Sub-station

ShIP to

English

wireless security x96 getting it right

by:Ansjer cctv     2019-08-06
This may sound strange, but in fact some organizations using wireless networks are open to serious security breaches.
The main reason is that organizations can go online by simply inserting access points without changing the default factory settings.
Wireless LAN is at risk not because the system is not working but because of improper use.
The biggest problem is that the safety standards are not perfect and the equipment configuration is not perfect.
First of all, most of the wireless base stations sold by the supplier have
Built-in Secure Wired Equivalent Privacy (WEP)
The agreement was closed.
This means that unless you manually reconfigure the wireless access point, your network will broadcast unencrypted data.
In the old world of wired LAN, the architecture provides some inherent security.
Typically, there is a network server and multiple devices with Ethernet protocol adapters that are physically connected via the LAN backbone.
If you do not have a physical connection, you will not be able to access the LAN.
Compare with the new wireless LAN architecture.
The LAN backbone of the wired world is replaced by wireless access points.
The Ethernet adapter in the device is replaced by a wireless network card.
Without a physical connection, anyone with radio sniffing power can connect to the network.
What will be the problem?
Unlike wired networks, intruders do not need physical access in order to pose the following security threats: eavesdropping.
This includes a confidential attack on data transmitted over the network.
In wireless networks, eavesdropping is the most important threat because attackers can intercept air transmission from places far away from the company\'s premises. Tampering .
The attacker can modify the content of the packets intercepted from the wireless network, which will result in a loss of data integrity.
Unauthorized access.
An attacker can access privileged data and resources in the network by assuming the identity of a valid user.
This attack is called deception.
In order to overcome this attack, an appropriate authentication and access control mechanism needs to be established in the wireless network.
Denial of Service.
In this attack, intruders flood the network with valid or invalid messages that affect the availability of network resources.
How to protect?
There are three types of security options basic, active, and hardened.
Depending on your organization\'s needs, you can adopt any of the above methods.
Basic you can achieve Basic security by implementing Wired Equivalent Standard 128 or WEP 128. The IEEE 802.
11 working groups have been established for this standard.
Encryption specifies the generation of the Encryption key.
These keys are used by information sources and information targets to prevent any eavesdropper (
People without these keys)
Gets access to the data.
By using the Service Set Identifier (
SSID Erra 32-character unique identifier)
Associated with an access point or access point group.
SSID is the password for network access.
Another additional type of security is the access control list (ACL).
Each wireless device has a unique identifier called the media access control address (MAC).
MAC lists can be maintained on the access point or on the servers of all access points.
Only these devices are allowed to access the network with the MAC address specified.
The above implementation is open to attack.
Even if you open the WEP, there is still an inherent problem with it.
The problem is that the encryption key mechanism of the protocol is implemented by analyzing the data stream on the network for a period of time to recover the key.
It is estimated that it will take about 15 minutes to a few days.
SSID connected to packet header sent via wireless LAN-
Sent as unencrypted text, easily sniffed by third parties.
Unfortunately, most vendor devices are configured to auto-broadcast SSID and basically provide tickets for new devices to join the network.
While this is useful for public wireless networks in places such as airports and retail locations --
In the United States, for example, Starbucks offers 802 of its services.
11b access in some of its stores-
This is another security breach for companies that have not closed it.
Finally, any MAC address can be changed to another one (spoofed)
Therefore, the use of ACL is not foolproof.
For active type security, you need to implement IEEE 802.
1x safety standard.
This covers two areas that restrict network access through mutual authentication and data integration through WEP key rotation.
Mutual authentication between the client station and the access point helps ensure that the client communicates with a known network, and dynamic key rotation reduces the exposure of key attacks.
Due to the weakness of WEP, there are some standard alternatives for WEP. Most of the Wi-
Fi manufacturers have agreed to enhance security using a temporary standard called Wi-
Access to Fi protection (WPA).
In WPA, use the temporary Key Integrity Protocol to change the encryption key after each frame (TKIP).
This protocol allows for critical changes on frames-by-
Frame base and automatically sync between the access point and the wireless client.
TKIP is really the core and soul of WPA security.
TKIP replaces WEP encryption.
Although standard is optional in standard Wi
Fi, TKIP is required in WPA.
The TKIP encryption algorithm is stronger than the one used by WEP, but works by using the same hardware-
The computer-based system used by WEP.
Organizations like banks have very strict security requirements.
They need to implement security systems of reinforcement type.
These are solutions certified under federal information protection standards (FIPS 1. 40).
Product Offering points in this category-to-
Point Security of wireless information communication, including AirFortress and IPSec virtual private network (VPNs).
VPN will increase your network cost, however, you can decide whether to implement it or not by using the same operational process as all other parts of the infrastructure.
Draw a risk map based on the business data that you will transmit via radio and evaluate the financial impact of the violation.
If the data is too critical, re-evaluate what should be delivered over the network or use VPN to enhance protection.
Summing up suppliers are working to implement new standards, we should see the implementation of IEEE 802 products this year.
11i will further advance the authentication and encryption benefits realized by WPA.
Most notably, it will add a standard called advanced encryption (AES)
And various other enhancements.
In addition to the updated standards, organizations must understand that wireless security is critical and the benefits are easy.
The organization must define its security requirements and use the functions available in the system accordingly.
Choose an excellent supplier that can help you achieve your needs with a standard-based solution.
Good implementation must be supported by security policies, which is clear to everyone in the organization.
Make your employees aware that they are all responsible for security and share the cost of security violations.
Assign permissions and ownership to a small number of employees for each part of the security policy and review their performance on a regular basis.
The most important thing is to monitor whether your system has any possible violations and make adjustments if necessary.
Sleep well
Custom message
Chat Online 编辑模式下无法使用
Chat Online inputting...