WLAN Wireless LAN Protection Skills Summary

Analysis of WLAN security protection in wireless local area network security technology is constantly evolving, and researchers are trying to find safe and efficient solutions to the WLAN environment by attempting to apply the existing and emerging security technologies. Whether it is WEP, WPA or WAPI and 802.11i, must not solve the problem of WLAN security alone, how to combine with the existing security technology, to maximize the security of WLAN is imperative.

Reasonable configuration is the prerequisite

Reasonable allocation of wireless LAN is the first prerequisite to ensure security, including:

* Change the default value of the Essid and use the Essid number which is not easily guessed;

* Turn off regular broadcasts of Essid, so that, although the client must send a probe frame to ask Essid, the intruder will need to use some wireless packet capture and analysis tools to increase the difficulty;

* Change the default key and replace it periodically;

* Use MAC address filtering to control customer access in smaller networks and with relatively fixed user settings.

Strengthen the defense of the client

The client's data is also the object of the outlaws, and strengthening the defense is one of the effective measures to ensure WLAN security. There are three ways to secure data in the client:

* Use passwords and personal firewalls to prevent unauthorized access to the client's drives and folders;

* The communication process uses one time dense session key, because the key frequently changes, the person is difficult to obtain enough data to crack the key;

* Select a strong encryption algorithm, based on the application layer of Third-party encryption software, you can bypass the various attacks on Wi-Fi, to ensure that the data is not decrypted.

Protect against internal network attacks

In the wireless LAN and internal wired LAN connected environment, because the WLAN insecurity will affect the internal cable network, so take the corresponding defense strategy is also can not be ignored. Use an enterprise firewall to put the AP (access point) outside the firewall, only the IP or MAC address legitimate users into the intranet, and then with the VPN (virtualprivatenetworking virtual private network) function, This enables both business and Home Office employees to access the internal wired network via the Internet, and to prevent unauthorized access to the intranet through the WLAN. In this application, attempts to access the intranet via wireless are isolated by firewalls and VPN servers, while the VPN server provides authentication services, while fully encrypted and VPN based schemes are easy to scale and can support a large number of users.

Strengthening detection and identification

In the network to join the RADIUS (remoteauthenticationdial-inuser service, Remote Authentication dial-in User Services) server, to achieve mutual identification between the customer and AP, and then to detect and isolate fraudulent AP. The RADIUS server can assume the tasks of the VPN server at the same time, using port-based authentication standard 802.LX to identify multiple service customers, such as VPN clients and ordinary wireless clients, through the Access Center database.

Network management can not be ignored

In addition to addressing the above security policies, network management is also an effective measure to ensure security. For network administrators, if you know the Mac and IP addresses of all legitimate users, you can find illegal users by using the Intrusion Detection tool (which is also the tool commonly used by hackers) to scan the search regularly. In addition, the use of static IP addresses can, to some extent, prevent unauthorized access to wireless networks. Because a network that uses a DHCP server to configure IP addresses dynamically configures a legitimate IP address for a "stolen" Essid.

To sum up, because of the inherent security vulnerabilities of WLAN security and the openness and penetration of wireless transmission media, the security of the wireless LAN will become very fragile if it is used in the process of installation or operation. In order to ensure the data security of WLAN, in addition to installation configuration and management should strengthen the prevention, the client also should strengthen the guard. The use of passwords and personal firewalls can prevent data from being unauthorized access; for situations where the security level is high and the wireless network is connected to the internal wired network, you can use an enterprise firewall with VPN and radius, and use a third party, strong encryption algorithm based on the application layer, to encrypt the data for highly sensitive data. Can bypass a variety of effective attacks on wireless networks. Only by ensuring the safety of all aspects of wireless network application, can we give full play to the advantages of wireless network