Analysis of security threats and protective measures faced by wireless networks
Traditional wired networks are subject to design or environmental conditions. There are a series of problems in physics and logic. Especially when it comes to network mobility and re-layout, it cannot meet the needs of people for flexible networking. Terminal free networking requirements. Under this circumstance, the development of traditional computer networks from wired to wireless and from fixed to mobile has become inevitable, and wireless local area network technology has emerged. As a useful complement to wired networks, wireless networks are also facing a complete threat everywhere, especially when the security design of wireless networks is not perfect.
2 Security threats to wireless networksA security threat is a danger that a person, thing, or event poses to the confidentiality, integrity, availability, or legal use of a resource. Security threats can be divided into intentional and accidental, and intentional threats can be further divided into active and passive. Passive threats include listening to information only without modifying it. Proactive threats include intentional tampering with information. Wireless networks differ from wired networks only in terms of transmission methods. Security threats in all conventional wired networks also exist in wireless networks. Therefore, it is necessary to continue to strengthen conventional network security measures, but wireless networks are still more compatible with wired networks. There are some unique security threats because wireless networks are open physical systems that use radio frequency technology for network connectivity and transmission. In general, the threats to wireless networks are mainly manifested in the following aspects.
(1) Information playback: In the absence of sufficient security precautions, it is very vulnerable to man-in-the-middle spoofing attacks using illegal APs. For this type of attack, even protection measures such as VPN are difficult to avoid. The man-in-the-middle attack double-spoofs the authorized client and the AP to steal and tamper with the information.
(2) WEP cracking: Now there are some illegal programs on the Internet that can capture packets located in the coverage area of ​​the AP signal, collect enough WEP weak key encryption packets, and analyze them to restore WEP secrets. key. Depending on the speed of the machine listening to wireless communications and the number of wireless hosts transmitting signals within the WLAN, the WEP key can be broken in as little as two hours.
(3) Network eavesdropping: In general, most network communications occur in plaintext (non-encrypted) format, which allows attackers within the coverage of wireless signals to take advantage of the opportunity to monitor and crack (read) communications. . Since intruders do not need to physically connect eavesdropping or analytics devices to eavesdropped networks, this threat has become one of the biggest problems facing WLANs.
(4) Counterfeit attack: An entity pretends to be another entity to access the wireless network, a so-called counterfeit attack. This is the most common way to break into a security line. In a wireless network, there is no fixed physical link between the mobile station and the network control center and other mobile stations. The mobile station must transmit its identity information through the wireless channel. The identity information may be eavesdropped when transmitted in the wireless channel. When intercepting the identity information of a legitimate user, the user can use the identity of the user to invade the network. This is a so-called identity spoofing attack.
(5) MAC address spoofing: Data is obtained through the network eavesdropping tool, thereby further obtaining a static address pool that the AP allows communication, so that the sinister can use the MAC address masquerading and the like to reasonably access the network.
(6) Denial of service: An attacker may flood the AP and cause the AP to refuse service. This is the most serious attack. In addition, a node in the mobile mode is attacked, allowing it to continuously provide services or forward packets, so that its energy is exhausted and cannot continue to work. It is also commonly called energy consumption attack.
(7) Post-service repudiation: Post-service repudiation means that one of the parties to the transaction denies that they participated in the transaction after the transaction is completed. This threat is common in e-commerce.
3 Mechanisms and technical measures to ensure wireless network securityWhen it comes to the security design of wireless networks, it is usually necessary to consider and make relevant measures from the following security factors.
(1) Identity authentication: The authentication for the wireless network can be device-based and implemented by a shared WEP key. It can also be user-based and implemented using EAP. Wireless EAP authentication can be implemented in a variety of ways, such as EAP-TLS, EAP-TTLS, LEAP, and PEAP. In wireless networks, both device authentication and user authentication should be implemented to ensure the most effective network security. User authentication information should be transmitted through a secure tunnel to ensure that the user authentication information exchange is encrypted. Therefore, for all network environments, if the device supports it, it is best to use EAP-TTLS or PEAP.
(2) Access Control: Access control for users connected to the wireless network is mainly implemented by the AAA server. This approach provides better scalability. Some access control servers provide machine authentication on 802.1x secure ports. In this environment, ports can only be made after the user successfully identifies the port specified by 802.1x. access. In addition, you can also use SSID and MAC address filtering. The Service Set Identifier (SSID) is the identification string used by current wireless access points. This identifier is generally set by the device manufacturer. Each identifier uses a default phrase, such as 101, which is the identifier of the 3COM device. If the hacker knows the passphrase, it is easy to use the wireless service even without authorization. For each wireless access point that is set up, you should choose a unique and difficult to guess SSID and prohibit the broadcast of this identifier to the outside through the antenna. Since each wireless workstation's network card has a unique physical address, the user can set an access point, maintain a list of allowed MAC addresses, and implement physical address filtering. This requires that the MAC address list in the AP must be updated at any time, the scalability is poor, and the machine cannot roam between different APs; and the MAC address can theoretically be forged, so this is also a lower level of authorization authentication. But it is an ideal way to prevent illegal access to the wireless network, which can effectively protect the network security.
ZGAR Accessories
ZGAR electronic cigarette uses high-tech R&D, food grade disposable pod device and high-quality raw material. All package designs are Original IP. Our designer team is from Hong Kong. We have very high requirements for product quality, flavors taste and packaging design. The E-liquid is imported, materials are food grade, and assembly plant is medical-grade dust-free workshops.
Our products include disposable e-cigarettes, rechargeable e-cigarettes, rechargreable disposable vape pen, and various of flavors of cigarette cartridges. From 600puffs to 5000puffs, ZGAR bar Disposable offer high-tech R&D, E-cigarette improves battery capacity, We offer various of flavors and support customization. And printing designs can be customized. We have our own professional team and competitive quotations for any OEM or ODM works.
We supply OEM rechargeable disposable vape pen,OEM disposable electronic cigarette,ODM disposable vape pen,ODM disposable electronic cigarette,OEM/ODM vape pen e-cigarette,OEM/ODM atomizer device.
Disposable Pod Vape,Disposable Vape Pen,Disposable E-Cigarette,Electronic Cigarette,OEM vape pen,OEM electronic cigarette.
ZGAR INTERNATIONAL(HK)CO., LIMITED , https://www.szdisposable-vape.com