【 Weak current College 】 WLAN (wireless LAN) security management guide

Note: the abbreviation for WirelessLAN WLAN, wireless local area network. Wireless LAN is the use of wireless technology for fast access Ethernet technology.

First, no security measures are facing three major WLAN risks:

1. network resources revealed

Once some malicious person, through a wireless network to connect to your WLAN, so they and those directly connected to your LAN switch user, on the whole network has some access permissions. In this case, unless you have already taken some measures to restrict anonymous users from accessing network resources, and share documents, intruders can do an authorized user can do anything. On your network, file, directory, or entire hard drives can be copied or deleted, or other worse are those such as keyboard logging, Trojans, spyware or other malicious programs that can be installed on your system, and through the network to be manipulated by the intruders, such a consequence would be imagined.

2. the disclosure of sensitive information

As long as the use of appropriate tools, WEB pages can be rebuilt, so that you have visited the Web site URL can be captured, you enter in the pages of some important passwords are intruders stealing and recorded, if those credit card passwords, Hei Hei, consequences and think all know what's going on.

3. Act as a springboard for others

In a foreign country, if an open WLAN is an intruder to transfer pirated movies or music, you most likely will receive a letter from the RIAA's lawyers. More extreme facts are that if your Internet connection being used to download from an FTP site child erotica or other inappropriate content, or put it to act as a server, you may face more serious problems. And, an open WLAN can also be used to send spam, DOS attacks or spread viruses and so on.

Second, to protect our WLAN

In the get a protection of WLAN problems faced by, we should make before problems occur with some appropriate countermeasures, but don't wait until after experiencing serious consequences for the only to realize secure network maintenance is important. The following is a description of the content for a variety of different levels of invasion manner, to take various measures.

1. have a wireless card ordinary users

In a no protection for wireless LAN, to attack it, does not require any special means, as long as any computer configured with wireless card machines, to the wireless adapter on your computer to open the person is a potential intruder. In many cases, people unintentionally open their equipment with wireless devices in your computer, and happens to your WLAN coverage so that their machine is not automatically connected to your AP, AP "available" to see it in the list. Accidentally, they broke into your does not fortified area "a". In fact, in the usual statistics, a significant portion of the unauthorized connection is from such a situation, and not someone else to intentional violations of your network, but sometimes inadvertently in curiosity-driven behavior.
The following solutions can protect your network against inadvertent access, but these are very basic and does not provide some more skilled avoid intruders of real-time protection. Although these elements are "amateurs", most of them are so simple, but if your wireless device can support it, I recommend that you make the relevant settings.

Strategy 1: change the default settings

At the very least, you want to change the default administrator password, and if the device supports it, it is best to put the Administrator's name also changes together. For most wireless network device, the Administrator's password can be generic, so if you don't change the password, and the other person can easily use the default username and password to log in to your wireless network device, access to the entire network management permissions, finally, you may find yourself unable to log on to your reach WLAN, of course, by restoring the factory settings or to regain control.

To change your access point or wireless router's default SSID, when your operations environment near the other neighbouring AP, change the default SSID to particular needs, in the same area have the same manufacturer's multiple AP, they may have the same SSID, then the client will have a great chance to connect to does not belong to the AP. Especially in the SSID do not use personal sensitive information.

Change the default channel can help you avoid and nearby wireless LAN in the event of a conflict, but as a security precaution method functions is very small, because the wireless client is typically a possible connection to automatically scan all the available channels.

Strategy 2: update the Firmware of the AP

Sometimes, by refreshing the latest version of Firmware can improve the security of the AP, the new version of the Firmware are often fixes a known security vulnerability, and features may be added new security measures, as now update-consumer AP, through a few simple clicks you can verify and update the new version of the Firmware, and compared to the previous AP, old products require the user to interface is not very friendly manufacturer technical support site manually to find, download, update the final version of the Firmware.

Many spent several years of AP has been their warranty, which means that it is difficult to find a new Firmware version, if you find the last version of the Firmware does not support upgrading the safety performance of WPA (Wi-FiProtecteDAccess), in fact, better version is WPA2, best please carefully consider whether to replace your equipment.

In fact, current 802.11g equipment at least should support WPA and technical updates to WPA2, but manufacturers will not be committed to support their old products, so if you want to check whether the AP can support WPA2, or in Wi-FiAllianceiscertificationdatabase (link to: wi-fi.org/OpenSection/certified_products.asp? TID = 2), check, or to search in google.

Strategy 3: shielding SSID broadcast

Many AP allows the user to shield the SSID broadcasting, this may prevent netstumbler scan, but this also prevents users who use WindowsXP which build wireless Zero configuration application and other client applications.
Note: in a wireless network SSID broadcast in the shield is not able to stop using Kismet or other wireless detection tools (such as AirMagnet) attacker, the tool detects a network does not rely on the SSID.

Strategy 4: shut down the machine and the wireless transmitter

Turn off the wireless access point, this may be a general users to protect their wireless network, the most simple way, without the need to work in the evenings, you can use a simple timer to turn off our AP. However, if you have a wireless router, then the Internet connection is cut off, it would be a good way.

In not or you do not want to periodically turn off the Internet connection, you have to use manual mode to prevent wireless router wireless launched (of course, also to your wireless router supports this feature).
Strategy 5: MAC address filtering

MAC address filtering through advance in AP writes legitimate MAC address list, only when the client's MAC address and legitimate MAC address table, address matching, AP allows clients to communicate, to achieve physical address filtering. This prevents some of the less skilled intrusion Starter connects to our WLAN, however sophisticated attackers, is easily removed from the open radio waves in the analysis of the intercepted data frame, out of a legitimate user's MAC address, and then through the native Mac addresses to masquerading as a legitimate user, illegal access your WLAN.
Strategy 6: lower transmission power

Although only a few AP has this capability, but decreasing the transmitter power can help to limit the intentional or accidental, unauthorized connections. But now the wireless card and the continual enhancement of sensitivity, even such cards are just what the novice can purchase, especially if you are in a building or hostel in attempts to block some unnecessary connection, this may not have much value.