Early wireless networks have not been widely used due to their particularity and expensive equipment. Therefore, wireless network security has not attracted much attention. With the price of wireless network equipment in recent years. After falling and falling, it finally fell to the point that most people can accept. The configuration of a wireless network does not need to have the advanced engineer technology. In Win XP, you only need to click the mouse a few times in the wizard. It takes less than a few minutes. A wireless network can be built, and simplicity is synonymous with insecurity. Therefore, the security of wireless networks is becoming more and more concerned.
At present, the main risks of wireless networks are reflected in service theft, data theft, data corruption, and interference with normal services. These are also present in XP wireless networks. To avoid the threat of security risks, we will analyze them one by one.
Still the above sentence: "Simple is synonymous with insecurity", the biggest factor of XP's wireless security risk is precisely the most easy-to-use function from XP - "Wireless zero configuration ”(WIRELESS? ZERO? CONFIGURATION), since the access point can automatically send and receive signals, once the XP client enters the coverage of the wireless network signal, it can automatically establish a connection if it enters the signal coverage of multiple wireless networks. The system can automatically contact the nearest access point and automatically configure the network card to connect. After the completion, the SSID of the established connection will appear in the "Available Network", because many vendors use the half MAC address of the network card to be named by default. SSID, therefore, makes the SSID default name speculative, after the attacker knows the default name, at least the network connected to the access point is a breeze.
There are three main measures:
1. Enable the non-broadcast function of the wireless device without spreading the SSID.
This function needs to be found in the options of the hardware device. When it is enabled, it will close the network.
At this time, the person who wants to connect to the network must provide an accurate network name instead of the XP system. Network name.
2. Use an irregular network name and disable the default name.
If you don't broadcast, the attacker can still connect to the network by guessing the network name, so it is necessary to change the default name.
The irregularities here can be borrowed from the password setting technique, and the network name with sensitive information is not set.
3, client MAC address filtering
Set only the client with the specified MAC can connect to the access point, you can further check the connecter.
The above three methods are only the primary settings of XP wireless security. Don't expect to set aside these three steps to be able to sit back and relax. From the current security settings, although you can guard against some wireless attacks, However, since no encryption is applied to the data in the transmission, as long as the attacker uses some specific wireless LAN tools, it can capture various data packets in the air, and through the content analysis of these data packets, The various information, including the SSID and MAC address, so the first three methods are ineffective for this kind of attack. The next step we face is the encryption problem of wireless transmission---WEP.
This is a very controversial topic. Therefore, in order to avoid getting into the misunderstanding, we will not explain the strengths and weaknesses of this issue in detail, but only one sentence: "WEP provides data security for wireless LAN. Sex, integrity, and data source authenticity is more comprehensive security, but the WEP key is easily obtained by attackers." Although the current manufacturers have strengthened this, Microsoft has released related upgrade packages (KB826942, support.microsoft.com/default.aspx?scid=kb;zh-cn;826942), but this problem cannot be solved fundamentally. .
WEP runs on the access point. If we enable WEP on 2000, we must use the shared key provided by the client software. If it is XP, it will not be needed, and the system will access it for the first time. When WEP is enabled, you can continue the following configuration after entering the key:
1. Open “Network Connection” and click the properties of the wireless network card.
2. Select "Preferred Network", select or add an entry, and click Properties.
3. Open the "Wireless Network Properties" and do the following:
1) Modify the "Network Name"
2) Tick "Data Encryption (WEP)"
3) Tick "Network Authentication"
4) Select the "Key Format" (ASCII or Hex) and "Key Length" of the matching access point (40) Or
104).
5) Need to enter the correct "network key"
6) Do not select "Automatically select key".
4. Save and close.
OK, the settings for WEP under XP are basically completed, but for the wireless network to be more stable,
Let us pay attention to other security measures
1. Network Include as much as possible an authentication server.
To configure the network for all connection requests, you must first verify the server's authentication.
will greatly improve the security of the wireless network.
2, modify the WEP key once a month
Because WEP has a record defect, it is best to modify the WEP key every once in a while.
3, to avoid the interconnection of wired and wireless networks.
Wireless networks should be independent. To avoid mutual involvement and avoid increasing security risks, separate wired and wireless networks, at least between them.
4, establish VPN authentication
Add a VPN server between the access point and the network, so that an attacker may be able to connect to the access point, but only a dead crab Only, can't enter the network, can't make any damage to the network.
5, regular maintenance
The maintenance content is to check the network and audit logs,
Check the network can use some scanning tools to attack the wireless network,
Netstumbler (.netstumbler.com/">www.netstumbler.com)
Kismet www.kismetwireless.net
The focus of the review log is to review account login events.
Finally, check the list of Ed Bott's wireless network:
1. Set a strong password for the access point.
2. Disable the remote management function of the access point.
3. The firmware of the wireless network device (FirmWare) is kept up to date.
4. Modify the default name of the network name of the access point.
5. Use MAC Filter Control
6. Enable WEP and set a strong password.
Windows Home (www.Windowszj.com): Windows xp gives us a lot of shortcuts, and the icon short
Windows XP has a built-in picture and fax viewer. Most people think that this is just a very common
Fourth, Security Center The Security Center is responsible for the monitoring of firewalls,
The Windows taskbar is an area that is often used to operate. Recently, we have explored som
Simple question, simple to learn, what is the resolution of the computer screen
Improve the speed of Windows XP system nine skills
Secret: Creating a way to share Windows
Windows XP command prompt application skills (a)
Little-known hotkey vulnerability in Windows XP
Tip: Turn OEM XP into retail genuine XP
XP System CMD Command Encyclopedia
Windows memory optimization, not as beautiful as you think
Windows XP system user switch cool trick
How to remove the xp login interface? (1)
EasyBoot Chinese boot CD production tutorial
Microsoft released a free ISO virtual drive to support Win7/XP
How to use the access control list to limit user permissions under Linux
Where is the hosts file win7 modify the hosts file graphic tutorial
Inadvertently deleted the recycle bin icon?
Win7 system Word can not open the solution to send error reports
Win7, XP system disable and restore control panel, registry editor, group policy method
Windows 8 EFI hard disk installation
How to make win2003 automatically log in after remote operation