modify the default IP address of the wireless route/AP. For example, if the default IP address is 192.168.1.1, we can change it to 10.0.0.1, in this way, it can be easily guessed by the "network. The setting method is as simple as that. Go to the Web configuration interface of wireless routing/AP, find the "LAN Settings" menu, modify the default IP address, disable DHCP server, and click OK.
4. Reduce the transmit power and upgrade the firmware:
At present, some wireless routers/APs have the function of adjusting the wireless transmit power. by adjusting the wireless transmit power, the coverage of the wireless network can be controlled, in this way, the "neighborhood" of "neighborhood" can be blocked because it is difficult to find your wireless signal. In addition, upgrading the firmware of the wireless route/AP is equally important because it can not only fix some security vulnerabilities, but may also add additional protection functions to achieve better security protection.
5. Set MAC address filtering:
MAC address filtering is a critical step in the overall settings to prevent network attacks. Using the unique MAC address feature of the network device, we can set the "allow MAC address connection" list to only allow clients in the list to connect to the wireless network. In this way, even if the wireless key is cracked, the network provider still cannot connect to your wireless network. MAC address filtering is generally in the "Advanced Settings" menu of the wireless route/AP. We only need to enable the MAC address filtering function, enter the MAC address of the client device that can be connected to in the list, and click OK.
6. Modify the internal IP settings to Prevent Network Attacks:
If you think it is not safe enough, you can continue to set it. First, disable the DHCP server. DHCP can automatically assign IP addresses to wireless networks, which also facilitates the hacker to access your vro after cracking your key. After DHCP is disabled, You need to manually specify the IP address of your computer's wireless network card. Don't worry, first change the internal IP address of the router.
Generally, the default IP address of the router is 192.168.1.1, that is, the gateway address. We change this address to any Intranet address, such as 172.88.88.1. In this way, the IP address of the internal computer can be specified as the network segment 172.88.88.X. In this way, the general network users cannot find out your intranet IP settings, nor can they assign their own IP addresses to access the Internet.
7. Through a dedicated network access control system to prevent LAN Access
At present, there are many dedicated lan network access control systems in China, which can prevent some computers from accessing the LAN, that is, to prevent Internet access using the common router. For example, there is a "transfer to network access control system" (: http://www.grabsun.com/wailaidiannaokongzhi.html), only need to be deployed on a computer in the company's LAN, and then can be real-time monitoring access to the LAN Computer, mobile phone or tablet, then, by adding it to the blacklist, you can prevent it from accessing other computers or servers on the LAN, and prevent it from accessing the Internet. That is, you can disable the internet. As shown in:
Figure: connecting to the network access control system and LAN access management software. In short, there are many ways for LAN to prevent network access, however, in general, by setting invalid routers and using specialized network access control software, enterprises and institutions can choose the specific method based on their own needs.