The development background of wireless LAN security protocol
At present, the demand for WLAN services is increasing, but the corresponding security measures are not satisfactory. When people first studied the security of wireless networks, they naturally implanted the security protocols originally applied to wired networks into wireless networks. However, the effect of this migration is far from the development of WLAN security standards. Meet the requirements. From the first day of the birth of the computer network, the security of wireless networks has become a bottleneck in network development. And the continuous growth of wireless applications has exposed this problem more thoroughly. Most enterprises are willing to transmit important information through the wired LAN instead of the wireless LAN, which makes the enterprise can not use the economics and flexibility of the wireless LAN although it ensures the security of the information.
Currently, IEEE is working to eliminate WLAN security issues and expects to propose a new wireless security standard to replace existing standards by the end of 2004. However, many companies do not want to wait so long, they are willing to adopt some ready-to-use security technology to meet the current needs. However, the currently available security protocol standard-WEP-does not make those important information exempt
Under malicious attack, there is also a transitional standard WPA, which makes up most of the defects in WEP, but it is not perfect. IEEE 802.11i is the next-generation wireless security standard, but it will take some time to complete. So, how does the company need to ensure the security of WLAN at present, can't do anything in the months that 802.11i has not been completed yet?
Introduction to WLAN Security Protocol
The WEP algorithm is mainly to prevent wireless transmission of information from being eavesdropped, but also to prevent illegal users from invading the network. On a network running the WEP protocol, all users must use a shared key, that is to say, the user needs to set a password on the terminal device and corresponds to the password set by the access point to which it is connected. All data packets are encrypted by the shared key. Without this key, any illegal intruder or attempted intruder cannot decrypt the data packet. However, the WEP mechanism itself has hidden security risks. Perhaps the biggest hidden danger is that many access points are configured with WEP items turned off by default. Access points usually use the default factory configuration, which leads to a huge security hole.
Even if WEP is turned on and a new shared key is set, there is a huge hidden danger in this mechanism. WEP uses RC4 encryption mechanism to encrypt data. But the problem is that the WEP key is too vulnerable. Applications like AirSnort and WEPCrack only need to grab 100MB of such small traffic, and can decrypt WEP-protected network information in seconds. In a wireless network with a large amount of traffic, an attacker can access the WLAN for free within a few minutes. In addition, WEP uses CRC for data verification. CRC can easily be damaged by an attacker by flipping the bits in the data packet.
Another major problem with WEP is the encryption of its addresses. WEP does not provide a way to ensure that the identity of legitimate users is not impersonated by illegal intruders. Anyone who knows the WEP shared key and the network SSID (server identity) can access the network. When using this information to connect to the network, the administrator cannot determine whether to accept or reject the connection. In addition, once the shared key is deciphered or lost, you must manually modify the shared key of all network devices, which is really a headache management problem. If the key is lost and you do not know it, it will also be a security risk.
Although WEP has so many disadvantages, if your company does not use WPA or 802.11i, WEP can still barely accept. If your company is still weighing whether to adopt WPA, it is best to temporarily use the optimized WEP protocol.
Optimized to use WEP protocol
First, make sure WEP is on. The Wi-Fi Alliance ensures that access points and wireless network cards that comply with the 802.11a, 802.11b, and 802.11g standards support the WEP protocol (note that the default state is not necessarily on), which can avoid accidental attacks by intruders, such as Passerby surfing the internet through a laptop in public places. This alone is very important. Many companies in the industry have reported that passers-by can easily connect to the internal wireless LAN of the company through a laptop. If WEP can solve this problem, we can save more time to focus on more dangerous attacks.
Secondly, each department should periodically change the default SSID and shared secret. Because an attacker can easily program to automatically search for the SSID and the default key set at the factory, and periodically change the SSID and key, it will prevent the department from becoming the target of a "blind test attack". It is worth noting that the SSID is very easy to obtain through radio waves, so the attacker will generally lock a certain department as the target of the attack, and will not easily stop without achieving the goal. Furthermore, MAC address filtering should be implemented. This requires configuring the MAC address lists of legitimate devices in the access point and router so that the MAC addresses appearing in those lists can be accessed into the network. In this way, even if the correct SSID and key are found, the intruder cannot access the network. But this anti-attack measure is still not ideal, because the intruder can use deception to set its MAC address as the MAC address of the legitimate user to access the wireless network.
Finally, we must realize that WEP does not guarantee absolute network security. However, WEP is better than nothing, because software such as AirSnort and WEPCrack can easily make enterprises the target of attackers. To send ciphertext securely on the wireless network, we need to do more work.
Waveguide Load,Waveguide Dummy Load,Waveguide Termination Load,High Power Waveguide Load
Chengdu Zysen Technology Co., Ltd. , https://www.zysenmw.com