Teach you how to test wireless router security features

Major brand manufacturers in the wireless router configuration design has increased the key, prohibit the SSID broadcast and other means, but these security settings are really effective?

As more and more friends enter the "wireless" family, the safety of wireless networks has attracted much attention. In contrast, wireless is more difficult to protect than a wired network, because the number of fixed physical access points in the wired network is limited, and any point in the wireless network that the signals can achieve can be used. Therefore, the major brand manufacturers in the wireless router configuration design has increased the key, the prohibition of SSID broadcast and other means, but these security settings are really effective? The following is an example of a wireless device that supports the IEEE 802.11g standard, and leads us to solve the problem in a measured way.

Set Network key

Wireless Encryption Protocol (WEP) is a standard method of encrypting data transmitted in a wireless network. Most wireless devices now have WEP encryption, and more secure WPA encryption is not widely used.

Currently, there are generally two types of keys for a wireless router or AP. For example, the wireless router used has 64-bit and 128-bit encryption types, and 10 or 26 strings are entered as cryptographic passwords, respectively.

Here to remind you that many wireless routers or AP at the factory, data transmission encryption function is closed, if you take to use without further settings, then your wireless network becomes a "undefended" furnishings. Therefore, encrypting settings for your wireless network is extremely important.

Test results: The 64-bit encryption method was used, and the wireless network was discovered by software such as Network Stumbler, but the wireless network could not be utilized because the password could not be obtained.

Disable SSID Broadcast

In layman's parlance, the SSID is the name you take for your wireless network. It is to be noted that the same SSID is used by the same manufacturer's wireless router or AP, and that if an attacker who attempts to connect illegally uses a generic initialization string to connect to the wireless network, it is extremely easy to establish an illegal connection that poses a threat to our wireless network. Therefore, it is advisable for you to name the SSID as some of the more personalized names.

Wireless routers generally provide the "Allow SSID Broadcast" feature. If you don't want your wireless network to be searched by the SSID name, it's best to "ban SSID broadcasts." Your wireless network can still be used, but it will not appear in the list of available networks that others have searched for.

Tip: By prohibiting the SSID broadcast settings, the efficiency of the wireless network will be affected, but in exchange for security improvement, think it is worthwhile.

Test Result: The wireless network was ignored by the wireless NIC because it was not broadcast, especially when using Windows XP to manage the wireless network.

Disable DHCP

The DHCP feature automatically assigns IP addresses to each computer in a wireless LAN, without requiring the user to set the IP address, subnet mask, and other required TCP/IP parameters. If DHCP is enabled, it is easy for others to use your wireless network. Therefore, disabling the DHCP feature is necessary for wireless networks.

Set the DHCP server to not enabled under the DHCP server settings for the wireless router.

Test results: Because the IP address and DNB server information cannot be obtained, the network cannot be used even if the wireless network signal is found.

Enable MAC address, IP address filtering

When you enable MAC address filtering in wireless router settings, be aware that you must select the option "Allow only MAC addresses that have been set up in the MAC address list to access wireless networks" in the filter rules.

In addition, if DHCP is disabled in a wireless LAN, it is recommended that you set a fixed IP address for each computer that uses wireless services and then enter these IP addresses into the IP address allow list. When IP address filtering is enabled for the wireless router, only the users of the IP address in the list can access the network normally, and others can only stare.

Test results: MAC address filtering and IP address filtering settings, even if someone reluctantly invaded the wireless network, but because the MAC address and IP address by the wireless router filtering function is prohibited, so the wireless network is still unusable.

Summary

In fact, in the actual measurement of the process found that the previous mentioned any way can protect their own wireless network, so ordinary users need not worry, can be assured to use.

Also, if you use some public wireless networks in public places such as airports, conference rooms, and so on, remember to turn off your document and print sharing because such shared documents can easily be accessed by another client within the same LAN.