Ten countermeasures to prevent hacker intrusion into the Wireless Network

The following articles mainly describe the top ten countermeasures to prevent hackers from intruding into the wireless network. "wireless security" is no longer a big concept. Current network security tools, performance, and protocols can provide better protection for wireless networks.

So how can users reduce or even eliminate the risk of hackers entering Wi-Fi or 802.11 standard Wireless LAN? First, you must control the qualifications for entering the network, that is, authentication. Second, protect the information sent in wireless mode, that is, data encryption.

The following are 10 countermeasures provided by 3Com to prevent wireless networks from being attacked by hackers.

Ten countermeasures to prevent hacker intrusion into the wireless network 1. Correctly place access point devices of the Network

Start from the basics: in network configuration, ensure that wireless access points are placed out of the firewall.

2. Use MAC to prevent hacker attacks

Use the MAC address-based ACLs (access control table) to ensure that only registered devices can access the network. MAC filtering technology is like adding a lock to the front door of the system. The more obstacles you set, the more difficult hackers will find and have to turn to other low-security networks.

3. Manage the ID of the wireless network effectively

All wireless LANs have a default SSID (Service Identifier) or network name. Change the name immediately, represented by text and numbers. If an enterprise has network management capabilities, it should change the SSID periodically. Do not use this name everywhere: cancel the SSID automatic playback function.

Ten countermeasures to prevent hacker intrusion into the wireless network 4. Importance of the WEP Protocol

WEP is the standard network security protocol for 802.11b wireless LAN. When transmitting information, WEP can encrypt and transmit data wirelessly to provide protection similar to wired transmission. The default value of the WEP key should be changed immediately after simple installation and startup. The best way is WEP password? Dynamic changes can be made after a user logs on. In this way, hackers need to keep track of such changes to obtain wireless network data. Based on session and user WEP password? Management Technology can achieve optimal protection and add another protection layer to the network.

5. the WEP protocol is not omnipotent.

You cannot forward encryption protection to the WEP protocol. WEP is only one layer of multi-layer network security measures. Although this technology plays an important role in data encryption, the security of the entire network should not only rely on the security performance of this layer. However, it is difficult for many network administrators to accept this idea.

6. VPN is one of the best network security technologies.

If every security measure is to block hackers from accessing the front door of the network, such as SSID changes, MAC address filtering, and dynamically changing WEP passwords ?, Therefore, virtual network (VPN) is the key to protecting the security of network backdoors. VPN has higher network security (Layer 3) than WEP protocol, and supports end-to-end secure tunnel connections between users and networks.

7. Improve existing RADIUS services

Remote users of large companies often use RADIUS (remote user dialing Authentication Service) to perform Network Authentication and logon. Enterprise IT network administrators can integrate wireless LAN into existing RADIUS architectures to simplify user management. This not only achieves Wireless Network Authentication, but also ensures that wireless users and remote users use the same authentication method and account.

8. Simplified Network Security Management: integrated wireless and wired network security policies

Wireless Network security is not a separate network architecture. It requires different programs and protocols. Policies that combine wired and wireless network security can improve management and reduce management costs. For example, a single integrated user ID and password are used for both wired and wireless access to the network.

Ten countermeasures to prevent hacker intrusion into the wireless network 9. Different WLAN devices are the same

Although 802.11b is a standard protocol, all devices that have obtained Wi-Fi logo authentication can communicate with each other in basic functions, not all such wireless devices are completely equal. Although Wi-Fi authentication ensures interoperability between devices, many manufacturers do not provide enhanced network security.

10. non-professional personnel cannot build a wireless network

Although the construction of Wireless LAN is quite convenient now, non-professional personnel can install wireless routers and access point devices in their own offices, but they seldom consider the network security during the installation process, you only need to scan the network through a network probe tool to leave a backdoor for the hacker to attack. Therefore, without the consent and participation of a professional system administrator, you must restrict the construction of a wireless network to ensure the security of the wireless network.