How to secure wireless LAN

Editor: it should be wireless in the future

What is obviously different from a wired LAN network is that a wireless LAN network transmits signals through a microwave, which is invisible, therefore, the signal transmission security of the wireless LAN makes many wireless Internet users a little worried. In fact, as long as we are familiar with the signal transmission mechanism of the wireless network, we can use some targeted security protection methods, we will be able to ensure the security of the wireless LAN.

Strengthen the management password of wireless nodes

Once illegal users in the vicinity of a wireless LAN find a local wireless node, they often try to log on to the background management interface of the wireless node and modify its wireless network parameters, if they have guessed the password, the local wireless Internet access parameters may be modified randomly by illegal users, resulting in the Local Wireless LAN network not working properly. More seriously, once these illegal users change the background management password of the wireless node, even the local network administrator may not be able to enter the background interface of the wireless node to manage and maintain the wireless Internet access device.

Because the background management passwords set by default by many wireless node devices are relatively simple, for example, set the password to "admin", "0000", "1234", or "aaaa. If we do not promptly modify these default backend management passwords and connect our wireless node devices to the wireless network, when an illegal user uses professional tools to learn the manufacturer and model of the local wireless node device, the management password of the local wireless node device will undoubtedly be obtained by the illegal user, at this time, the security of the local wireless network will be seriously threatened. Therefore, before connecting a wireless node device to a wireless network, you must follow the instructions to log on to the background management interface of the device and find the options for modifying the background management password, the default password is changed to a strong password to ensure that illegal users cannot guess the management password of the wireless node, so as to ensure the security of the local wireless LAN.

Do not use point-to-point working mode

Generally, common workstations in a wireless LAN often have two basic working transmission modes: the basic architecture mode and the point-to-point working mode. When the wireless LAN network uses the basic architecture mode, all wireless workstations in the LAN need to use a wireless router device for signal processing. In other words, whether we are surfing the web content online, or share transmission and communication with other workstations in the same LAN. All data signals of the wireless workstation must go through the wireless router device. Most wireless LAN networks belong to this type.

If a wireless LAN network works in point-to-point mode, the interaction between the workstation and the workstation in the wireless LAN can be carried out directly without the need of a wireless router or other wireless node equipment. In some specific situations, this work mode is more conducive to the rapid network access of workstations. For example, if we want to share the transfer files with other workstations in the LAN, we can choose the point-to-point work mode. However, if we enable the point-to-point mode, illegal users in the vicinity of the local wireless network can secretly access important private information in the local network without knowledge, in this way, the security of local wireless LAN will be greatly reduced.

To effectively prevent leakage of private information in the local network, we strongly recommend that you disable the point-to-point mode unless you have to enable this mode, once the information exchange tasks between workstations are completed, point-to-point work mode must be disabled immediately.

ID of the wireless network that rejects broadcasts

To make it easy for common workstations in a wireless LAN to quickly discover devices connected to a wireless node, each device on a wireless node basically has a network service ID name, this name is generally called the SSID identifier of a wireless node. A common workstation can establish a normal wireless network connection with a wireless node device only through this identifier. If you do not know the SSID identifier, therefore, normal workstations cannot be added to a wireless LAN. Therefore, to prevent unauthorized users from secretly using the local wireless network, we must try to prevent unauthorized users from knowing the SSID identifier information of the Local Wireless LAN.

Currently, the factory settings of many wireless node devices on the market allow wireless network identifier broadcast. Once this function is enabled, this means that the wireless node device will automatically publish the local wireless network identifier name information to all common workstations covered by the wireless network. Although the SSID identifier broadcast function allows you to easily join a local wireless network, it also allows some illegal users to easily find a local wireless network, in this way, the security of the local wireless network will be affected. To protect the security of the local wireless network, we strongly recommend that you disable the SSID identifier broadcast function.

Of course, you should note that if an illegal user already knows the local wireless network SSID identifier, even if we refuse the wireless router to broadcast the wireless network identifier information in the future, illegal users can also secretly join the local wireless network. Therefore, when we set the SSID name information for wireless node devices, we should try to make the name more complex, do not be too fragile or simple, so that illegal users cannot guess the SSID identifier name of the local wireless network.

Use encryption to protect wireless signals

In addition to the above methods to protect the security of the wireless LAN, there is also a more effective protection method, that is, to encrypt the wireless transmission signal, this method often has a high security protection effect.

Currently, there are two common encryption methods for wireless node devices: WEP encryption and WPA encryption. Among them, WEP technology is also called Peer-to-Peer security technology. Generally, RC4 symmetric encryption is performed at the network link layer. The key content of wireless Internet users must be exactly the same as that of wireless nodes, in order to access the network content correctly, this effectively prevents unauthorized users from secretly accessing the local wireless network through monitoring or other attack means. Normally, WEP encryption technology provides several key algorithms with 40-bit, 128-bit, or even 152-bit length for ordinary users. Once the wireless Internet access signal is encrypted by WEP, illegal users in the vicinity of the local wireless network cannot see the specific content even if they steal the Internet transmission signal through professional tools, as a result, the local wireless Internet access signal is not easy to leak, so the wireless LAN data transmission security and receiving security will be greatly improved. In addition, the higher the number of digits used for WEP encryption, the more difficult it is for illegal users to crack wireless Internet access signals, and the higher the security factor of local wireless networks.

However, WEP encryption technology also has obvious defects. For example, all users in the same wireless LAN often share the same key, and only one of them loses the key, then the entire Wireless LAN network will become insecure. Moreover, considering that the WEP encryption technology has been found to have obvious security defects, illegal users can often crack the encryption signal within a limited number of hours.

Due to the inherent deficiency of WPA encryption technology, another more secure encryption technology-the emergence of WPA, which can be seen as an enhanced product of WEP encryption technology, it is more secure and protective than WEP encryption technology, which includes TKIP encryption and AES encryption.

When you set an encryption key for a wireless node device, you can use either of the following methods. The simple method is that we can use the self-contained key generator on the wireless node device to automatically generate the key. The other method is that we manually select the appropriate encryption key, for example, we can use a combination of letters, A-F, and numbers 0-9 to mix encryption keys.

To Encrypt wireless Internet access signals, we can first run the IE browser program from a common wireless workstation and enter the Default background management address of the wireless node device in the browser window, enter the Administrator account name and password, go to the background management page of the device, and click the "Homepage" tab on the page, in the displayed area on the left of the option settings page, click the "wireless network" project. In the list area on the right of the project, find the "security mode" setting option, click the drop-down button next to the setting item. from the drop-down list, we can see that wireless node devices generally support both the "WEP" encryption protocol and the "WPA" encryption protocol;

Select the most common "WEP" encryption protocol, and then select the appropriate authentication method, generally, wireless node devices provide users with three verification methods: Shared Key, automatic selection, and open system. to effectively protect the security of wireless network transmission information, here we should select the "Shared Key" verification method. Enter the appropriate wireless network access password in the "WEP password" text box, and then click "execute" on the corresponding settings page to save the preceding settings, finally, restart the wireless node device, so that we can successfully encrypt the local wireless network in the wireless node device.