Security suggestions for wireless LAN Settings

Wired network technology is no longer able to meet the increasing complexity of work activities. Have we paid attention to the security issues of wireless networks? Here are some suggestions for you. Wired networks have always been a frequent network type for home and enterprise users. However, with the popularity of wireless networks, wired networks gradually expose their inevitable drawbacks: a large number of cabling and line change projects; lines are prone to damage; nodes in the network cannot be moved. In particular, it is necessary to move the camera away from each other.

It is difficult, expensive, and time-consuming to set up dedicated communication lines. This creates a serious bottleneck for rapidly expanding connection demands. At this time, wireless networks show their advantages: mobility, simple installation, high flexibility and scalability. As an extension of traditional wired networks, wireless networks have been widely used in many special environments. In the past, movies often appeared in our real life to move office anywhere in the smart building, download documents anytime, anywhere, and print documents.

However, the security of Wireless LAN is worth noting. Because the transmitted data is transmitted by means of radio waves in the air, radio waves can penetrate the ceiling, floor, and walls, transmit data may arrive at receiving devices outside of expectation, installed on different floors, or even outside the building where the transmitter is located. Anyone has conditional eavesdropping or interference information, data security has become the most important issue.

Therefore, when we first applied wireless networks, we should fully consider their security and understand enough preventive measures to protect our own networks. Next, we will introduce the risks faced by wireless LAN and know how the risks exist, so it is easier for us to solve them again:

Wireless LAN Security Settings: Easy intrusion

Wireless LAN is very easy to detect. In order to enable users to discover the existence of wireless networks, the network must send beacon frames with specific parameters, so as to provide necessary network information to attackers. Intruders can use high-sensitivity antennas to launch attacks on networks from road borders, buildings, and anywhere else without any physical intrusion.

Wireless LAN security: Illegal AP

Wireless LAN is easy to access and easy to configure, making it a headache for network administrators and security officials. Any computer can connect to the network without authorization through the AP purchased by itself. Many departments build their own wireless LAN without authorization from the company's IT center. Illegal AP access brings great security risks to the network.

Wireless LAN Security Settings: authorized service

More than half of users only make few changes based on the default configuration when using the AP. Almost all APs enable WEP Encryption Based on the default configuration or use the default key provided by the original manufacturer. Due to the open access method of the wireless LAN, unauthorized use of network resources will not only increase bandwidth fees, but also lead to legal disputes. In addition, unauthorized users do not comply with the terms of service proposed by the service provider, which may lead to service interruption by the ISP.

Security of Wireless LAN Settings: service and performance restrictions

The transmission bandwidth of the wireless LAN is limited. Due to the overhead of the physical layer, the actual maximum effective throughput of the wireless LAN is only half of the standard, and the bandwidth is shared by all AP users. Wireless bandwidth can be swallowed up in several ways: network traffic from wired networks far exceeds the bandwidth of wireless networks. If attackers send a large amount of Ping traffic from fast Ethernet, it will easily swallow the limited bandwidth of the AP;

If broadcast traffic is sent, multiple APs are blocked at the same time. attackers can send signals over the same wireless channel in the same wireless network, in this way, the attacked network will automatically adapt through the CSMA/CA mechanism, which also affects the transmission of wireless networks. In addition, transmission of large data files or complex client/server systems will generate a large amount of network traffic.

Security of Wireless LAN Settings: Address Spoofing and session Interception

Because 802.11 Wireless LAN does not authenticate data frames, attackers can redirect data streams by spoofing frames and confuse ARP tables, attackers can easily obtain the MAC addresses of websites on the network. These addresses can be used for malicious attacks.

In addition to spoofing frames, attackers can capture session frames to discover authentication defects in the AP and detect the existence of the AP by monitoring the broadcast frames sent by the AP. However, because 802.11 does not require the AP to prove that it is an AP, attackers can easily dress up as an AP to enter the network. Through such an AP, attackers can further obtain authentication information and access the network. Before using 802.11i to authenticate each 802.11 MAC frame, network intrusion through session interception is unavoidable.

Security of Wireless LAN Settings: Traffic Analysis and traffic listening

802.11 cannot prevent attackers from passively listening for network traffic, and any wireless network analyzer can intercept unencrypted network traffic without any hindrance. Currently, attackers can exploit the WEP vulnerability to protect the initial data of user and network communication, and the management and control frames cannot be encrypted and authenticated by WEP, this provides an opportunity for attackers to stop network communication by spoofing frames.

In the early days, WEP was easily decrypted by tools such as Airsnort and WEPcrack. However, firmware released by many vendors can avoid these known attacks. As an extension of the protection function, the protection function of the latest wireless LAN product is further improved. The key management protocol is used to change the WEP Key every 15 minutes. Even the busiest Network won't generate enough data in such a short period of time to prove that the attacker cracked the key.