Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Wi-Fi security with advanced techniques
If you conduct a search on Wi-Fi security on Google, then surely what you get will be: Do not use WEP but use WPA or WPA2, disable SSID broadcasting, instead Change the default settings, . These are very basic problems, in Wi-Fi security. However, in this article, we will ignore those basic methods and introduce you to advanced techniques to increase the security of your wireless network.
1. Switch to enterprise encryption - Enterprise
If you have created a WPA or WPA2 encryption key of any type and have to enter this key when connecting to a wireless network, you will only be using Personal mode or Pre-shared key (PSK) of Wi- Fi Protected Access (WPA). Enterprise networks - large or small - still need to be protected with Enterprise mode, which adds 802.1X / EAP authentication to the wireless connection process. Instead of entering the encryption key on all computers, users will log in with their name and password. Encryption keys are securely provided in the background and unique to each user as well as each session.
This method allows centralized and comprehensive management of Wi-Fi network security.
Instead of loading encryption keys into computers where employees and other users can discover them, each user will log into the network with his own account when using the Enterprise mode. You can easily change or revoke access if needed. This method is especially useful when employees leave the company or the laptop is stolen. If you use Personal mode, you will have to manually change the encryption keys on all computers and access points (APs).
A special component of the Enterprise mode is the RADIUS / AAA server. This server will communicate with APs on the network and look up user databases. Consider using Internet Authentication Service (IAS) of Windows Server 2003 or Network Policy Server (NPS) of Windows Sever 2008.
2. Physical security verification
Security for a wireless system is not merely technical work. You can get the best Wi-Fi encryption technology, but someone can still access your network using an ethernet port. Or someone can enter your company or home and press the access point reset button and restore the factory default settings and to fully open your wireless network.
Make sure all your APs are out of reach for people who are not needed and out of sight for employees in the company. Instead of placing APs on a table, attaching it to a wall or ceiling is the best way.
You might consider attaching out-of-sight APs and installing extra antennas to increase the AP's transceiver signal. This method allows you to secure the AP while still providing good wireless signals through high gain gain antennas.
However, it is not only APs that you need to care about. All network components need to be properly protected, even ethernet cables. Hackers can cut off your ethernet cable and access your network that way.
Along with mounting and protecting APs, you also need to closely check your APs. Create a spreadsheet to record the AP models used with IP and MAC addresses. Add to that the place to put them. This way helps you know exactly where to place the AP when performing checks or checking a problematic AP.
3. Install intrusion detection and prevention system (IDS / IPS)
These systems often have a software program to use your wireless adapter to detect whether Wi-Fi signals have any problems. They can detect fake APs, a new AP that appears on the network or an existing AP that is reset to default settings or doesn't match a set of standards you've defined.
These systems can also analyze network packets to see if someone may be using hacking or jamming techniques.
There are many different intrusion detection and prevention systems and use many different techniques. You can use free or open source options to talk about like Kismet and Snort. Besides, there are many commercial products of other companies like AirMagnet, AirDefense and AirTight.
4. Create policies to use wireless networks
Along with the instructions for using the computer, you need to have a special set of policies for accessing Wi-Fi networks, at least those policies must be the same as those listed below:
- List of appraised devices with wireless access : This is the best way to deny all devices and allow desired devices using MAC address filtering on your network router. . Although MAC addresses can be spoofed, this method still provides some degree of control over the devices that your employees are using on the network. You need to keep one copy containing all the authorized devices and their details for comparison when checking the network and entering intrusion detection systems.
- List of authorized individuals to access Wi-Fi network . This list can be adjusted when using 802.1X authentication (WPA / WPA2-Enterprise) by creating accounts in the RADIUS server for those who need Wi-Fi access. If 802.1X authentication is also being used on the wired network, you can specify the user to receive wired or wireless access by changing Active Directory or using authentication policies on the RADIUS server itself. .
- Rules for setting up wireless routers or AP : For example, only the IT department has the right to set up additional APs so employees cannot bring APs from their homes and plug into the network to expand the signal range . An internal rule for the IT department is to be able to define device models and configurations that can be used.
- Rules are used on Wi-Fi hotspots or connected to home networks with corporate devices. Because data on a device or laptop can be compromised and Internet actions can be checked on unsecured wireless networks, you can restrict Wi-Fi connections only to corporate networks. This problem can be controlled by placing additional network filters with the Network Shell utility (netsh) in Windows. Alternatively, you can request a VPN connection for the corporate network to protect Internet activity and remote access files.
5. Use SSL or IPsec above Wi-Fi encryption
Although you may be using the latest Wi-Fi encryption (on layer 2 of the OSI model), you still need to consider implementing another security mechanism, such as IPSec (on layer 3 of the model). for OSI). In addition to providing double encryption on wireless systems, it can also protect wired connections. This method will prevent eavesdropping from the staff or bad guys outside penetrating the ethernet port.
Jessica TannerYou should read it
- How to create security questions nobody can guess
- What you need to know about an information security analyst
- Learn about terminal security (endpoint security)
- Awareness and experience - the most important factor in every network security process
- IBM developed a new technology to patch security holes
- The basic steps in dealing with network security issues that you need to understand
- Top 5 trends in endpoint security for 2018
- 7 mistakes make Internet security at risk
May be interested
- 7 advanced Windows protection strategies
if you're concerned about security, this guide will show you some advanced windows defender features that will secure your pc. - Advanced Subnet Calculator - Download Advanced Subnet Calculator here.advanced subnet calculator is a program that helps ensure that your ip addresses do not conflict with each other and saves time managing dhcp, dns and ip addresses.
- Instructions for removing fake Antimalware security softwarethis is one of the most dangerous variants of the winisoft series, and is also a copy of the system veteran malicious application.
- Link Download Advanced English Dictionary 4.1.0.1advanced english dictionary is a new way to discover the meaning of unknown words. with over 4.9 million words, phrases and definitions, including countless new words, sample sentences and usage notes, advanced english dictionary makes finding the exact meaning of a word easier than ever. .
- How to change advanced settings hidden in the browserthe browser has many settings, the option is hidden. each browser has a place where you can change many advanced settings, not in your standard options window.
- Instructions for removing fake Internet Security 2010 softwareinternet security 2010 - aka is2010, is one of the members of the 'family' of advanced virus remover fake security software
- How to use WhatsApp's new advanced search featurerecently, the whatsapp messaging platform has added dark mode. however, there is another quite convenient feature that users do not know. it is advanced search (advanced search).
- 6 months copyright reader IObit Advanced SystemCare PRO 12tipsmake.com will give you 6 free copyright months of iobit advanced systemcare pro 12. please scroll down to the end of the article to get your advanced systemcare pro 12 key.
- Wireless LAN security (Term 3)when wireless lans are widely deployed and we know a lot about its benefits, it is also very difficult to go with it. this article only mentioned and discussed some basic techniques for security h
- How to Be Good at Artart is part craft, part creativity, and part business. to become a better artist, you need to both connect yourself to experts who can teach you advanced techniques, develop an original style, and figure out how to make the money necessary...
Computer security
- Deploying IPsec Server and Domain Isolation with Windows Server 2008 Group Policy - Part 4
- Configure Hyper-V security using Authorization Manager - Part 2
- Update Adobe Reader against zero-day errors
- Keep it private on Facebook in 7 steps
- Prevent 11 types of hard-to-detect security crimes
- Configure advanced IE settings with Group Policy
Deploying IPsec Server and Domain Isolation with Windows Server 2008 Group Policy - Part 4
Configure Hyper-V security using Authorization Manager - Part 2
Update Adobe Reader against zero-day errors
Keep it private on Facebook in 7 steps
Prevent 11 types of hard-to-detect security crimes
Configure advanced IE settings with Group Policy