Early wireless network has not been widely used due to its own particularity and expensive equipment. Therefore, wireless network security has not caused much attention, with recent years. The price of wireless network equipment has dropped and dropped to the point that most people can accept it. The configuration of a wireless network does not require the previous senior engineers
, under Win XP, only You need to follow the wizard a few mouse clicks, you can build a wireless network in a few minutes, simple is synonymous with insecurity, so the security of wireless networks is getting more and more attention.
present the main risk is reflected in the wireless network service theft, data theft, data corruption, interfere with the normal service areas, which also exists in XP's wireless network. To avoid the threat of security risks, we will analyze them one by one.
or should the above sentence: "Easy is unsafe synonymous with" the biggest factor wireless security risks XP, it is the easiest-to-use features from XP - "Wireless Zero Configuration (WIRELESS? ZERO? CONFIGURATION), since the access point can automatically send and receive signals, once the XP client enters the coverage of the wireless network signal, it can automatically establish a connection if it enters the signal coverage of multiple wireless networks. The system can automatically contact the nearest access point and automatically configure the network card to connect. After the completion, the SSID of the established connection will appear in the "Available Network", because many manufacturers use the half-Mac address of the network card to be named by default. SSID, therefore, makes the SSID default name speculative, after the attacker knows the default name, at least the network connected to the access point is a breeze.
main measures against three:
1, does not enable the broadcast feature of wireless devices, not diffuse the SSID.
This feature requires looking at the options in hardware, will enable a closed network, this time people who want to connect to the network must provide accurate network name, instead of XP system to automatically provide the network name.
2, using irregular network name, prohibit the use of the default name.
if you do not broadcast, the attacker can still connect to the network by guessing the name of the network, it is necessary to modify the default name.
irregular here can learn about the password setting skills, do not set the network name with sensitive information.
. 3, the Mac address of the client filter having
only the specified set of Mac clients can connect the access point may be connected to the person further checks. Three way
just above belong XP primary wireless security settings, do not expect to set up the three steps after you can sit back and relax, and security settings from the current point of view, although you can prepare for the part of wireless attacks, However, since no encryption is applied to the data in the transmission, as long as the attacker uses some specific wireless LAN tools, it can capture various data packets in the air, and through the content analysis of these data packets, The various information, including the SSID and Mac address, so the first three methods are ineffective for this kind of attack. The next step we face is the encryption problem of wireless transmission ---- WEP.
This is a very controversial topic. Therefore, in order to avoid getting into the misunderstanding, we will not explain the strengths and weaknesses of this issue in detail, but only one sentence: "WEP provides wireless LAN. From data security, integrity to data source authenticity, comprehensive security, but WEP keys are easily accessible to attackers." Although the current manufacturers have strengthened this, Microsoft has released related upgrade packages (KB826942, support.microsoft.com/default.ASPx?scid=kb;zh-cn; 826942), but this problem cannot be solved fundamentally. .
WEP runs on the access point. If we enable WEP on 2000, we must use the shared key provided by the client software. If XP is used, it will not be needed, and the system will be in the first place. When the secondary access is enabled for WEP, the following configuration can be continued after entering the key:
1. Open “Network Connection” and click the properties of the wireless network card.
2, select the "preferred network", select or add an entry, then click Properties.
3, the following operations after opening "Wireless Network Properties":
1) modify the "network name"
2) the "data encryption (the WEP)" tick
3) Tick "Network Authentication"
4) Select the "Key Format" (ASCII or Hex) and "Key Length" of the matching access point (40) Or
104).
5) to enter the correct "Network Key"
6) Uncheck "Automatically select the key."
4, save and close.
OK, the settings for WEP under XP are basically completed, but in order to make the wireless network more stable, we will look at other security measures that need attention:
1, in the network Include as much as possible an authentication server.
Configuring the network to all connection requests must first pass the verification of the authentication server,
will greatly improve the security of the wireless network.
2, once a month to modify the WEP key WEP
because there are defects in the recording, so the best time to time to modify a WEP key.
3, wired and wireless networking avoided.
wireless network should be independent, in order to avoid involvement with each other, to avoid increasing the security risk, should be separated from wired and wireless networks, should build a firewall between the two at least.
4,
establish VPN authentication between the access point and then add a VPN network server, so that an attacker may be connected to an access point, but only a dead crab Only, can't enter the network, can't make any damage to the network.
5, regular maintenance
maintenance is to check the content network and audit logs,
check network scanning tool can be used to attack some of the wireless network,
Netstumbler (.netstumbler.com/">www.Netstumbler.com)
Kismet www.kismetwireless.Net
The focus of the review log is to review account login events.
Finally, check the checklist of Ed Bott's wireless network:
1. Set a strong password for the access point.
2. Disable the remote management function of the access point.
3, firmware (firmWare) holding the wireless network device to the latest upgrade.
4, modify the name of the network access point the default name.
5, the filter control using Mac < BR>
6. Enable WEP and set a strong password.