Measures for enterprise wireless network security

Source: Internet
Author: User

This article describes in detail how to improve network security for enterprise wireless networks? The following article gives us a detailed introduction, hoping to help you.

Generally, the devices used by hackers cannot reach the wireless network, and they cannot break into the network. Some routers allow you to control the signal strength of broadcast. If you have this option, you can reduce the router signal to the weakest strength required. In addition, you can disable the wireless router at night or in other periods that are not used.

Although wireless networks have been vulnerable to hacker intrusion, their security has been greatly enhanced. The following methods help you increase the security factor.

1. secure wireless router

This device connects your computer on the Internet. Note: not all routers are born the same. A vro must have at least three functions:

Supports the least vulnerable password.

You can hide yourself to prevent unauthorized and curious people from visiting the internet.

Prevent anyone from accessing the network through an unauthorized computer.

This article takes the router produced by Belkin International as an example. Similar routers manufactured by other companies are widely used in today's networks. Their setup process is very similar. Some methods recommended in this article apply to such devices. Note: vrouters with old styles or low prices may not provide the same functions.

2. Secure vro name

You can use the Configuration Software of the manufacturer to complete this step. The name of the vro will be used as a broadcast point or a hotspot. Anyone who tries to connect to the wireless network within the vro broadcast area can see it. Do not use the brand name or model of the router, such as Belkin, Linksys, or AppleTalk. In this case, hackers can easily find out possible security vulnerabilities on the vro.

Similarly, if you use your own name, address, company name, or project team as the name of the vro, it is tantamount to helping hackers guess your network password.

You can use this method to ensure the security of the vro name: The name consists of a random letter and number, or any other string that does not disclose the vro model or your identity.

3. Custom Password

The default password of the router factory settings should be changed. If you let the hacker know the vro model, they will know the default vro password. If the configuration software allows remote management, disable this function so that no one can control router settings over the Internet.

4. vro name

After you select a security name, you need to hide the vro name to avoid broadcasting. This name is also called the service set identifier.

Once you complete this step, the vro will not appear on the vro broadcast list in your region, and the neighbors and hackers will not be able to see your wireless network. In the future, you can broadcast signals, and hackers need complicated devices to determine whether you have wireless networks.

5. Network Access

You should use a method named MAC address filtering, which has nothing to do with Apple's Mac machine) to prevent unauthorized computers from connecting to your wireless network. To solve this problem, you must first find out the MAC address that allows access control on each computer on your network. All computers are identified by 12-character long MAC addresses. To view your computers, click Start, click Run, Enter cmd, and click OK ". A new window with a DOS prompt will be opened.

Enter ipconfig/all and press enter to view information about all computer NICs. The "Physical Address" Physical Address) column displays the MAC Address of the computer.

Once you have a list of authorized MAC addresses, you can use the installation software to access the MAC address control table of the vro. Then, enter the MAC address of each computer that is allowed to connect to the network. If the MAC address of a computer does not appear on this list, it cannot connect to your vro or network.

Note: This is not a foolproof security method. Experienced hackers can set a fake mac address for their computers. But they need to know which MAC addresses are on your authorized computer list. Unfortunately, because the MAC address is not encrypted during transmission, hackers only need to detect or monitor the packets transmitted over your network to know which MAC addresses are on the list. Therefore, MAC address filtering is only intended for new hackers. However, if you get rid of hacker thoughts, they may miss your network and attack networks that do not filter MAC addresses.

6. A secure encryption mode

The first encryption technology developed for wireless networks is wired peer-to-peer Security WEP ). All encryption systems use a string of characters named keys to encrypt and decrypt data. To decrypt packets broadcast on the network, the hacker must understand the content of the key. The longer the key, the stronger the encryption mechanism. The disadvantage of WEP is that the key length is only 128 bits and never changes, so that hackers can easily crack the key.

In recent years, the wireless fidelity protection access 2WPA2 has overcome some WEP defects. WPA2 uses a 256-bit key and is only applicable to the latest vrouters. It is currently the most powerful encryption mechanism on the market. During the packet broadcast process, the WPA2 encryption key is constantly changing. Therefore, it is a waste of time for hackers to crack the WPA2 key by detecting data packets. Therefore, if your router is newer and provides encryption options, you should select WPA2 instead of WEP. Note: WPA1 is suitable for large enterprises and is complex to configure; WPA2 is suitable for small companies and individuals, and is sometimes called WPA-PSK pre-shared keys ).

WPA2 cannot eliminate all risks. When a user logs on to the WPA2 wireless network, the maximum risk is displayed. To obtain access, you must provide a password named pre-shared key. The system administrator sets this key on each user's computer when building and setting up the network. If a user tries to access the network, the hacker will attempt to monitor the process and crack the pre-shared key value. Once successful, they can connect to the network.

Fortunately, the pre-shared key can be 8 to 63 characters long and can contain special characters and spaces. To improve the security factor as much as possible, the password on the wireless network should contain 63 characters, including a random combination not found in the dictionary.

Some websites can generate a random 63-character password. You can use it as the password of the network client and router. If you use 63 random characters, it takes at least 1 million years for a hacker to crack your password.

7. Restricted broadcast area

Place the router in the center of your building, away from the window or the four sides of the building. In this way, you can restrict the broadcast area of the router. Then, take your laptop around the building to see if you can receive a router signal from a nearby parking lot or street.

Generally, the devices used by hackers cannot reach the wireless network, and they cannot break into the network. Some routers allow you to control the signal strength of broadcast. If you have this option, you need to weaken the router signal to the weakest strength required. You can disable a wireless router at night or in other periods of time. There is no need to shut down the network or Web server. Just dial the power plug of the router. This will neither restrict the access of internal users to the network nor interfere with the use of your website by common users.

8. Use advanced technologies

If you decide to upgrade the vro after reading this article, consider using the original vro as the honeypot ). This is actually a disguised router, which is set to attract and defeat hackers. Just insert the original router, but do not connect it to any computer. Name the vrossid Confidential. Do not hide the SSID, But broadcast it.

9. Take the initiative

Don't sit down. Use the above methods to protect your company and data and stay away from intruders. Be familiar with the vro options you use and actively set them in place.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.