Protecting our wireless networks to the maximum extent is a matter of great concern to us. From which aspects should we manage and set them? Here we will introduce it to you.
The purpose of reasonably protecting wireless access points is to isolate wireless networks from outsiders who are not authorized to use services. It is often easy to do. In terms of security, wireless networks are usually more difficult to protect than fixed wired networks, because the number of fixed physical access points of wired networks is limited, wireless networks can be used at any point in the antenna radiation range. Although there are difficulties, reasonable protection of the wireless network system is the key to protecting the system from serious security issues. To block these security vulnerabilities to the maximum extent, network personnel must take six measures to protect the wireless network.
Planning antenna placement
To deploy closed wireless access points, the first step is to properly place the Access Point antenna so as to limit the signal transmission distance outside the coverage area. Do not place the antenna near the window because the glass cannot block the signal. You 'd better place the antenna in the center of the area to be covered and minimize signal leakage to the ceiling. Of course, completely controlling signal leakage is almost impossible, so other measures need to be taken.
Use WEP
The wireless encryption protocol (WEP) is a standard method for encrypting traffic on wireless networks. Despite significant defects, WEP still helps block occasional intrusion into hackers. Many Wireless Access Point vendors disable the WEP function when delivering devices to facilitate product installation. However, once this method is adopted, hackers can immediately access the traffic on the wireless network, because the data can be directly read using the wireless sniffer.
Change SSID and Disable SSID Broadcast
The Service Set Identifier (SSID) is the identification string used by the wireless access point, and the client can establish a connection using it. This identifier is set by the device manufacturer. Each identifier uses the default phrase. For example, 101 is the identifier of a 3Com device. If hackers know this phrase, they can easily use your wireless service without authorization. For each Wireless Access Point deployed, You must select the unique and difficult to guess the SSID. If possible, do not broadcast the identifier outward through an antenna. In this way, the network is still available, but it does not appear on the list of available networks.
Disable DHCP
This makes sense for wireless networks. If this is done, hackers have to decrypt your IP address, subnet mask, and other required TCP/IP parameters. No matter how hackers use your access point, they still need to figure out the IP address.
Disable or modify SNMP settings
If your Access Point supports SNMP, you can either disable it or change the public and dedicated shared strings. Without this measure, hackers can use SNMP to obtain important information about your network.
Access list
To further protect the wireless network, use the access list, if possible. Not all wireless access points support this feature. However, if your network supports this feature, you can specify which machines are allowed to connect to the access point. Access Points that support this feature sometimes use the Common File Transfer Protocol (TFTP) to regularly download the updated list, this prevents the administrator from having to keep these lists synchronized on each device.