In the face of increasingly mature wireless network technologies, how should we strengthen the security management of wireless networks? Here we summarize some common measures to prevent illegal attacks.
Now there are more and more units using wireless LAN. We can easily find a lot of wireless Internet signals by taking a laptop around the office building. However, these wireless Internet access signals are more or less prone to security risks. attackers who are a little familiar with wireless networks only need to perform some simple operations, the wireless network can easily obtain the privacy information in the LAN. In this case, wireless networks that do not take any security measures will naturally become a "channel" for information leaks ". So how can we protect the security of the wireless LAN and reject the network as a "channel" for external leaks? In fact, we can take a number of restrictions to prevent illegal attackers from stealing private information from the network through the wireless LAN at will.
Deny wireless network access as a leak Channel 1. Restrict wireless devices
Some may ask how to restrict wireless devices? Do you have to lock the wireless node devices in the Local Wireless LAN? In fact, for many models of wireless node devices, the default passwords they use at the factory are almost identical, so if we fail to change the password of the wireless node device in the Local Wireless LAN in time, then some illegal attackers may easily use the default user name and password to access the local wireless node device, so as to have all the management permissions of the Local Wireless LAN. Later, sometimes we encounter the embarrassing situation that we cannot log on to the local wireless LAN. To restrict unauthorized users from using a local wireless node device, we must remember to restrict the password of the local wireless node device in the first place and use a complicated password to replace the default password, otherwise, it would be equivalent to handing over your wireless network management rights to illegal attackers.
Log on to the background management interface of the local wireless node device, find the password setting option, and enter a complicated password, in this way, you can effectively restrict unauthorized users from using wireless node devices at will. This restriction is the same as setting a password for protection in Windows. encrypted wireless devices will reject unauthorized attackers from stealing private content from the local wireless network.
Now, we take the TL-WR541G wireless router of TP-LINK model as an example, to introduce to your friends in detail on the wireless node device password restrictions specific operation steps:
First, run the IE browser program in the local workstation system. In the pop-up browser address box, enter the default IP address of the wireless router, which is generally found in the operation manual of the wireless node device, for example, the default IP address used by the TP-LINK wireless router is often 192.168.1.1. After confirming that the IP address is entered correctly, click the Enter key to open the background logon interface of the wireless node device, and enter "admin" in the "user name" text box of the interface ", set the default password to null, and click OK to log on to the background logon page of the wireless node device.
In the left-side area of the background interface, expand the "System Tools" branch with the mouse, click the "Modify logon password" option, and display the area on the right of the corresponding "Change logon password" option, enter the original user name and password of the wireless node device correctly, and then enter the new user name and password in the "New User Name" and "new password" text boxes, click "save. In the future, when we need to manage the Internet parameters of the Local Wireless LAN again, we must use the new user name and password to log on to the background management interface of the wireless node device, in addition, it is recommended that new user names and passwords be kept confidential to prevent other users from disclosing their passwords.
Of course, if we find that the node devices in the Local Wireless LAN have been encrypted by illegal attackers and cannot access the local wireless LAN normally, we can forcibly restore the parameter settings of the wireless node device to the default state. For specific recovery methods, you can view the operation instructions of the corresponding wireless node device, generally, you only need to press the reset button in the control panel of the wireless node device to complete the parameter setting and recovery task.
Reject wireless network connection as a leak Channel 2. Restrict wireless network adapter
We know that normal workstations often need to access nearby Wireless LAN networks through wireless Nic devices, while wireless Nic devices are the same as wired Nic devices, both are identified by the MAC address. It can be said that the MAC address is the unique identifier of the NIC device. Therefore, if you want to deny unauthorized access to a local wireless network through a wireless network card device, you can manually add the MAC address of the wireless network card device of the local workstation to the allowed access range of the wireless router device, however, wireless Nic devices that do not have the MAC address corresponding to the allowed access range naturally cannot access the wireless router device.
To restrict the use of wireless network cards, you must set the MAC address filtering parameters in the background management interface of the wireless router device, so as to fundamentally reject illegal attackers from using the wireless network to steal privacy information. The MAC address filtering method does not have high requirements on the use of switching devices and does not affect the overall running performance of the network. Therefore, it is easy to set up, therefore, this method is generally suitable for small-sized wireless networks and ordinary homes. To filter MAC addresses, You can import a valid MAC address list to a device on a wireless node. Only when the MAC address of a common workstation exactly matches the content in a valid MAC address table, A wireless node device allows a common workstation to communicate with a wireless network.
Before limiting the number of wireless network card devices, you must first check the MAC address of the wireless network card device used by the local workstation. When obtaining the MAC address information of the local wireless network card device, on the System desktop of the local workstation, click Start or run. In the system run dialog box that appears, enter the string command "cmd ", click OK to switch the system running status to the MS_DOS window. At the command prompt in this window, enter the string command "ipconfig/all" and click the Enter key, we can see the MAC address of the local wireless network card device from the result interface.
After obtaining the MAC address of the wireless network card of the local workstation, log on to the background management interface of the wireless router device. In the left-side area of the Management Interface, expand the "Security Settings" branch with the mouse, select the "MAC address filtering" option under the Branch, and click "Add new entry" in the area displayed on the right of the corresponding "MAC address filtering" option, enter the MAC address of the wireless network card of the local workstation in the later interface, set the status parameter to "effective", and click the "save" button on the corresponding settings page.
To make the MAC address filtering function take effect, we also need to return to the "Security Settings" branch and re-select the "firewall settings" option under the branch, in the display area on the right of the corresponding "firewall settings" option, select the "enable MAC address filtering" item, and select the "Default Filtering Rule" option on the corresponding settings page. Considering that we need to restrict wireless node devices to allow only local wireless Nic devices to access wireless networks, therefore, we also need to adjust the filter rule to "only allow enabled MAC addresses in the configured MAC address list to access the Internet ", in this way, the network card device of an illegal attacker or the wireless network card device that is not included in the address Filter list cannot access the wireless network normally, in this case, the wireless network will not become a "channel" for information leakage.
Reject wireless networks as leak channels 3. Restrict Data Transmission
Data signals transmitted over a wireless LAN are transmitted back and forth in the air. If they are not encrypted, attackers with a little knowledge about wireless networks can easily capture and crack the data signals being transmitted. As a result, data signals transmitted over wireless networks may be stolen by illegal attackers, therefore, it is necessary to encrypt and restrict transmitted data signals to prevent illegal attackers from easily stealing contents.
Currently, we use WEP encryption technology, which can identify users connected to wireless networks and directly encrypt data content. However, by default, many wireless node devices prohibit the use of WEP encryption technology, so that illegal attackers can easily scan all kinds of wireless network information, at the same time, the captured wireless data content can be easily cracked. Therefore, we must promptly modify the data encryption parameters of wireless node devices to ensure secure encryption of wireless Internet access signals. Now I take TL-WR541G wireless router of TP-LINK model as an example, to introduce to you in detail how to transmit data encryption restrictions:
First, run the IE browser program in the local workstation system, enter the background management IP address of the wireless router in the address bar of the pop-up window, and click the Enter key to open the background login interface of the wireless router device, enter the correct user name and password in the interface, and then click OK to open the wireless router background management interface;
In the left-side area of the wireless router background management interface, expand the "Wireless Parameters" branch with the mouse, and then select the "Basic settings" option under the branch, in the display area on the right of the corresponding "Basic settings" option, check whether the "Enable Security Settings" project is selected. If the project is not selected, then we must re-select it in time. Then, select the "WEP" project from the "Security type" drop-down list box, and select "auto select" from the "Security Options" drop-down list ", at the same time, adjust the password format to "hexadecimal", change the key type to "enable", and enter a 10-character message in the key content text box, the character information is the specific data encryption password. An illegal attacker cannot crack the transmitted data signal without knowing the password.
After completing the preceding settings, perform the "save" Operation and disable the wireless router background management interface. Next, we also need to open the wireless network connection attribute setting interface of the local workstation, and set the WEP encrypted content in the setting interface, to ensure that the local workstation can smoothly access the wireless LAN network of the Organization. Attackers outside the local wireless LAN cannot steal privacy information from the local wireless network because they do not know WEP encrypted content.
TIPS:
Because WEP technology has obvious security vulnerabilities, if we want to pursue higher-level security protection, we can use WPA technology to encrypt and limit wireless transmission signals, because WPA technology uses a stronger generation algorithm, when we click an information package with the mouse, its key content automatically changes once. Enabling the WPA encryption technology to protect the local wireless LAN network is also very easy. We only need to show the area on the left of the wireless router backend management interface and expand the "wireless parameter" branch with the mouse, then select the Basic settings option under the Branch and set the Security type parameter to WPA or WPA-PSK in the display area on the right of the corresponding BASIC settings option "; then, set "encryption mode" to "TKIP", set the PSK password, complete the password setting task, and then perform the save operation, in this way, we have successfully enabled the WPA encryption protocol for the local wireless network.
Similarly, in order for workstations in the wireless network to smoothly access the encrypted wireless network, we also need to set the wireless Internet access parameters of the workstation. When configuring wireless Internet access parameters for a common workstation, you can click the start, set, and network connection commands in turn. In the displayed network connection List window, right-click the network connection icon corresponding to the wireless network card device, and execute the "properties" command from the shortcut menu to open the wireless network connection Property setting window; click the "wireless network configuration" tab in the window, find the "preferred network" setting item on the corresponding option settings page, and find the target wireless network node, click the Properties button on the corresponding page. Then, go to the associated Options settings page, and select the WPA or WPA-PSK option at the Network Authentication Settings item on the page, at the same time, adjust the "Data Encryption" parameter to "TKIP", and then enter the previously set PSK password in the "Network key" settings, click "OK" to complete the settings of wks wireless Internet access parameters.
Of course, please note that in a wireless network, even if we temporarily disable the SSID broadcast mode, however, this does not ensure that the SSID name of the local wireless network will not be searched by illegal attackers, because attackers can use professional detection tools such as Kismet, to easily search for the wireless network SSID name.