How to effectively guarantee the security of Windows XP wireless network

Although the early wireless networks have not been carried out for special reasons, they have not been able to attract network attention for quite a long time. Now, with the shift of wireless prices, it has entered the homes of ordinary people, and more and more netizens have used wireless networks. Wireless security has drawn increasing attention from all walks of life. The objective factors affecting the security instability of wireless networks are still viruses and malicious users: service theft, data theft, data corruption, and the normal use of wireless networks.

Still the above sentence: "Simple is synonymous with insecurity", the biggest factor of XP's wireless security risk is precisely the most easy-to-use function from XP —— "Wireless zero configuration" (WIRELESS ZERO CONFIGURATION), since the access point can automatically send and receive signals, once the XP client enters the coverage of the wireless network signal, it can automatically establish a connection if it enters multiple wireless networks. The signal coverage, the system can automatically contact the nearest access point, and automatically configure the network card to connect, after completion, the SSID of the established connection will appear in the "Available Network", because many manufacturers use the half of the network card The MAC address is named SSID by default, so the default name of the SSID can be inferred. After the attacker knows the default name, at least the network connected to the access point is a breeze.

There are three main measures:

1. Enable the non-broadcast function of the wireless device without spreading the SSID.

This function needs to be found in the options of the hardware device. When enabled, the network will be closed. At this time, the person who wants to connect to the network must provide an accurate network name instead of the network name automatically provided by the XP system.

2. Use an irregular network name and disable the default name.

If you don't broadcast, the attacker can still connect to the network by guessing the network name, so it is necessary to change the default name. The irregularities here can be borrowed from the password setting technique, and the network name with sensitive information is not set.

3, client MAC address filtering

Set only the client with the specified MAC can connect to the access point, you can further check the connecter.

The above three methods are only the primary settings of XP wireless security. Don't expect to set aside these three steps to be able to sit back and relax. From the current security settings, although you can guard against some wireless attacks, However, since no encryption is applied to the data in the transmission, as long as the attacker uses some specific wireless LAN tools, it can capture various data packets in the air, and through the content analysis of these data packets, The various information, including the SSID and MAC address, so the first three methods are ineffective for this kind of attack. The next step we face is the encryption problem of wireless transmission ——WEP.

This is a very controversial topic. Therefore, in order to avoid getting into the misunderstanding, we will not explain the strengths and weaknesses of this issue in detail, only one sentence: “WEP provides wireless LAN From data security, integrity to data source authenticity, comprehensive security, but WEP's key is easy to get attackers. Although the current manufacturers have strengthened this point, they cannot solve this problem fundamentally.

WEP runs on the access point. If we enable WEP on 2000, we must use the shared key provided by the client software. If it is XP, it will not be needed, and the system will be at first. When the secondary access is enabled for WEP, you can continue the following configuration after entering the key:

1. Open “network connection", click the properties of the wireless network card.

2. Select “Preferred Network", select or add an entry, then click Properties.

3, open the "wireless network properties", then do the following: modify the "network name"; will "data encryption (WEP)"; tick; will "network verification" Hook; select "match key" "key format" (ASCII or hex) and "key length" (40 or 104); need to enter the correct "network key"; Select “Automatically select the key”.

4, save off.

Now, the settings for WEP for XP are basically complete.

In order to make the wireless network more stable, let us look at other security measures that need attention:

1. The network should include an authentication server as much as possible. Configuring the network for all connection requests must first pass verification by the authentication server, which will greatly improve the security of the wireless network.

2. Modify the WEP key once a month. Because WEP has a record defect, it is best to modify the WEP key every once in a while.

3, to avoid wired and wireless network interconnection. The wireless network should be independent. To avoid mutual involvement and avoid increasing security risks, the wired and wireless networks should be separated, at least a firewall should be established between the two.

4. Establish VPN authentication. Add a VPN server between the access point and the network, so that the attacker may be able to connect to the access point, but it is only a dead crab, can not enter the network, can not make any damage to the network.

5, regular maintenance. The maintenance content is to check the network and audit logs, check the network can use some scanning tools to attack the wireless network, the focus of the review log is to review account login events.

Finally, check the list of Ed Bott's wireless network:

1. Set a strong password for the access point.

2. Disable the remote management function of the access point.

3. The firmware of the wireless network device (FirmWare) is kept up to date.

4. Modify the default name of the network name of the access point.

5, use MAC filter control

6, enable WEP and set a strong password.