WirelessNetworkSecurityAlthough the name seems to be a security option for wired networks, this is not the case. The WEP standard has been created in the early stages of wireless networks and is designed to become a necessary security protection layer for WLAN in Wireless LAN. However, the performance of WEP is undoubtedly disappointing. It is rooted in design defects.
In WEP systems, data transmitted over wireless networks is encrypted using a random key. However, the method WEP uses to generate these keys is quickly discovered to be predictable, so that it is easy for potential intruders to intercept and crack these keys. Even a medium-tech wireless hacker can quickly crack WEP encryption within two to three minutes.
The IEEE 802.11 dynamic Wired Equivalent Security WEP model was designed later in 1990s. At that time, powerful wireless network encryption as an effective weapon was severely restricted by the U.S. exports. Wireless Network products are banned from being exported due to fear of cracking powerful encryption algorithms. However, two years later, the dynamic Wired Equivalent security mode was found to have serious disadvantages. However, the 1990s error should not be caused by wireless network security or IEEE 802.11 standard. The wireless network industry cannot wait for the association of Electrical and Electronics Engineers to revise the standard, so they launched the temporary Key Integrity Protocol TKIP dynamic Wired Equivalent security patch version ).
Although WEP has been proven to be outdated and inefficient, it is still supported in many modern wireless access points and routers. In addition, it is still one of the most popular encryption methods used by individuals or companies. If you are using WEP wireless network encryption, if you pay great attention to the security of your network, do not use WEP as much as possible in the future, because it is really not very secure.
Wireless Networks initially adopted the security mechanism WEP Wired Equivalent private), but later found that WEP was insecure. 802.11 organizations began to develop new security standards, that is, the later 802.11i protocol. However, it takes a long time for the establishment of standards to the final release, and considering that consumers will not give up their original wireless devices for the sake of network security, before the launch of the Wi-Fi Alliance standard, based on the draft 802.11i, a security mechanism called WPAWi-Fi Procted Access is developed, which uses the TKIP temporary Key Integrity Protocol ), it uses the encryption algorithm RC4 used in WEP, so it does not need to modify the hardware of the original wireless device. WPA has the following problems in WEP: IV is too short, key management is too simple, and there is no effective protection for message integrity. The network security is improved through software upgrade.
The appearance of WPA provides users with a complete authentication mechanism. The AP determines whether to allow users to access the wireless network based on the user's authentication results; after successful authentication, You can dynamically change the encryption key of each access user based on the number of data packets transmitted in multiple ways and the time when the user accesses the network. In addition, perform MIC encoding on the data packets transmitted by the user over the wireless network to ensure that the user data is not changed by other users. As a subset of the 802.11i standard, the core of WPA is IEEE802.1x and TKIPTemporal Key Integrity Protocol ).
WPA considers different users and different application security needs, for example, enterprise users require high security protection for enterprise-level enterprises. Otherwise, it may expose very important commercial secrets; home users usually only use the network to browse the Internet, send and receive E-mail, print, and share files. These users have relatively low security requirements. To meet the needs of users with different security requirements, WPA specifies two application modes: Enterprise mode, and home mode, including small office ).
Based on the two different application modes, WPA authentication also has two different methods. For applications of large enterprises, "802.1x + EAP" is often used, and users provide the creden。 required for authentication. However, for some small and medium-sized enterprise networks or home users, WPA also provides a simplified mode that does not require dedicated Authentication servers. This mode is called "WPA pre-shared key WPA-PSK)", which requires only one key in advance at each WLAN node AP, wireless router, Nic, etc.
This key is only used for authentication, not for wireless network encryption for data transmission. The data encryption key is dynamically generated after authentication. The system will ensure "one user and one password". There is no situation where the entire network shares an encryption key like WEP, therefore, the system security is greatly improved.
The Analysis of Network Security Classification in wireless network encryption is over. I hope you can understand it.