Unique Security Threats and Countermeasures of Wireless Networks

With the Internet, some people may intrude into the networks of others in various ways to steal others' account information for the sake of their interests, no matter how strict the prevention measures are, as long as the benefits are driven, security issues will survive for a long time. It is worth noting that with the increasing development of wireless technology, people find that it is different from wired, many threats are unique to wireless networks. Let's take a look:
　　Insert attack: Insert attacks are based on deploying unauthorized devices or creating new wireless networks. Such deployment or creation often does not pass security procedures or security checks. You can configure the Access Point and enter a password when accessing the client. Without a password, intruders can connect to the internal network by enabling a wireless client to communicate with the access point. However, some access points require that the access passwords of all clients be identical, which is dangerous.
　　Roaming attackAttacks: attackers do not have to physically be inside an enterprise building. They can use network scanners, such as Netstumbler and other tools. Wireless networks can be sniffed out using laptops or other mobile devices on mobile transportation tools. Such activities are called "wardriving". They walk on the street or perform the same tasks through the enterprise website, this is called "warwalking ".
　Stealing Resources: Some users like to access the Internet from neighboring wireless networks. Even if they have no malicious attempts, they will still occupy a large amount of network bandwidth, seriously affecting network performance. More uninvited customers will use this connection to send emails from the company or download pirated content, which may cause some legal problems.
　　Wireless hijacking: As in a wired network, hijacking and monitoring over wireless network communication are completely possible. It involves two scenarios: one is wireless packet analysis, that is, skilled attackers use techniques similar to wired networks to capture wireless communication. Many tools can capture the initial part of the connection session, and the data usually contains the user name and password. Attackers can then use the captured information to name a legitimate user, hijack user sessions, and execute some unauthorized commands. The second case is broadcast packet monitoring, which depends on the hub and is rare.
　　Interception data: It has become increasingly common for network hackers to intercept data through Wi-Fi. Fortunately, all products that currently support Wi-Fi authentication support AES-CCMP data encryption protocols, but there are still some early products available to users who only support TKIP, TKIP, however, is prone to signal theft by network hackers due to security vulnerabilities. Therefore, users should upgrade to AES-CCMP as soon as possible.
　　Service Denial: Wireless LAN is vulnerable to DoS attacks, but good news also exists. As more and more users start to use the 802.11n standard, they start to use the 5 GHz band which is not crowded, this reduces the occurrence of DOS. Even so, some DOS attacks still exist. At present, the latest product has begun to support the 802.11w management mechanism, which effectively avoids this phenomenon.
　　Illegal Access: Some lucky network users often use unauthorized access points for network access, which is very dangerous. Fortunately, most enterprises scan access point settings to avoid the emergence of illegal access points. For individual users, measures such as tracking and interception should be taken to prevent the use of illegal access points.
Wireless intrusion: AirMagnet Enterprise Edition 8.5.1 is a multi-layer automatic defense system that actively defends against illegal WLAN device intrusion and other attacks. Users can set policies in advance to automatically record information such as physical locations, Mac addresses, hardware vendors, channels, SSID, and 802.11 (a/B/g/n. Illegal devices and security threats can be traced and locked through wireless connection, or the switch port can be locked. You can also see on the floor plan that the exact physical location of the illegal device has determined all possible security threats in your wireless environment.
Incorrect Configuration: Most enterprise WLAN is centrally managed and regularly updated to reduce overall costs, improve reliability, and reduce risks. However, 802.11n adds a series of complex configuration options, and the priority item and multi-media further complicate the configuration. For individual users, centralized management should be adopted to minimize operation errors.
Disguised access: 802.11a/B/g and 802.11n AP can use 802.1X to connect and authenticate users while rejecting unfamiliar access. However, 802.11n still cannot prevent intruders from sending fake management frames. This is an attack that disconnects legal users or disguises them as "edevil twin" APS. The new 802.11n network must be vigilant against wireless attacks. Small WLANs still use periodic scans to detect fraud APS, at the same time, commercial WLAN should use a complete wireless intrusion defense system to prevent fraud, unexpected connections, unauthorized ad hocs and other Wi-Fi attacks.
Device defectsFor example, an earlier version of a Netgear wireless access point (AP) with WN802T could not correctly parse an SSID (WVE-2008-0010) with a length of zero (null ). Also, drivers used by Atheros on new 802.11n Wireless Access Point devices, such as Linksys's WRT350N, cannot properly process certain management frame information units (WVE-2008-0008 ). This type of vulnerability is not uncommon. WLAN administrators only need to pay attention to the security bulletin and update the firmware and driver in time.
New Architecture: One of these architectures is discovered to be extensible. Enable the 802.11n module to confirm the receipt of several data frames and provide effective support for streaming media applications. Dos attacks can be identified by sending forged modules that the receiver (WVE-2008-0006) Destroys 802.11nWLAN. an 802.11n WIPS can detect the attack, but the only way to prevent the attack is to stop using Add Block-ACK (ADDBA) function.
　Fraudulent access: A fraudulent access point is an access point that is set or exists without the permission or knowledge of the wireless network owner. Some employees sometimes install fraudulent access points to avoid the company's installed security measures and create hidden wireless networks. Although this type of private network is basically harmless, it can construct a network without protection measures, and then act as an open portal for intruders to access the enterprise network.
　Vicious attack: This type of attack is also called "wireless phishing". Dual-sided demons are actually fraudulent access points hidden by neighboring network names. Dual-sided demons wait for some blindly trusted users to enter the wrong access point, and then steal data from individual networks or attack computers.

After looking at the above security threats, do you feel a bit chilly? However, the ancients said: "seeing rabbits and dogs is not late. It is not too late to make up for the dead." As long as our mind has a clear sense of precaution, in addition, some simple settings for wireless networks can effectively protect users' wireless network security. Let's take a look at it as a small Editor.
1. Change the default settings
Each wireless network product has a default user name and password at the beginning. You must remember to change the default user name and password when using the product for the first time. Because most wireless network devices use a common user name and password, others can easily access your network through the default user name and password, so as to obtain the management permissions of the entire network, some people may even change your username and password to prevent real users from logging on. Even though the factory settings can be restored to regain control, it is bound to be depressing.
Change the default SSID of your AP or wireless router. It is especially necessary to change the default SSID when there are other neighboring APS near your operating environment, when there are multiple APS of the same manufacturer in the same region, they may have the same SSID, so that the client will have a considerable chance to connect to the AP that does not belong to them. Do not use personal sensitive information in the SSID.
2. WPA encryption mode
WPA has four algorithms: "regenerate a new key, message integrity check (MIC), initial vector with sequence function, and key generation and regular update function for each packet, this greatly improves the encryption security strength. TKIP is backward compatible with the current Wi-Fi product and can be upgraded through software. It is a very good security measure for users.
Some may know that, without encrypting the wireless network, you can use a sniffer software to listen to the ssid, or change the Registry to impersonate your mac, network theft; even if it is encrypted, some people will use the AirSnort program to crack your WEP. Therefore, for wireless users, especially home users, WPA is the most appropriate security method, and regular password replacement, as far as possible to use 128-bit advanced encryption, and so on are all worthwhile security measures.
3. Update the Firmware of the AP.
Sometimes, refreshing the latest Firmware version can improve the security of the AP. The new Firmware version often fixes known security vulnerabilities and may add some new security measures in terms of functions, with the emergence of the updated consumer AP, you can check and upgrade the new Firmware with a few simple clicks. Compared with the previous AP, old products require users to manually search for, download, and update final Firmware versions from the vendor's technical support sites that are not very friendly.

4. Disable SSID Broadcast
Many APS allow users to block SSID broadcasts, which can prevent netstumbler scanning. However, this will also prevent Windows XP users from using their built-in Wireless Zero Configuration applications and other client applications. Although it cannot bring true security, it can at least mitigate the threat, because many of the initial malicious attacks use scanning to find Systems with vulnerabilities. This possibility is greatly reduced by hiding the SSID broadcast.
5. Disable machine or wireless transmission.
Disable Wireless AP, which may be the easiest way for general users to protect their wireless networks, you can use a simple timer to close our AP. However, if you have a wireless router, the Internet connection is also disconnected, which is also a good solution.
If you cannot or do not want to Periodically disable the Internet connection, You have to manually disable the wireless launch of the wireless router. In any case, when the network is closed, the security is absolutely the highest. After all, no one can connect to a non-existent network.
6. MAC address filtering
MAC address filtering is performed by writing a valid MAC address list to the AP in advance. Only when the MAC address of the client matches the address in the Legal MAC address table can the AP communicate with the client, implements physical address filtering. This can prevent beginners from intruding from connecting to our WLAN. However, for experienced attackers, it is easy to intercept data frames from open radio waves, analyze the MAC address of a valid user, and use the MAC address of the Local Machine to pretend to be a valid user, illegal access to your WLAN.
7. Reduce transmit power
Some wireless routers and access points allow users to reduce the power of the transmitter, thus reducing the coverage of devices. This is a practical method to restrict access by illegal users. At the same time, carefully adjusting the antenna position can also help prevent signals from falling into the hands of others.
In addition, there are some powerful firewalls installed to ensure the real-time level of anti-virus software, Web browsers, and wireless network client programs, which can help users Reduce the troubles caused by external intrusion.
Editor's note: This article only provides some effective methods to protect the security of wireless networks, but it cannot be guaranteed. After all, wireless networks are a dynamic existence and it is difficult to keep going, xiao Bian believes that the most fundamental thing is that users need to strengthen their awareness of defense and often check their networks to plan ahead, in addition, if the correct use, reasonable configuration, and hardware and software protection are in place, the network security can still be effectively guaranteed, and users should not worry too much.