The purpose of reasonable protection of wireless access points is to isolate the wireless network from outsiders who are not authorized to use the service. It is often easier said than done. In terms of security, wireless networks are often more difficult to protect than fixed wired networks because of the limited number of fixed physical access points in the wired network and the use of wireless networks at any point in the antenna's radiation range. In spite of its difficulties, the rational protection of wireless network system is the key to avoid serious security problems. To maximize these vulnerabilities, ensure that network personnel take six measures to protect the wireless network. Planning antenna placement To deploy a closed wireless access point, the first step is to reasonably place the antenna of the access point so that it can limit the transmission distance of the signal beyond the coverage area. Don't put the antenna near the window, because the glass can't stop the signal. You'd better put the antenna in the center of the area you need to cover and minimize the signal leaking out to the wall. Of course, it is almost impossible to control signal leaks completely, so other measures need to be taken. Using WEP Wireless Encryption Protocol (WEP) is a standard way to encrypt traffic on a wireless network. Despite major flaws, WEP can still help thwart hackers who break in occasionally. Many wireless access point vendors turn off the WEP feature when delivering devices to facilitate the installation of the product. But once this is done, hackers can immediately access traffic on the wireless network, because the wireless sniffer can be used to read data directly. Changing the SSID and prohibiting the SSID broadcast Service Set Identifier (SSID) is the identification string used by the wireless access point that the client can use to establish the connection. The identifier is set by the device manufacturer, and each identifier uses the default phrase, such as 101, which is the identifier for the 3COM device. If the hacker knows the passphrase, it's easy to use your wireless service even without authorization. For each wireless access point deployed, you choose the SSID that is unique and difficult to guess. If possible, it is prohibited to broadcast the identifier out of the antenna. The network can still be used, but it will not appear on the list of available networks. Disabling DHCP is significant for wireless networks. If you take this action, the hacker will have to decipher your IP address, subnet mask and other TCP/IP parameters that it requires. No matter how the hacker uses your access point, he still needs to figure out the IP address. Disable or change SNMP settings if your access point supports SNMP, either disable it or change the public and private shared strings. If this is not done, hackers can use SNMP to obtain important information about your network. Use Access lists to further protect your wireless network, use the access list, if possible. Not all wireless access points support this feature, but if your network supports it, you can specifically specify which machines are allowed to connect to the access point. Access points that support this feature sometimes use the normal File Transfer Protocol (TFTP) to periodically download updated lists to avoid the thorny issue that administrators must keep these lists synchronized on each device. The responsible editor Zhao Zhaoyi#51cto.com TEL: (010) 68476636-8001 give force (0 votes) to be tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) The original text: six measures to maximize the safety of wireless network return to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.