The security settings in Wireless LAN start from many aspects

Source: Internet
Author: User

 

The development of wireless LAN technology is very mature. To improve the security of our wireless LAN, we need to start from many aspects.

 

WLAN technology provides users with better mobility, flexibility, and scalability, and provides fast and cost-effective LAN access in areas that are difficult to re-wiring, wireless Bridges can be used to provide LAN access for remote sites and users. However, when users' expectations for WLAN increase daily, their security problems become the main bottleneck restricting the development of WLAN as the application expands.

 

1. Threats to the wireless LAN

 

The first thing to consider is that WLAN uses radio waves as the transmission medium for Internet access. Therefore, it is difficult to restrict physical access to network resources in wireless networks, the wireless network signal can be transmitted to a region other than the expected location. The specific situation depends on the building materials and the environment, so that the network coverage has become a WLAN Access Point, allow intruders to access the WLAN outside the expected range, intercept data in the network, and intrude into the WLAN application to attack the wireless network, of course, after the intruders have the network access rights.

 

Secondly, because WLAN is still a computer network that complies with all network protocols, computer viruses also threaten computers in all WANs, it may even cause more serious consequences than normal networks.

 

Therefore, WLAN security threats include eavesdropping, interception or modification of transmitted data, confidence attacks, and denial of service.

 

VipinJain, inventor of IEEE 802.1x authentication protocol, said in an interview with the media: "when talking about wireless networks, IT managers are most worried about two things: first, there are too many standards and security solutions on the market, second, how can we avoid network intrusion or attacks? Wireless media is a shared media that is not limited by the physical boundaries of buildings. Therefore, it is very easy for someone to intrude into the network ." Therefore, WLAN security measures have a long way to go.

 

2. Security measures for wireless LAN

 

2.1 use wireless encryption protocol to prevent unauthorized users

 

The most basic method to protect wireless network security is encryption. You can enable WEP Encryption By simply setting AP, wireless network card, and other devices. The wireless encryption protocol (WEP) is a standard method for encrypting traffic on wireless networks. Many wireless device vendors disable the WEP feature when delivering devices to facilitate product installation. However, once this approach is adopted, hackers can use wireless sniffer to directly read data. We recommend that you change the WEP Key frequently and enable the independent authentication service to automatically assign the key to WEP if conditions are met. In addition, you must note that the identifier is used to identify the service provider (SSID) of each wireless network. When deploying a wireless network, you must change the default SSID at the factory to the custom SSID. Most of the current APS support SSID broadcast shielding. unless for special reasons, SSID broadcast should be disabled to reduce the possibility of wireless network discovery.

 

However, at present, the WEP Security Solution in the IEEE 802.11 standard can be cracked within 15 minutes and has been widely confirmed insecure. Therefore, if we use a 128-bit WEP, it is quite difficult to crack the 128-bit WEP. At the same time, we also need to regularly change the WEP to ensure the security of the wireless LAN. If the device provides the dynamic WEP function, it is best to apply the dynamic WEP. Fortunately, Windows XP itself provides this support, you can select the WEP option "automatically provide this key for me ". At the same time, an IPSec, VPN, SSH, or other WEP alternative should be used. Do not use WEP alone to protect data.

 

2.2 change the Service Set Identifier and Disable SSID Broadcast

 

The SSID is the identifier of the wireless receiver. You can use it to establish a connection with the access point. This ID is set by the communication device manufacturer and each vendor uses its own default value. For example, "101" is used for 3COM devices ". Therefore, hackers who know these identifiers can easily enjoy your wireless service without authorization. You need to set a unique and unpredictable SSID for each wireless access point. If possible. You should also disable External broadcasting of your SSID. In this way, your wireless network will not be able to attract more users through broadcast. Of course, this does not mean that your network is unavailable, but it will not appear in the list of available networks.

 

2.3 static IP and MAC Address binding

 

When an IP address is assigned to a wireless router or AP, DHCP is usually used by default, that is, dynamic IP Address allocation. This poses a security risk for the wireless network. "criminals" only need to find the wireless network, it is easy to obtain a valid IP address through DHCP, and thus enter the local area network. Therefore, we recommend that you disable the DHCP service, assign a fixed static IP address to each computer in the house, and then bind the IP address to the MAC address of the computer Nic, this greatly improves network security. "Illegal" elements are not easy to obtain valid IP addresses. Even if they are obtained, they need to verify the bound MAC address, which is equivalent to two levels. The setting method is as follows:

 

First, disable "DHCP server" in the settings of the wireless router or AP ". Then, activate the "fixed DHCP" function and set the "name" of each computer (that is, the "computer description" of Windows system), and the IP address to be fixed in the future, make sure that the MAC address of the NIC is correct. Click "execute.

 

3. Conclusion

 

Wireless networks are more and more widely used, but network security problems are becoming more and more prominent. This article analyzes the insecure factors of WLAN and provides security measures to address the insecure factors, effective defense against eavesdropping, interception or modification of data transmission, confidence attacks, denial of service, and other attacks. However, due to the different functions of devices produced by wireless network equipment manufacturers, therefore, the security measures described in this article may be different on different devices, but the security measures are correct, it can ensure the security and confidentiality of user information and message transmission in the wireless network, and effectively maintain the security of the wireless LAN.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.