Six measures to protect wireless networks

The purpose of reasonable protection of wireless access points is to isolate the wireless network from outsiders who are not authorized to use the service. It is often easier said than done. In terms of security, wireless networks are often more difficult to protect than fixed wired networks because of the limited number of fixed physical access points in the wired network and the use of wireless networks at any point in the antenna's radiation range. Although it has its own difficulties, the rational protection of wireless network system is the key to protect the system from serious security problems. To maximize these vulnerabilities, ensure that network personnel take six measures to protect the wireless network.

Planning the placement of antennas

To deploy a closed wireless access point, the first step is to reasonably place the antenna of the access point so that it can limit the transmission distance of the signal beyond the coverage area. Don't put the antenna near the window, because the glass can't stop the signal. You'd better put the antenna in the center of the area you need to cover and minimize the signal leaking out to the wall. Of course, it is almost impossible to control signal leaks completely, so other measures need to be taken.

Using WEP

Wireless Encryption Protocol (WEP) is a standard method of encrypting traffic on a wireless network. Despite major flaws, WEP can still help thwart hackers who break in occasionally. Many wireless access point vendors turn off the WEP feature when delivering devices to facilitate the installation of the product. But once this is done, hackers can immediately access traffic on the wireless network, because the wireless sniffer can be used to read data directly.

Change SSID and prohibit SSID broadcast

The Service Set Identifier (SSID) is the identification string used by the wireless access point that the client can use to establish the connection. The identifier is set by the device manufacturer, and each identifier uses the default phrase, such as 101, which is the identifier for the 3COM device. If the hacker knows the passphrase, it's easy to use your wireless service even without authorization. For each wireless access point deployed, you choose the SSID that is unique and difficult to guess. If possible, it is prohibited to broadcast the identifier out of the antenna. The network can still be used, but it will not appear on the list of available networks. (Computer science)

Disable DHCP

This is very meaningful for wireless networks. If this action is taken, the hacker will have to decipher your IP address, subnet mask and other TCP/IP parameters that it requires. No matter how the hacker uses your access point, he still needs to figure out the IP address.

Disable or change SNMP settings

If your access point supports SNMP, either disable it or change the public and private shared strings. If this is not done, hackers can use SNMP to obtain important information about your network.

Use Access list

To further protect your wireless network, use the access list, if possible. Not all wireless access points support this feature, but if your network supports it, you can specifically specify which machines are allowed to connect to the access point. Access points that support this feature sometimes use the normal File Transfer Protocol (TFTP) to periodically download updated lists to avoid the thorny issue that administrators must keep these lists synchronized on each device.