The reasonable protection of wireless access points is to isolate wireless networks from outsiders with unauthorized use services. It is often difficult to say that it is easy to do. In terms of security, wireless networks are usually more difficult than fixed wired networks because the fixed physical access point of wired network is limited, and wireless networks can be used in any point in the antenna radiation range. Although there is difficulties in itself, rationally protecting wireless network systems is the key to protecting systems to avoid serious security issues. In order to maximize these security vulnerabilities, it is necessary to ensure that network people take six measures to protect wireless networks.
Planning antenna placement
To deploy a closed wireless access point, the first step is to reasonably place an antenna of the access point so that the transmission distance other than the overlay area can be restricted. Don't put the antennas near the window because the glass cannot block the signal. You'd better put the antenna in the center of the area that needs to be covered, minimizing signal disclosure to the wall. Of course, the full control signal leak is almost impossible, so other measures are needed.
Use WEP
The Wireless Encryption Protocol (WEP) is a standard method for encrypting traffic on the wireless network. Despite significant defects, WEP still helps obstruct occasional hackers. Many wireless access vendors turn off the WEP functionality when they are delivered to facilitate the installation of products. But once this is used, hackers can immediately access traffic on the wireless network, because the data can be read directly by using the wireless sniffer.
Change SSID and ban SSID broadcast
The Service Set Identifier (SSID) is the identifier string used by the wireless access point, and the client can use it to establish a connection. This identifier is set by the device manufacturer, each identifier uses the default phrase, such as the identifier of the 3com device, such as 101. If the hacker knows this password phrase, it is easy to use your wireless service even if it is unauthorized. For each wireless access point for deployment, you have to choose a unique and difficult SSID. If possible, the identifier is forbidden to broadcast the identifier through the antenna. This network is still available, but does not appear on the list of available networks.
Disable DHCP
This is very meaningful for wireless networks. If this measures are taken, hackers have to decide your IP address, subnet mask, and other desired TCP / IP parameters. Regardless of how hackers use your access point, he still needs to figure out the IP address.
Disable or change SNMP settings
If your access point supports SNMP, it is or disabled, either change the public and dedicated shared strings. If this measures are not taken, hackers can use SNMP to get important information about your network.
Use access list
To further protect the wireless network, use access list if possible. Not all wireless access points support this feature, but if your network support, you can specify which machines allow which machines are allowed to connect to the access point. Access points supporting this feature sometimes uses normal file transfer protocols (TFTP) to periodically download updated lists to avoid tricky issues that administrators must synchronize these lists on each device.
