Introductory tutorial on wireless network security settings

First, pay attention to AP login password

For the network master, it is not difficult to make some wireless security settings, but for the vast majority of users, it is not very understanding of these settings, so we start from the basics. First of all, to ensure your wireless LAN security, you must change your wireless AP or Wireless Broadband router's default settings password.

As you know, many wireless AP or Wireless Broadband Router login username and password by default are "admin" or factory English abbreviation such as "Tp-link, SMC, etc.", so that any user can easily access your wireless AP or wireless Broadband router settings and data changes, What's more, users who know more about broadband have access to your broadband password. Therefore, it is best to change the default login password to your own easy to remember password, to visit illegal users easily to your wireless AP or Wireless Broadband router control

Second, note the SSID settings

Ssidssid full name Servicesetidentifier, translation for the service Set identification code, is the most basic wireless network identity authentication mechanism. It is a group of wireless regional network devices shared domain name, all wireless network nodes need to set the same SSID to transmit each other. Therefore, the wireless workstation must present the correct SSID, the same as the SSID of the wireless AP or wireless Broadband router, to access the wireless AP or wireless Broadband router, and if the SSID presented is different from the SSID of the wireless AP or wireless Broadband router, the wireless AP or wireless Broadband router will reject his Access through the service area.

Therefore, the SSID can provide a simple password authentication mechanism to achieve a certain wireless network security. In addition, the SSID can be used to differentiate between different networks with a maximum of 32 characters. Network adapters are set up with different SSID to access different networks, the SSID is usually broadcast by wireless AP or wireless broadband router, through the wireless network card or Windows XP with the scan feature can automatically find the current wireless area SSID.

You know, to the wireless network security control, generally from access control and data encryption two aspects. Access control guarantees that sensitive data can only be accessed by authorized users, as is the SSID. When the actual settings, most wireless APs or wireless broadband routers at the factory are the default "Allow broadcast SSID", and to make the wireless LAN more secure, access to the wireless AP or Wireless Broadband Router configuration page, the SSID set to "Do not broadcast SSID", So other users want to automatically enter your wireless LAN, it is necessary to manually enter the correct "SSID" to enter the network, which to a certain extent, to ensure the use of LAN security.

Of course, the SSID control is not omnipotent, for multi-user wireless systems, especially public wireless systems, its security is also difficult to fully guarantee, because the user to configure the client system, so that the SSID can be known to many people, it is easy to share to malicious illegal users. Some wireless network card function is strong, has the function of querying the SSID on the wireless net, and some manufacturer's product already supports any this kind of special landing way, so long as the wireless network card on its computer is in the wireless AP or wireless Broadband router's signal coverage range, It will automatically connect to the wireless AP or wireless Broadband router, which is a test of the security of the SSID.

Third, set up Mac filter

What is a Mac? Different from the IP address, MAC (mediaaccesscontrol, media access Control) address is the physical address of the network card, is the identification of the local area network computer. The length of the 48-bit binary number, composed of 12 00~0ffh 16 of the number of digits, each 16 binary number is separated by "-", whether it is a wired or wireless network card whose MAC address is unique throughout the world, using the MAC address and the preset network ID to limit which network adapters and access points can be connected to the network , which ensures network security completely. For those who are illegal, it is very difficult to intercept the wireless LAN signal, which can effectively prevent hackers and intruders from attacking.

Using the Mac function, you can set a wireless LAN for each wireless AP or wireless Broadband router under a wireless network card access to the user's MAC address list, MAC address is not in the list of users, wireless AP or wireless broadband routers will deny their access requests.

Of course, this address is required by you one by one manual input. So this approach requires that the MAC address list in the wireless AP or wireless Broadband router must be updated at all times, with poor scalability, and therefore only suitable for small scale networks.

In addition, illegal users use network listening means to have a very easy to steal MAC addresses. Of course, if there are too many wireless AP or wireless broadband routers in the wireless network, in order to achieve the entire enterprise all wireless AP or wireless Broadband Router Unified wireless network card MAC address authentication, now wireless AP or Wireless broadband routers also support wireless network card MAC address of the centralized RADIUS authentication.

Four, set up WEP encryption

To achieve wireless network security light access control certainly not, data encryption is also essential, data encryption can guarantee that the launch of the data can only be expected to receive and understand the user, the current common methods of data encryption have WEP and so on.

WEP (wiredequivalentprivacy) encryption technology is derived from the RSA data encryption technology named RC4, which can meet the higher level of network security requirements of users. WEP uses the shared secret key RC4 encryption algorithm, the key length was initially 40 bits (5 characters), then increased to 128 bits (13 characters), and some new devices can support 152-bit encryption. With static WEP encryption, you can set up 4 Wepkey, and the wepkey changes over time when you encrypt with dynamic WEP.

WEP encryption uses a static, secret key that each WLAN terminal uses the same key to access the wireless network. WEP also provides the authentication function, when the encryption mechanism function is enabled, when the client tries to connect to the AP, the AP sends out a challengepacket to the client, the client then uses the shared key to encrypt this value and sends back to the access point for authentication, only correct, can access the resources of the network.

Need to be reminded that not all wireless cards support 128-bit or more encryption mode Wepkey, some old wireless card may only support 40-bit mode of encryption or 64-bit encryption, and some simply do not support. It is also necessary to set the number of encryption digits based on the wireless adapter when setting up the WEP encryption of the wireless AP or wireless Broadband router.

In a word, the purpose of shared key authentication based on WEP is to realize access control, but its authentication information is easy to forge. However, the user's encryption key must be the same as the AP's key, and all users in a service area share the same key, because the key is often time-consuming and difficult to replace, so the key is usually rarely replaced, if a user loses the key, it will affect the entire network.

In addition, because the shared key authentication is to prove itself aware of the shared secret by encrypting the authentication Challenge text, the RC4 algorithm has a weakness, and if the attacker hears the authentication answer, it can determine the RC4 password stream for the cryptographic answer. Thus, by monitoring a successful authentication, an attacker can forge authentication. Starting shared-key authentication actually reduces the overall security of the network, making it easier to guess the WEP key.

In short, for the average user, although the SSID, MAC, WEP three security settings have their inherent disadvantages, but for the general household or commercial wireless network users, through the above three wireless security settings, has been able to basically ensure that the wireless network data security, so the practicality is still very large.