Author: techrepublic.com.com
Recently, the FBI has proved the fact that people can easily analyze and attack equivalent wired encryption to gain access to wireless networks that use this security protocol. According to this announcement, Jonathan yarden is considering a test that checks the role of security in wireless networks. Based on the test results, he will give some suggestions on how to protect the security of wireless networks.
Many years ago, at a computer exhibition in a very prosperous period of network concept stocks, I stopped at the booth of a high-speed unlimited network provider that is currently paralyzed and targeted at the provider's wireless network, I asked them some questions about the security of wireless networks. Because 802.11 was a very popular wireless network specification at that time, I also specifically mentioned the inherent insecure factors of the 802.11 standard.
At that time, the service engineer at the booth assured me that the wireless access technology of the company was of course very safe, but he cannot explain to me how they implement the security of this wireless network, and does not explain why this technology is secure. It is obvious that, as a potential customer, I was able to raise such a simple question. They even felt very ridiculous and seemed to have a bad attitude towards me, he does not want to answer any questions except for asking me to leave the booth.
Of course, this exhibition stand was carefully crafted and fully used at that time the very popular A/V exhibition, and every audience passing through the exhibition stand was attracted by their very eye-catching dress. However, their appearance masks their ignorance because they do not know the security of their products.
Although most of us recognize the fact that superficial phenomena tend to deceive ourselves, this is the way in which appearance can represent almost everything for most people. Therefore, I am very grateful to the FBI for the last demonstration of this very formal Agency: they finally demonstrated this fact to people, that is, the vast majority of wireless networks are insecure. In addition, the Agency claims that 802.11b is also an insecure technology, although I have been very concerned about 802.11b technology a few years ago, it uses Wired Equivalent encryption technology to replace standard 802.11a for access. This technology is regarded as a secure alternative to 802.11a and has been sought after by everyone.
I really hope this fact can convince people that they must have sufficient information security knowledge. On the surface, the FBI only took three minutes to demonstrate how to attack WEP encryption technology and gain access to the secure network.
The FBI's findings should serve as a warning to organizations that are currently using wireless access technology, and this can be a reason to prevent some companies from fully using wireless networks. In any case, companies using wireless networks should be more aware of the role of security in wireless networks.
No matter what the FBI demonstration can explain, a very important thing for a company is to understand the concept: No matter how secure the wireless network you use, unless you deploy end-to-end encryption technology, there is no real secure communication. Although wireless technology has many advantages, wireless security cannot be compared with wired network security.
Unfortunately, most companies tend to prefer availability in terms of availability and security. Many companies have deployed wireless access networks, which are particularly evident in many software companies. In addition, in many cases, many organizations have not considered this fact, that is, in many cases, wireless access technology does not really have more advantages than wired networks.
In fact, this may introduce more new problems. I do not know how many times I have personally witnessed problems with wireless networks using 802.11b technology. These problems are entirely due to the use of wireless phones at GHz (often wireless PBX systems).
Although I personally have some prejudice against the wireless network access technology, many wireless networks are now in the company environment, and the number of wireless network configuration companies is growing. However, for companies that decide whether to use wireless networks, I strongly recommend that they use the following strategy: use wireless network access technology only when wired network access is not possible. Do not use it as a simple replacement technology or as a trend to replace wired networks.
In addition, when making a decision, security should be the first factor to consider. It must be remembered that there are many factors to consider for retaining a wired network, it is not just a security factor. For example, a wired network can handle high-speed bandwidth and provide better security because they do not need to broadcast information packets on the network.
Of course, if the bandwidth is not a major concern and you can be sure that wireless is the solution to the problem, the remaining problem is to make sure that wireless access networks do not rely on WEP technology as much as possible to adopt other and more secure means. Currently, two methods to achieve this are: using security protocols such as point-to-point tunnel protocol (PPTP) or layer-2 tunnel protocol (L2TP ), access control or other authentication methods are implemented based on the user's name and password. If you use the IPSec Security Protocol in a hybrid network, you can obtain both the access control function and the end-to-end encryption function, this makes your wireless network more secure than wired network access. However, it should be noted that there are still some conflicts to be resolved in this solution.
Of course, some may think that the 802.11i provided by Wi-Fi-protected access (WPA) has all of the above security features, and WEP will be replaced by WPA, it can also have a good conflict control function. Although this is a good news, before you plan to replace an existing wireless network device or upgrade the existing wireless network firmware (even if this technology can be implemented ), 802.11i is of no use to everyone.
In addition, remember that no matter what kind of security technology or security standards appear, there will always be people trying to attack it, and WPA is no exception. In my experience, you can deploy gibit Ethernet for access at a very low cost. Without considering data encryption, this technology can provide better security and bandwidth.
If the wireless access network is your only choice, before deciding to replace or upgrade the existing 802.11a and 802.11b devices, let's take a look at the possibility of using security protocols such as PPTP/L2TP or IPsec on your existing infrastructure. Although from a technical point of view, this is not a "very good" solution, but it is a very useful practice and can prove that this approach will be safer than 802.11i. As for me, I am still willing to use wired networks.
Jonathan yarden is a senior UNIX System Administrator, network security manager, and regional ISP high-level software architect.