Nowadays, many announcement shops provide free WIFI. In order to save data, mobile users will try their best to use free WIFI. However, there is no free lunch in the world. WIFI in public places has great security risks. Prone to malicious attacks. In fact, whether it is an enterprise, a home or an operator, there are various security risks and threats in the deployment of wireless networks.
The wireless network transmits and receives data through radio frequency signals broadcast in the air. Due to the broadcast nature of wireless LANs, there is a threat that hackers can access or damage data. The main safety hazards are as follows:
1. Unauthorized use of network services
If the wireless local area network is set to open access, illegal users can use network resources without authorization, not only occupying valuable wireless channel resources, increasing bandwidth costs, and reducing the quality of service for legitimate users, but unauthorized users do not comply with the corresponding The terms may even lead to legal disputes.
2. Address spoofing and session interception (man-in-the-middle attack)
In a wireless environment, it is much easier for illegal users to obtain the MAC addresses of legitimate sites in the network through interception and other means than in a wired environment. These legitimate MAC addresses can be used for malicious attacks.
In addition, illegal users can easily pretend to be legitimate wireless access points and induce legitimate users to connect to the access point to enter the network, thereby further obtaining the identification information of legitimate users, and realizing network intrusion through session interception.
Since the wireless network is generally an extension of the wired network, once an attacker enters the wireless network, it will become the starting point for further intrusion into other systems. Most of the deployed wireless networks are behind the firewall, so the security risks of the wireless network will become the loopholes of the entire security system. As long as the wireless network is breached, the entire network will be exposed to illegal users.
Security measures for wireless networksIn order to alleviate the above-mentioned security problems, all wireless networks need to add basic security authentication, encryption and encryption functions, including:
â—User identity authentication prevents unauthorized access to network resources.
â—Data encryption to protect data integrity and privacy of data transmission.
Identity authentication methods include:
1. Open authentication. Open authentication is basically an empty authentication algorithm that allows any device to send authentication requests to the access point (AP). In open authentication, the client uses plaintext transmission to associate with the AP. If there is no encryption function, any device that knows the SSID of the wireless LAN can enter the network. If the Wired Peer-to-Peer Encryption Protocol (WEP) is enabled on the AP, the WEP key becomes a means of access control. A device without the correct WEP key cannot transmit data through the AP even if the authentication is successful, and at the same time, such a device cannot decrypt the data sent by the AP.
Open authentication is a basic authentication mechanism that can use wireless devices that do not support complex authentication algorithms. The certification in the 802.11 specification is connection-oriented. For designs that require authentication to allow devices to quickly enter the network, in this case, you can use open authentication. And open authentication cannot verify whether the client is a valid client, whether you are a hacker or a malicious attacker's client. If you use open authentication without WEP encryption, anyone who knows the SSID of the wireless LAN can access the network.
2. Shared key authentication. This method is similar to open authentication with one major difference. When you use open authentication with WEP encryption key, the WEP key is used to encrypt and decrypt data, but it is not used in the authentication step. In shared key authentication, WEP encryption is used for authentication. Similar to open authentication, shared key authentication requires that the client and the AP have the same WEP key. AP uses shared key authentication to send a challenge text packet to the client. The client uses the locally configured WEP key to encrypt the challenge text and responds to subsequent authentication requests. If the AP can decrypt the authentication request and restore the original challenge text, the AP will reply with an authentication response granting access to the client.
In shared key authentication, the client and the AP exchange a challenge text (plain text) and encrypt the challenge text. Therefore, this authentication method is vulnerable to man-in-the-middle attacks. The hacker can receive the unencrypted challenge text and the encrypted challenge text, and extract the WEP key (shared key) from this information. When the hacker knows the WEP key, the entire authentication mechanism will be threatened and the hacker can freely access the WLAN network. This is the main disadvantage of shared key authentication.
In addition to WEP, there are now WPA and WPA2 mechanisms.
WPA is a standard security solution based on the Wi-Fi Alliance to solve local wireless LAN vulnerabilities. WPA provides enhanced data protection and access control for WLAN systems. Based on the implementation of the original IEEE802.11 standard, WPA solves all known Wired Equivalent Privacy (WEP) vulnerabilities, and brings direct security solutions to WLAN networks, including enterprises and small offices, home offices (SOHO) ) Such a WLAN network environment.
WPA2 is a new generation of Wi-Fi security protocol. WPA2 is the IEEE802.11i standard jointly implemented and approved by the Wi-Fi Alliance. WPA2 implements the National Bureau of Standards and Technology (NIS) recommendations based on the counter mode of the Advanced Encryption Standard (AES) encryption algorithm and the Cryptographic Blockchain Information Authentication Code Protocol (CCMP). The AES counter mode is a block cipher that uses a 128-bit key to encrypt a 128-bit data block each time. WPA2 provides a higher level of security than WPA.
In addition, there are two other commonly used mechanisms for wireless network security:
â—Based on SSID authentication
â—MAC address authentication
Service area identifier (SSID) matching
The wireless client must set the same SSID as the wireless access point AP in order to access the AP; if the SSID presented is different from the SSID of the AP, the AP will refuse it to access the Internet through this service area. Using SSID settings, user groups can be grouped well to avoid security and access performance problems caused by arbitrary roaming. The purpose of confidentiality can be achieved by setting hidden access point (AP) and SSID area division and authority control. SSID is a mechanism that allows logical division of wireless LAN. SSID does not provide any data privacy function, and SSID is not provided to AP. Really verify the functionality of the client.
Physical address (MAC) filtering
Each wireless client network card is identified by a unique 48-bit physical address (MAC), and a list of allowed MAC addresses can be manually maintained in the AP to achieve physical address filtering.
The efficiency of this method will decrease as the number of terminals increases, and illegal users can obtain a legal MAC address table through network interception, and the MAC address is not difficult to modify, so illegal users can completely steal the MAC address of legal users To illegally access.
Recommended wireless network strategy1. It is not recommended to use WEP encryption. Instead, WPA and WPA2 encryption authentication methods should be used. At present, most home APs support WPA and WPA2 encryption authentication.
2. Change the general settings of the home wireless router: The default DHCP service (automatic IP address assignment) of the home wireless router is usually enabled, so that if other users enter the authentication system, they can get the network without guessing the IP address of the network. The IP address is reduced, thereby reducing the difficulty of the attacker and increasing the risk. Specifically, you can disable the DHCP service and the SSID broadcast service, and change the IP address of the router's intranet gateway, which can greatly increase the difficulty of the attack.
3. Binding MAC address: Enable the MAC address binding function on the home wireless router. Any device that accesses the network must pre-enter the bound MAC address, which can directly deny the probability of the attacker's device connecting to the network.
4. The security policy of wireless users in public places: Since in public places, all computers connected to the wireless network are logically in the same network, it is necessary to pay attention to the security of their own Internet devices. Mainly need to pay attention to:
â—Do not use unknown wireless signals. In public places, because wireless access devices can obtain all interactive information, unknown wireless networks must be used after identification;
â—Enable firewall, security software and disable network discovery functions to prevent others from using public networks to illegally access personal devices;
â—The default password and weak password need to be modified. Device administrators who surf the Internet need to use strong passwords and change them regularly to prevent the use of weak passwords to prevent illegal users from gaining administrator rights to invade our equipment;
In addition, there are some common operations that can be used, such as disabling the sharing function, installing anti-virus software, and visiting highly secure websites.
Outdoor Fixed LED Display is a popular product for its high quality, every year sold to at least 80,000 pieces around the world, including Europe, North America, southeast Asia.Compared to other indoor LED display in the market, its biggest advantage is that it can display high-definition images while maintaining low power consumption.Besides, it adopts Die casting aluminum cabinet which is ultra-thin and ultra-light and owns good heat dissipation.Easy to install and maintain and suitable for multiple indoor scenes.
Application:
* Business Organizations:
Supermarket, large-scale shopping malls, star-rated hotels, travel agencies
* Financial Organizations:
Banks, insurance companies, post offices, hospital, schools
* Public Places:
Subway, airports, stations, parks, exhibition halls, stadiums, museums, commercial buildings, meeting rooms
* Entertainments:
Movie theaters, clubs, stages.
Outdoor Fixed LED Display,Led Wall Display Screen,Curved Led Display Screen,Led Display Board
Guangzhou Chengwen Photoelectric Technology co.,ltd , https://www.cwleddisplay.com