Security management Wireless Network Self-protection (figure)

In the face of wireless network security problems, we often do not know how to solve them. How should we strengthen network security management? I believe you will understand this article.

Compared with the traditional wired network, the wired network is a real entity with a real wire connection. In a wireless network environment, due to the exposure of wireless networks in a region's frequency segment, theoretically anyone may be able to hijack wireless data through wireless devices. These radio waves can penetrate walls, ceilings, and other obstacles, as long as the signal is received, it can be connected to the network.

Wireless Networks basically do not require signals to be sent only to the specified direction or machine. Therefore, the security of wireless networks is different from that of wired networks, instead of monitoring whether a network cable is connected to a network device, you should focus on user-side authentication from the wireless center, and manage the permissions of different visitors separately, in addition, some data encryption technologies enhance the confidentiality during transmission.

At present, most wireless network users lack security awareness, and few wireless networks are encrypted. The distance between the Wi-Fi wireless network and the indoor transmission is within a radius of 100. Currently, most people live in less than 100 square meters. In other words, the length of the House is not at most 10-20 meters; generally, the floor height of a house is about 3 meters. Such an environment indicates that 70% of our wireless network may be out of the house. It is common for someone to switch into your network or have several networks covering each other in your room. It is necessary to increase your wireless network knowledge and improve your network self-protection capability.

Now we are going from a shortest to a deep dive to introduce some self-protection network knowledge:

The enhancement of self-protection of wireless networks also increases the risk of the network:

Wireless Networks are omnidirectional and sexually transmitted. Most wireless devices on the market are equipped with small antennas. Generally, wireless NICs are only 1-3 dB. (In the future, we can take some time to talk about the antenna gain, at present, it is easy to understand that the larger the number of dB, the stronger the antenna's sending and receiving capabilities) the wireless router is 2-5 dB. To transmit signals to some closed corners, many people usually choose to replace larger-gain antennas on wireless NICs or routers, or choose enterprise-level wireless routers with higher output power, in this way, the intensity of the radio wave signal is increased, which virtually expands the transmission range of the radio wave. Although this will make the network more stable, at the same time, network security problems are also more likely to occur, if there is no necessary protection measures, people with ulterior motives can freely enter your computer.

The thick index-index antenna is about 5 dB.

There is a crisis in the Self-protected Broadcast SSID of wireless networks:

The SSID is used to distinguish different networks. It can contain a maximum of 32 characters, such as wep.net. sjtu. The network adapter can access different networks with different SSID settings. The SSID is usually broadcast by the AP. The scanning function provided by XP allows you to view the SSID in the current region. For security reasons, you do not need to broadcast the SSID. In this case, you must manually set the SSID to enter the corresponding network.

If the SSID is set to broadcast, in the network search, the searcher can find the existence of the network without knowing the SSID name. Each time a radio wave is sent, the signal containing the SSID is broadcasted, increases the risk of network intrusion. Currently, most wireless routers enable the Broadcast SSID by default. to conceal the network, we recommend that you hide the SSID when setting it.

Note: Replace the preset SSID address to prevent others from guessing.

To hide the SSID, perform the following operations:

Go to settings, go to the wireless setting project, remove the radio check box that allows the SSID, save and exit, and you can do this. Search again and you will find that if your machine has not logged on to this SSID before, you will not be able to appear in your network list.

Mac address self-protected by wireless network to protect network homes:

Each normal Nic has a unique Mac address. If you allow only the Mac address you know in wireless routing, it also greatly reduces the chances for external wireless network cards to enter the network. At present, almost all wireless routes have such functions, and their configuration is relatively simple. It is a convenient and effective self-protection method. However, some Mac addresses with intrusion records can also be disabled.

How to use self-protection for wireless networks:

If the Mac address filtering item in the wireless option is enabled, select allow/deny. If this option is enabled, add the Mac address you agree to use the network, which is usually used to run several computers in the home. Generally, some Mac addresses that have intruded into the network are prohibited.

Higher-stage encryption of WEP and WPA:

After data is encrypted, it is sent by a wireless route. The technology that decrypts data after receiving the data is used to protect data transmission and prevent others from eavesdropping. In the 802.11 standard, two encryption methods can ensure data transmission, namely WEP and WPA.

WEP (Wired Equivalent Privacy ):

Wired Equivalent confidentiality: A Shared Key RC4 encryption algorithm is used to ensure secure data transmission over wireless networks. The key length is initially 40 characters (5 characters ), later, it was increased to 128 characters (13 characters). Some devices support 152-bit encryption. Four WEP keys can be set for Static WEP encryption. When Dynamic WEP encryption is used, WEP keys change with time.

WPA (Wi-Fi Protected Access ):

The transitional wireless network security standard developed by the Wi-Fi Alliance is equivalent to the lite version of 802.11i. It uses the data encryption technology of TKIP (Temporal Key Integrity Protocal), although it still uses the RC4 encryption algorithm, however, a dynamic session key is used. TKIP introduces four new algorithms: 48-bit initialization vector (IV) and IV sequence rule (IV Sequencing Rules), and Per-Packet Key Construction), Michael Message Integrity Code (MIC) and key re-acquisition/distribution. WPA greatly improves the security of wireless network data transmission, but it has not solved the security problem of wireless network once and for all. Therefore, the enthusiasm of the vendors is not high. Currently, Windows XP SP1 supports WPA.