Windows XP wireless network security solution

  
        

The early wireless network has not been widely used due to its own particularity and expensive equipment. Therefore, wireless network security has not attracted much attention. With the price of wireless network equipment in recent years, After falling and falling, it finally fell to the point that most people can accept. The configuration of a wireless network does not need to have the advanced engineer technology. In Win XP, you only need to click the mouse a few times in the wizard. It takes less than a few minutes. A wireless network can be built, and simplicity is synonymous with insecurity. Therefore, the security of wireless networks is becoming more and more concerned.

At present, the main risks of wireless networks are reflected in service theft, data theft, data corruption, and interference with normal services. These are also present in XP wireless networks. To avoid the threat of security risks, we will analyze them one by one.

It should still be the above sentence: "Simple is synonymous with insecurity", the biggest factor of XP's wireless security risk is precisely the most easy-to-use function from XP - "Wireless zero configuration" ”(WIRELESS? ZERO? CONFIGURATION), since the access point can automatically send and receive signals, once the XP client enters the coverage of the wireless network signal, it can automatically establish a connection if it enters the signal coverage of multiple wireless networks. The system can automatically contact the nearest access point and automatically configure the network card to connect. After the completion, the SSID of the established connection will appear in the "Available Network", because many manufacturers use the half-Mac address of the network card to be named by default. SSID, therefore, makes the SSID default name speculative, after the attacker knows the default name, at least the network connected to the access point is a breeze.

There are three main measures:

1. Enable the non-broadcast function of the wireless device, and do not spread the SSID.

This function needs to be found in the options of the hardware device. When it is enabled, it will close the network.

The person who wants to connect to the network at this time must provide an accurate network name instead of the XP system. Network name.

2. Use an irregular network name and disable the default name.

If you don't broadcast, the attacker can still connect to the network by guessing the network name, so it is necessary to change the default name.

The irregularities here can learn from the password setting skills, and do not set the network name with sensitive information.

3. Client Mac Address Filtering

Setting only the client with the specified Mac can connect to the access point, and the linker can be further checked.

The above three methods are only the primary settings of XP wireless security. Don't expect to set aside these three steps, you can sit back and relax. From the current security settings, although you can guard against some wireless attacks, However, since no encryption is applied to the data in the transmission, as long as the attacker uses some specific wireless LAN tools, it can capture various data packets in the air, and through the content analysis of these data packets, The various information, including the SSID and Mac address, so the first three methods are ineffective for this kind of attack. The next step we face is the encryption problem of wireless transmission---WEP.

This is a very controversial topic. Therefore, in order to avoid getting into the misunderstanding, we will not explain the strengths and weaknesses of this issue in detail, only one sentence: "WEP provides wireless LAN. From data security, integrity to data source authenticity, comprehensive security, but WEP keys are easily accessible to attackers." Although the current manufacturers have strengthened this, Microsoft has released related upgrade packages (KB826942, support.microsoft.com/default.ASPx?scid=kb;zh-cn;826942), but this problem cannot be fundamentally solved. .

WEP runs on the access point. If we enable WEP on 2000, we must use the shared key provided by the client software. If it is XP, it will not be needed, and the system will be in the first place. When the secondary access is enabled for WEP, the following configuration can be continued after entering the key:

1. Open “Network Connection” and click the properties of the wireless network card.

2, select "Preferred Network", select or add an entry, and then click Properties.

3. After opening the "Wireless Network Properties", do the following:

1) Modify the "Network Name"

2) Tick "Data Encryption (WEP)"

3) Tick "Network Authentication"

4) Select the "Key Format" (ASCII or Hex) and "Key Length" of the matching access point (40) Or

104).

5) You need to enter the correct "network key"

6) Do not select "Automatically select key".

4, save off.

OK, the settings for WEP under XP are basically completed, but for the wireless network to be more stable,

we will look at other security measures that need attention:

1. As much as possible, the network contains an authentication server.

Configure the network to all connection requests must first pass the verification of the authentication server,

will greatly improve the security of the wireless network.

2, modify the WEP key once a month

Because WEP has a record defect, it is best to modify the WEP key every once in a while.

3. Avoid interconnection between wired and wireless networks.

The wireless network should be independent. To avoid mutual involvement and avoid increasing security risks, separate the wired and wireless networks, at least between the two.

4. Establish VPN Authentication

Add a VPN server between the access point and the network, so that the attacker may be able to connect to the access point, but only the dead crab. Only, can't enter the network, can't make any damage to the network.

5, regular maintenance

Maintenance is to check the network and audit logs,

Check the network can use some scanning tools to attack the wireless network,

Netstumbler (.netstumbler.com/">www.Netstumbler.com)

Kismet www.kismetwireless.Net

The focus of the review log is to review account login events.

Finally, check the check list of Ed Bott's wireless network:

1, set a strong password for the access point.

2, disable the remote management function of the access point.

3. The firmware of the wireless network device (FirmWare) is kept up to date.

4. Modify the default name of the network name of the access point.

5. Use Mac filter control

6, enable WEP and set a strong password.



Copyright © Windows knowledge All Rights Reserved