【 Weak current College 】 802 .11n standard builds on the wireless network security

Commercial development is much higher than that of WLAN speed of development, many things must begin to pay attention, including the security questions. 802.11n can expand the network's coverage and performance, but still need to consider security questions.

Some old standards: 802.11a/b/g standard

And the original 802.11a/b/g standards, have high liquidity standards 802.11n 802 .11i standard of robust security (robustsecurity). In fact, all DraftN products support WPA2 (Wi-Fi defend connection version 2), Wi-Fi Alliance to launch test procedures 802.11i.

The good news is: all 802.11nWLAN to WEP and WPA preparedness (TKIPMIC) attacks, as each 802.11n device via AES encrypted data.

It is best to original 802.11a/b/g clients and new 802 .11n client sub to different WLAN SSID: high flow to use AES (WPA2), while the application is allowed to delay WLAN TKIP or AES (WPA + WPA2). These can be passed in a virtual AP explained the SSID or in double base station on the AP use different radio frequency. But this is just a temporary solution. Once you eliminate the delay device, remove or replace the TKIP to improve speed and security.

Borrowing: WPA2 advantage

802.11n inherits the strengths and weaknesses of WPA2. 802.11a/b/g and 802 .11n devices use AES to protect wireless data frames of eavesdropping, forgery and to send. 802.11a/b/g and can use 802.1X 802.11nAP refused strange access authentication user simultaneous connections. However 802.11n cannot block intruder sends spoofed management frame – this is a legitimate user disconnected or disguised as "eviltwin" APS forms of attack.

Therefore, the new 802 .11n network must maintain vigilance on wireless attacks. Very small WLANs still periodically scan to detect rogue APS, at the same time commercial WLAN should use complete wireless intrusion prevention system (WIPS) to prevent fraud, accident, unauthorized adhocs and other Wi-Fi attacks.

However, the use of oneor all of these security mechanisms available WLANs can not be proud of. 802.11n equipment can achieve 11a/b/g twice as far to the copy. Fraud, neighbours or the original those distant Metropolitan APs now becomes a threat. Intruders can more easily connect to your WLAN and legitimate users will more likely accidental external attached to the WLAN. Assuming that your old 11agAP and a faster 802 .11n fraud, select one that connects to any available network of mixed client each time will be considered as fraud.

In short, the transmission range of extended 802.11n makes regular wireless security events occur frequently add, but also exposed the dependent on weak performance of weak configuration. Worse, the sensor based on WIPS 11a/b/g will completely missed a number of security incidents. Every time there are 802 .11n and should include a WIPS upgrade to monitor new WLAN larger script analysis in 20MHz and 40MHz band of 11a/b/g and n flow.

New feature: 802.11n brings new security threats and complexity

Each new skill will introduce some threats are not found; like this major innovation 802.11n is no exception.

802.11n this new device may contain some bugs that have not yet found. For example, NETGEAR provides branded company (Netgear) model for WN802T wireless access points (APS) of previous versions will not be able to correctly analyze the length is zero (null) SSID (WVE-2008-0010). Also, the company used in the new Atheros 802 .11n wireless access point device (e.g. Linksys WRT350N company) driver does not properly handle certain management frame information unit (WVE-2008-0008). This type of vulnerability is not unusual; WLAN management staff only need to keep the attention of the security bulletin, and update the firmware and drivers.

802.11n also contains a number of very complex to option, which adds the possibility of incorrect configuration. For example, there are a number of high-throughput data transmission channel, eachmust ensure that its capacity and parameters in the match ends. In most cases, incorrect configuration causes the performance decrease — though it looks like the security questions, but it does affect availability. In some extreme cases, incorrect configuration of 802.11nAP leads to the nearby multiple WLAN denial of service attacks. To find and deal with these questions, should the relevant training and on-site analysis.

Finally, 802.11n introduced some new MAC structure, a structure was found to be exploitable. Make sure to use the module confirm 802.11n multiple data frames received, use for streaming media provides effective support. DOS attacks can send forged module confirm to the receiver (WVE-2008-0006) undermine 802.11nWLAN. A 802.11nWIPS can detect attacks, but only to prevent an attack is to stop using AddBlock-ACK Essentials (ADDBA) feature.

Risk added

Fortunately, the current wireless networkSecure the best treatment plan is still applicable to 802.11n. However, the need to pay attention is because 802.11n more broadly support more users and use, it still raises the commercial crisis. In short, some already have attack on your business, destructive.

For 802.11n, if not better than the original 11a/b/g network more secure, and original as safe.