【 Weak current College 】 implements wireless network security methods---Power By 【 China power house network 】

Corporate wireless networks by a prominent issue is security. As more enterprises deploy wireless networks, employees, professional partners and the general public to connect to the company's system and the Internet. To enhance wireless network security is becoming increasingly urgent. Fortunately, as more and more companies are increasingly aware of the wireless network threats and ways to deal with these threats, wired and wireless network threats gap is getting smaller and smaller.

Wireless network threats

Wireless network security is not a separate issue, enterprises need to recognize that should a few fronts against attackers, but there are many threats is unique to wireless network, this includes:

1. Insert the attack: insertion attack to deploy non-authorized device or create a new wireless network, this deployment or create often do not go through the security process or security checks. You can configure the access point, client access, enter the password. If you do not have a password, an intruder can enable a wireless client communicates with an access point to connect to internal network. But some access point requirements of all clients access password should have exactly the same. This is very dangerous.

2, roaming the attacker: the attacker does not need to be physically located on an internal corporate buildings, they can use network scanner tools such as such as Netstumbler. You can move on with your laptop or other mobile device sniffs out the wireless network, which is called "wardriving"; walking in the street or through Enterprise Web site performs the same task, this is called "warwalking".

3, rogue access point: the so-called rogue access points are, without the permission of the owner of the wireless network or knowledge, or the existence of an access point. Some employees sometimes installing rogue access points, its purpose is to avoid the company installed security means, create a hidden wireless network. The secret network although essentially harmless, but it is possible to construct an unprotected network, and thus acts as an intruder enters the corporate network and open the portal.

4. double-sided demon attack: this kind of attack is also sometimes referred to as "wireless fishing", double-sided devil is actually an adjacent network name hidden in rogue access points. Double-sided Devil waiting for some blind trust user enters wrong access point, and then steal individual network data or attack your computer.

5, steal network resources: some users prefer from nearby wireless networks to access the Internet, even if they had no malicious intent, but still consume a large amount of network bandwidth that seriously affect network performance. But more uninvited guests will use this connection is from a company-wide email, or download pirated content, this will produce some legal issues.

6. wireless communication of hijacking and monitoring: as in wired networks, hijacking and monitor network through a wireless network communication is entirely possible. It includes two scenarios, one is the wireless packet analysis, that is, a skilled attacker used similar to a wired network capture of wireless communication. Many tools can capture the initial portion of the connection session and its data will generally contain a user name and password. The attacker will then be used to capture information by impersonating a legitimate user and hijacking a user's session and perform some unauthorized commands, etc. The second situation is a broadcast packet monitor, the monitor depends on the hub, so it is very rare.

Of course, there are other threats, such as client-side attacks on the client (including the denial of service attack), interference, attacks against the encryption system, the error configuration, etc., which are available to the wireless network risk factors.

Wireless network security's three channels and six method

On the closed networks such as some of the home network and the Organization's network, the most common approach is to configure the network access restrictions on access. Such restrictions may include encryption and MAC address.

For a commercial provider, hot areas, larger organizations, the most popular programme is open, encrypted network, but is completely isolated from the wireless network. Users cannot connect to the Internet or any local network resources. Another option is to use VPN to securely connect to a privileged network.

Wireless network security and a wired network. In many offices, intruders can easily access and hung on the wired network, and will not cause any problems. Remote attackers can gain access to the network through the back door. General programme may be an end-to-end encryption, and all the resources used independent of authentication, which closed to the public.

Because wireless networks as an attacker provides a number of access and opportunity against the enterprise network, so there are many security tools and technologies can help enterprises protect their network's security:

Specifically, there are several methods of protection as follows:

1. Firewall: a robust firewall can effectively prevent intruders from entering the enterprise via a wireless device to the network.

2. safety standards: the oldest security standard WEP has proven to be extremely insecure and vulnerable to security attacks. And update of the specification, such as WPA, WPA2 and IEEE802.11i is more robust security tools. Use of wireless network in an enterprise should take full advantage of these two technologies in particular.

3. encryption and authentication: WPA, WPA2 and IEEE802.11i support built-in advanced encryption and authentication technology. WPA2 and 802.11i provides for AES (advanced encryption standard) support, this standard has been adopted by many government agencies.

4. vulnerability scanning: many attackers use network scanner continually FASend probes nearby access points of the message, such as probing its SSID, MAC, and other information. And enterprises may use the same method to find out its wireless network vulnerability can be exploited, for example, you can find some unsafe access points, etc.

5, lower power: some wireless routers and access points to allow users to reduce transmitter power, thereby reducing the coverage of the device. This is a limitation of illegal users access to the practical method. At the same time, carefully adjust antenna location could also help to prevent signal falls in the hands of thieves.

6, education users: enterprises need to educate employees on the proper use of wireless devices, requiring employees to report the detected or any unusual or suspicious activity.

Of course, could not be said that these protection methods are comprehensive and in-depth, because of the weaknesses of wireless networks is dynamic, there are many, such as wireless router security configuration is also a very important aspect. Therefore, wireless network security is not an easy thing.