We can basically consider solving the security problems of WLAN from the following aspects.
1. First identify the security strategy, locate the main use of WLAN throughout the work, involving the transfer of data and personnel, equipment. Then, the physical location of AP, the access rights and control mode of the client are planned.
2. Start with the network structure. Limit the range of WLAN signals and make a clear distinction between WLANs and important internal networks, using firewalls for security isolation between the AP and the internal network, and using physical isolation if necessary. This will not immediately lead to a serious internal network crisis even if there are security problems with the WLAN.
3. Avoid the emergence of ad hoc networks. This requires an administrator's training for employees, as well as constant monitoring of the network.
4. Disable the automatic connectivity of some operating systems and applications on the user's computer to the WLAN, and avoid these users from unknowingly connecting to the unknown WLAN.
5. Make full use of the security features provided by the WLAN itself for security. For example, the AP can do the following things:
A) change the default password. General equipment when the factory password is very simple, must be changed;
(b) The use of encryption means. Although WEP has proven to be relatively fragile, it is safer to encrypt than to communicate in plaintext;
c) Set up a MAC address to authenticate the client. Such precautions are necessary until more robust authentication measures are implemented;
d) Change the SSID and configure the AP to not broadcast the SSID.
e) Change SNMP settings. This precaution is the same as a wired network device.
6. Further security precautions may be considered in cases where the data transmitted by the WLAN itself is of high importance or is connected to a highly dense network:
(a) Use 802.1X for high level network access control. Although the 802.1X standard was originally developed for wired Ethernet design, it can be used for WLANs. 802.1X imports the authentication server, can carry on the high level authentication to the host object in the WLAN, the authentication way may choose to adopt the traditional RADIUS server to carry on. (Computer science)
B using TKIP technology to replace the existing simple WEP encryption technology. The advantage of this approach is that you do not need to replace all hardware devices, only by updating the drivers and software. In addition, the 802.11i is currently being developed to provide encryption hardening of the WEP2 (based on AES), as well as the Enhanced authentication Protocol EAP. But the maturity and promotion of 802.11i still takes some time.
C Use VPN technology on top of WLAN to further enhance the security of critical data. VPN technology is also not designed specifically for WLANs, but can be used as an enhanced protection for critical WLANs.
7. WLAN-specific intrusion detection system to monitor the network, timely detection of illegal access to the AP and fake clients, and WLAN security status of real-time analysis and monitoring.
8. Clients in WLAN use personal firewalls, anti-virus software and other measures to protect against client-side attacks.
As mentioned above, WLAN security can rely on the WLAN itself with the security measures provided, but also need to rely on a number of special security products to achieve, at the same time need a reasonable set of WLAN special security management norms and systems. Here are some security products that you can use for WLANs.
The WLAN security products of the Crown group Golden Chen Company
Golden Chen Company is a professional information security program and service providers, to provide firewalls, intrusion detection, host core protection, anti-virus, VPN, vulnerability scanning, content filtering gateway, such as a series of security products, and has a strong security service capabilities and research and development capabilities. Here are three kinds of products: WLAN intrusion detection system, VPN and handheld device anti-virus system.
WLAN Intrusion Detection System
WLAN intrusion Detection system is a network-based intrusion detection system, which can recognize and respond to the intrusion mode of ordinary wired network. Mainly aiming at the network security status judgment and analysis of WLAN using 802.11B protocol, WLAN intrusion detection system adopts distributed structure, the sensor of data collection is distributed on the edge and key location of WLAN, and the collected information is transmitted to a centralized processing platform through wired way. By decoding and analyzing the 802.11B protocol, the information processing platform can determine whether there are anomalies such as AP and terminal equipment illegally accessed, man-in-the-middle attack, the situation of transmitting data in violation of regulations and the performance and status analysis of wireless network, and identify the phenomenon of denial of service attack. It automatically discovers the presence of ad hoc networks in the network and notifies administrators to prevent further damage that may occur in a timely manner. The security management interface based on the Web interface allows administrators to centrally configure and distribute policies, and to observe network conditions and generate reports.
The WLAN intrusion detection system analyzes the WLAN traffic in depth by combining protocol analysis, feature alignment and anomaly detection, and can block illegal connection in real time.
Pure All VPN
Pure-average VPN system is the Golden Chen Company's software VPN solution, with flexible deployment and low-cost features. By combining VPN technology into WLAN, the disadvantages of WEP encryption are greatly compensated and the data security is improved. The pure all VPN uses the encryption algorithm which has obtained the national approval, does not have the security hidden trouble. And the authentication of the pure all VPN uses the plug-in way, you may use any authentication method, may support the smart card, the biological equipment, the X.509 certificate and so on. With a pure-all VPN installed, end users (clients) do not have to worry about the need to understand complex cryptographic algorithms and specify secure network path names. In fact, they can get the same data on the application server as they used to, not even knowing that the pure VPN is encrypting and decrypting the data. The pure-all VPN installed on both the client and the server does all the work. All security policies are maintained and distributed by the pure-all VPN administrator.
KILL for Pocket PC
With the development of WLAN technology and the maturity of the market, the handheld devices are gradually entering the ranks of WLAN support. Intersil, Inc. has launched software drivers specifically for Microsoft's Windows CE Series platform, including Pocket PCs. Microsoft's Handheld PC operating system Windows Pocket PC has become a powerful and competitive operating system in a new smart terminal. The Kill for Pocket PC, launched by Golden Chen, is a handheld anti-virus product launched to cater to the needs of this emerging market. This can ensure that the use of handheld devices through the WLAN to the server and other computer files is non-toxic, to ensure the overall network security.