Six categories of wireless security technical specifications

Wireless Security is an eternal topic and an important and important topic to be discussed. The following sections will introduce six wireless security technical specifications. We hope this article will play a role in solving wireless security issues.

Service Set Identifier (SSID), one of the wireless security technical specifications)

You can set different SSID for multiple wireless Access points and require the wireless workstation to display the correct SSID to Access the AP. This allows users in different groups to Access the AP, and restrict resource access permissions. Therefore, it can be considered that the SSID is a simple password to provide certain security. However, if an AP is configured to broadcast its SSID outward, the security level will decrease. Generally, the user configures the client system on his/her own, so many people know the SSID and it is easy to share it with illegal users. Currently, some manufacturers support the "ANY" SSID mode. As long as the wireless workstation is within the range of any ap, the client will automatically connect to the AP, which will skip the SSID security function.

Technical Specification for wireless security II physical address filtering (MAC)

Because each Nic of a wireless workstation has a unique physical address, you can manually maintain a list of MAC addresses that are allowed to access the AP to filter physical addresses. This scheme requires the MAC address list in the AP to be updated at any time, with poor scalability. In theory, MAC addresses can be forged, so this is also a low level of authorization authentication. Physical address filtering is a hardware authentication rather than user authentication. This method requires that the MAC address list in the AP be updated at any time. Currently, it is performed manually. If the number of users increases, the scalability is poor. Therefore, it is only suitable for small networks.

Wireless Security Technical Specifications 3 connection peer-to-peer confidentiality (WEP)

RC4 symmetric encryption technology is used at the link layer. The user's encryption key must be the same as the AP's key to allow access to network resources, thus preventing unauthorized user listening and unauthorized user access. WEP provides a 40-bit (sometimes called 64-bit) and 128-bit key mechanism, but it still has many drawbacks. For example, all users in a service area share the same key, if a user loses a key, the entire network is insecure. In addition, 40-bit keys are easily cracked today. Keys are static and need to be manually maintained with poor scalability. To improve security, we recommend that you use a 128-bit encryption key.

Wireless Security Technical Specifications-4 Wi-Fi protection access (WPA)

WPA (Wi-Fi Protected Access) is a new technology that inherits the basic principles of WEP and solves the disadvantages of WEP. Because the algorithm for generating encryption keys is enhanced, even if the group information is collected and parsed, it is almost impossible to calculate a general key. The principle is to generate different keys for each group based on the general key and the serial number indicating the computer MAC address and group information. This key is then used for RC4 encryption like WEP. Through this processing, the data exchanged for all group information of all clients is encrypted by different keys. No matter how much data is collected, it is almost impossible to crack the original universal key. WPA also adds functions and authentication functions to prevent data tampering in the middle. With these features, all the shortcomings that were previously criticized by WEP have been solved. WPA is not only a more powerful encryption method than WEP, but also has a richer connotation. As a subset of the 802.11i standard, WPA consists of authentication, encryption, and data integrity verification. It is a complete security solution.

5 National Standards for wireless security technical specifications (WAPI)

WAPI (WLAN Authenticationand Privacy Infrastructure) is the basic structure of Wireless LAN authentication and confidentiality. It is designed for the security of WEP protocol in, the WLAN security solution proposed in GB15629.11, China's national wireless LAN standard. At the same time, this scheme has been reviewed and approved by the ISO/IEC authorized Authority (IEEE registry Authority. It uses a certificate mechanism based on the public key cryptography system to implement bidirectional identification between mobile terminals (MT) and wireless access points (AP. You only need to install a certificate to roam across different regions that cover the WLAN for your convenience. Services that are compatible with existing billing technologies can be billed on time, by traffic, or by monthly subscription. After the AP sets the certificate, it no longer needs to set up the AAA Server in the background. It is easy to install, set up, and expand easily, and can meet the needs of multiple application modes such as home, enterprise, and carrier.

Six-port access control technology (802.1x) in wireless security technical specifications)

This technology is also an enhanced network security solution for wireless LAN. When the STA of the wireless workstation is associated with the AP of the wireless access point, whether the AP service can be used depends on the 802.1x authentication result. If the authentication succeeds, the AP opens the logical port for the STA. Otherwise, the user is not allowed to access the Internet. 802.1x requires the wireless workstation to install 802.1x client software. The wireless access point must be embedded with an 802.1x Authentication Proxy. It also serves as a Radius client to forward user authentication information to the Radius server. In addition to port access control, 802.1x also provides user-based authentication systems and billing, which is particularly suitable for public wireless access solutions.