Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Wireless network traffic security - Part 4
Network Administration - In the next part of this article series, I will show you some of the security mechanisms available in wireless hardware.
In the previous article of this series, I talked about the importance of the SSID of a wireless access point, besides MAC address filtering. In this section, we will introduce some of the security features that are usually included in wireless access points. Here is a point to note that not all wireless access points have the features introduced here.
Encode
When it comes to securing wireless networks, a security feature seems to attract the most attention, encryption. It is for this reason that we want to start by providing you with some basic information about some general encryption options. Note here that we only introduce encryption mechanisms available in wireless hardware, OS-level encryption features will be introduced in the following sections.
No coding
In the first part of this series, we asked a question about what happens if the wireless network is not encrypted. The reason we ask this question is because in most access points, the configuration of connections is usually set to the unencrypted state by default.
If you're going to use OS-level encryption such as IPSec or if you will use an access point to provide public Wi-Fi access, not encrypting or encrypting is not a problem. However, in other cases, using one of the encryption options introduced below will be better for your network.
WEP
WEP (Wired Equivalent Privacy) is the first encryption algorithm of wireless networks. Today, most wireless access points still provide this WEP encryption mechanism, but their purpose is only to solve some compatibility issues. WEP encryption has shown many shortcomings in recent years and is currently considered unsafe.
WPA-PSK [TKIP]
WPA (Wi-Fi Protected Access) is designed as a mechanism to overcome the shortcomings of WEP. There are several formats of WPA, but the most well known is WPA-PSK, which uses pre-shared key encryption.
Some other WPA formats use a protocol called TKIP, which is the abbreviated name for the Temporal Key Integrity Protocol. TKIP will generate a 128-bit key for each data packet.
WPA2-PSK
WPA2-PSK is the next version of WPA. Although still using pre-shared keys, WPA2 replaced the TKIP encryption protocol with CCMP to enhance security. CCMP is based on the Advanced Encryption Standard (AES) algorithm using 10 encryption ciphers to generate 128-bit keys. WPA2 is currently the preferred encryption mechanism.
Other issues to pay attention to
Although encryption is a key security mechanism on any wireless access point, there is one important point we need to remember here that encryption will not secure the wireless network security. Comprehensive security can only be achieved by implementing deep defense, which also means that we must take full advantage of the existing security mechanisms. We will introduce some other security mechanisms available in some access points.
Record
Many access points have the ability to record what happens. For example, the access point we use has a logging mechanism, which allows creating log entries every time a connection is made. More importantly, the access point allows you to know where the connection originates (wired network, wireless network or Internet), the IP address of the device that wants to make the connection, the number of connection ports made through there.
The logs on our access point also allow tracing to logins that want to access the access point administrative interface. This feature allows us to easily detect non-authenticated access attempts.
Black list
Some access points have different blacklist types. For example, many access points provide this list so that users can use it for blocking access to certain websites. Although this feature is designed to block access to incompatible content, you can also use the blacklist as a way to prevent accidental access to websites that contain malicious code. In fact, there are many websites that provide a list of malicious sites and it is possible to use such a list in combination with the access point's blacklist feature to reduce user access errors. site like that.
Easy blacklist cannot solve all via URL. Some access points also allow users to make black lists through ports and services. For example, if the company's privacy policy restricts the use of e-mail software, you can use the access point blacklist to block instant messaging traffic. This way, even if the user can install instant messaging client software to the workstation, the client is useless.
If you decide to use a blacklist to prevent certain types of traffic from passing through your network, it is best to use both the port list and the list of services if available.
Warning
Some more advanced wireless access points also have warning mechanisms. When used, this mechanism will be a valuable asset for securing your wireless network.
The basic idea behind the warning is that users can define certain conditions that they want to know. These conditions can be any. For example, you might want to know when a user tries to access a website that is blocked or you might want to know when someone tries to log into the administration interface. Some wireless access points can even be configured to alert an administrator if someone tries to connect to an access point outside of the official business hours of the business.
Once you have defined the conditions for creating an alert, you must manually configure your alert. The warning options in each wireless access point are very different, but in general you can configure the access point so that it can email you when an event occurs.
Wireless signal
Another aspect of wireless security that we want to cover here is related to the signal generated by the access point. Some access points allow users to adjust signal strength. If your access point has such a feature, what you should do is reduce the signal strength so that it only covers a certain area you need.
Controlling the wireless signal so that its coverage does not extend beyond the periphery of the company is an essential action. This method will make your network safer from unfriendly eyes of someone on the street.
Conclude
So far, we've introduced some of the security aspects that come with wireless hardware. However, the security issue is not only in hardware but also has many useful features in Windows operating system. In the next part of the series, we will introduce you to those features.
Micah SotoYou should read it
May be interested
- Learn about Wireless Sensor Network (WSN)
wireless sensor network (wsn) is an infrastructure-free wireless network that is deployed with a large number of wireless sensors in a special way that is used to monitor the system, physical condition or the environment. - Wireless LAN securitywhen wireless lans are widely deployed and we know a lot about its benefits, it is also very difficult to go with it. in this article, we only mention and discuss some basic techniques for system security
- DD-WRT Guide - Part 3: Building a Wireless Bridgenetwork connectivity is emerging more and more in non-traditional electronic devices, including digital music players, digital cameras, printers ...
- Wireless LAN security (Term 2)a wireless lan consists of three parts: wireless client, access points and access server. the typical wireless client is a laptop with a wireless nic (network interface card) installed to allow access to the wireless network. access points (ap) provide three
- Tricks to improve wifi network securitythe more developed the use of wifi network, the more problems arise, the unsafe wifi security affects the access speed. so how to improve the absolute security of home wireless network.
- What is Network TAP? How does it help secure the system?a network tap is a hardware device that you place in a network, especially between two connected devices of a network (such as a switch, router, or firewall) to monitor network traffic.
- Upgrade Wi-Fi security from WEP to WPA2we already know that wep security is very easy to crack, this security technology only protects your wireless network from ordinary users. also, for hackers, even new hackers can download free tools and follow some instructions to crack your wep key.
- How to fix a wireless network - Part 1in the first part of this series, we will give you some basic knowledge about wlan, then introduce some common symptoms and possible causes.
- Instructions for use and security of Wifi networkwireless networks are one of the great inventions of the 21st century. instead of using cables to connect computers and devices together, you can now use radio waves to connect. this technology has been widely known as 'wifi'. once set up correctly, wifi will not encounter any problems.
- What is Deep Packet Inspection (DPI)? How does it work and how does it work in network security?deep packet inspection is a method of checking and managing advanced network traffic
LAN - WAN
- Wireless network traffic security - Part 5
- Wireless network traffic security - Part 6
- Single sign-on VPN with Windows 7
- Instructions for setting up a VPN site to site model on Cisco ASA systems
- Deploy WPA2-Enterprise wireless security in small businesses
- Configure Cisco ASA system with Android, VPN and Active Directory Authentication devices
Wireless network traffic security - Part 5
Wireless network traffic security - Part 6
Single sign-on VPN with Windows 7
Instructions for setting up a VPN site to site model on Cisco ASA systems
Deploy WPA2-Enterprise wireless security in small businesses
Configure Cisco ASA system with Android, VPN and Active Directory Authentication devices