Thoroughly understand network security issues through wireless LAN security analysis

The security of Wireless LAN has always been one of our key issues. So how can we achieve comprehensive protection? First, we need to conduct a comprehensive analysis of the network security mechanism to see what causes the danger. Next we will conduct a wireless LAN security analysis.

1. First, determine the security policy and identify the main use of WLAN throughout the work, involving data transmission, personnel, and equipment. Then, we plan the physical location of the AP, the access permission of the client, and the control mode.

2. Start with the network structure. Limits the range of WLAN signals, and separates WLAN from important internal networks. Firewalls are used between APs and internal networks for security isolation, and physical isolation is used when necessary. In this way, even if a WLAN security problem occurs, it will not immediately cause a serious internal network crisis.

3. Avoid the generation of Ad Hoc networks. This requires the Administrator to train employees and continuously monitor the network.

4. Disable the automatic connection function of some operating systems and applications on the user's computer to the WLAN to prevent these users from unconsciously connecting to the unknown WLAN.

5. One of the most important aspects in the wireless LAN security analysis is to make full use of the security features provided by WLAN to ensure security. For example, you can do the following for an AP:

A) change the default password. Generally, the password of the device is very simple and must be changed;

B) encryption. Although WEP has been proved to be relatively fragile, it is safer to use encryption than plain text transmission;

C) Verify the client using the MAC address. Such preventive measures are necessary until stronger authentication measures are implemented;

D) Change the SSID and configure the AP to not broadcast the SSID.

E) modify the SNMP settings. Such preventive measures are the same as those for wired network devices.

6. When the data transmitted by the WLAN itself is of high importance or connected to a high-security network, further security measures can be taken into consideration:

A) Use 802.1x for advanced network access control. Although the 802.1x Standard was initially designed for wired Ethernet, it can be used for WLAN. 802.1x is imported to the authentication server. You can perform advanced authentication on the host and object in the WLAN. You can use the traditional RADIUS server for authentication.

B) Use TKIP to replace the existing simple WEP encryption technology. The advantage of this method is that you do not need to replace all hardware devices, but only update the driver and software. In addition, the currently being developed 802.11i provides encrypted enhanced WEP2 Based on AES) and Enhanced authentication protocol EAP. However, the maturity and promotion of 802.11i still takes some time.

C) Use VPN technology on WLAN to further enhance the security of key data. VPN technology is not specifically designed for WLAN, but can be used as an enhanced protection for critical WLAN.

7. The WLAN intrusion detection system is used to monitor the network, detect illegal access APs and counterfeit clients in a timely manner, and analyze and monitor the security status of the WLAN in real time.

8. Use personal firewalls and anti-virus software on the WLAN client to prevent damage to client attacks.

As mentioned above, the security of WLAN can be provided by the security measures of WLAN itself, but also by using some dedicated security products, at the same time, a set of reasonable WLAN dedicated security management specifications and systems are required. The following describes some security products that can be used for WLAN.

After analyzing the security of Wireless LAN, we will introduce three main products: WLAN intrusion detection system, VPN and Anti-Virus System of handheld devices.

WLAN Intrusion Detection System

WLAN intrusion detection system is a network-based Intrusion Detection System developed by guanqun jinchen. In addition to identifying and responding to the intrusion modes of common wired networks, it mainly judges and analyzes the network security status of WLAN using the 802.11b protocol. The WLAN intrusion detection system adopts a distributed structure, the Sensor for data collection is distributed at the edge and key locations of the WLAN, And the collected information is transmitted to a centralized information processing platform in a wired manner. The information processing platform decodes and analyzes the 802.11b protocol to determine whether there are any exceptions, such as illegal access to AP and terminal devices, man-in-the-middle attacks, and whether data is transmitted in violation of regulations, and identifies denial-of-service attacks by analyzing the performance and status of wireless networks. It can automatically detect the active Ad Hoc network in the network and notify the Administrator to immediately prevent further damages. The Web-based security management interface allows administrators to centrally configure and distribute policies, observe network conditions, and generate reports.

The WLAN intrusion detection system performs In-depth analysis on WLAN Network Traffic Based on protocol analysis, feature comparison, and abnormal condition detection, and blocks illegal connections in real time.

Pure VPN

The pure average VPN system is a software VPN solution of guanqun jinchen, which features flexible deployment and low cost. By combining VPN technology into WLAN, We can greatly make up for the shortcomings of WEP encryption methods and improve data security. Pure VPN adopts national-recognized encryption algorithms without security risks. In addition, pure VPN authentication uses plug-ins. You can use any authentication method, such as smart cards, biological devices, And X.509 certificates. After a pure VPN is installed, the end user client does not have to worry about the complex encryption algorithm and specify the secure network path name. In fact, they can obtain the data on the application server as before, even though they do not know that the pure VPN is encrypting and decrypting the data. The pure VPN installed on the client and server does all the work. All security policies are maintained and distributed by the pure VPN Administrator.

KILL for Pocket PC

With the development of WLAN Technology and the maturity of the market, handheld devices have gradually entered the ranks that support WLAN. Intersil and other companies have released software drivers for Microsoft's Windows CE series platforms, including Pocket PCs. Microsoft's handheld computer operating system Windows Pocket PC has become a powerful and competitive operating system in the new Smart terminal. KILL for Pocket PC launched by guanqun jinchen is a handheld computer anti-virus product designed to meet the needs of this emerging market. This ensures that the files transmitted to the server and other computers through WLAN by using handheld devices are non-toxic and the overall network security is guaranteed.