Security has always been a drawback of wireless networks. Which of the following aspects should we use for security protection? First, let's take a look at the vro encryption method, and then give a more detailed explanation. Now we will introduce the subject.
Wireless Security Settings
Compared with wired networks, data is more easily eavesdropped when sent and received over a wireless LAN. To design a complete Wireless LAN system, encryption and authentication are the security considerations.
1. Encryption
The most fundamental purpose of applying encryption technology in Wireless LAN is to enable wireless services to reach the same security level as wired services. To address this goal, the standard adopted the WEP (Wired Equivalent Privacy: Wired peer-to-peer confidentiality) Protocol to set up a special security mechanism for business flow encryption and node authentication. It is mainly used for the confidentiality of link layer information data in Wireless LAN. WEP adopts symmetric encryption mechanism, and data encryption and decryption adopts the same key and encryption algorithm. WEP uses an encryption key (also known as the WEP Key) to encrypt the data portion of each packet exchanged on the 802.11 Network. After encryption is enabled, two 802.11 devices must enable encryption and have the same encryption key to communicate.
WEP encryption is disabled by default, that is, not encrypted. Wireless security parameters are optional. Generally, there are three parameters:
1) WEP Key format: hexadecimal digits and ASCII characters.
2) WEP encryption level: Disable encryption function; 4064) bit encryption; 128 bit encryption. The default value is Disable Encryption ).
3) WEP key value: set by the user.
A wireless router works with a wireless network card that supports encryption to encrypt data transmission, making it difficult for others to steal your information. WEP has two encryption levels: 4064 bits and 128 bits. it is safer to Use 128 bits for encryption. The WEP key can be a group of randomly generated hexadecimal numbers or ASCII characters selected by the user. Generally, we use the latter, which is manually input. Each Wireless Broadband Router and wireless workstation must use the same key for communication. Encryption is optional. Most wireless routers disable Encryption by default. Encryption may affect transmission efficiency.
To enable the encryption function, select the "ASCII character" WEP Key format. In the WEP encryption method), select 4064) bit or 128 bit WEP Key. When using the 4064) bit encryption method, you can enter four different WEP keys, but only one key can be selected at the same time. Each key consists of 10 hexadecimal characters. Save it in a Wireless Broadband Router. By default, select one of the four keys for use. When using a 128-bit encryption party, Enter 26 hexadecimal characters as the WEP Key. In this case, you can only enter one key. Some wireless NICs can only use 4064) bit encryption, so you may need to select a lower encryption level. If all your clients support 128-bit encrypted communication, select 128-bit. If any client supports only 4064-bit encrypted communication, select 4064-bit.
To enable encryption, select the encryption type and WEP Key for all wireless routers, access points, and workstation on the network. You can change the key frequently to increase network security. When changing the key used by a wireless device, remember to change the keys for all radio devices and Access Points on the network at the same time.
2. Disable the Broadcast SSID.
To be able to communicate, the wireless router and the host must use the same SSID. During communication, the wireless router first broadcasts its SSID. Any host in the receiving range can obtain the SSID. After configuring the SSID value, you can communicate with a wireless router without encryption and other security settings.
The use of the SSID exposes the router location, which may cause potential security issues. Therefore, most wireless routers currently support disabling the auto-Broadcast SSID function. However, disabling the SSID improves security while also causing inconvenience to some extent. The client for communication must manually configure the SSID. Of course, for household or small-sized businesses, it is not complicated to configure the SSID for the client, so you do not have to worry about this setting.
3. MAC address filtering
MAC is the fixed physical address of each network card. It has been set at the factory of the network card. The MAC address filtering policy allows wireless clients with only some MAC addresses to communicate with each other. The MAC address filtering policy is a basic and useful measure of the wireless communication network. It must be a manual input of the MAC address.
When MAC address filtering is enabled, the wireless router analyzes the data packets after obtaining the data packets. If the packet is sent from the list of allowed MAC addresses, the wireless router forwards the packet. Otherwise, the discarded packet is not processed.
In addition to the setting of the wireless router, we have to set the wireless network card of the computer to enable the computer to access it. The SSID and channel settings of the wireless network card of each client must be changed accordingly. If the wireless router has enabled wireless encryption, you must set the corresponding project of the encryption option.