Six convenient wireless security tips

If the wireless network system does not take appropriate security measures, whether the wireless system is installed at home or in the office, it may cause serious security problems. In fact, some providers of Internet services for residential areas have already prohibited users from sharing Internet services with other unauthorized persons in their service agreements. An insecure wireless network may cause service loss or be used to launch attacks against other networks. To avoid similar wireless network security vulnerabilities, here we introduce six convenient wireless network security techniques.

Why close the network line?

The key to ensuring the security of wireless access points is to prohibit unauthorized users from accessing the network. In other words, the secure access point is closed to unauthorized users. Securing wireless networks is much more difficult than securing wired networks. Because the wired network has only a limited number of fixed access points, and the wireless network can be accessed from any point within the range allowed by the antenna.

Design the placement of the antenna

The first step in keeping the wireless access point closed is to place the antenna correctly to limit the amount of signal that can reach the antenna's effective range. Do not place the antenna near the window, because the glass cannot block the wireless signal. The ideal position of the antenna is the center of the target coverage area, and the signal leaking out of the wall is as little as possible. However, it is almost impossible to completely control the wireless signal, so other measures must be taken to ensure network security.

Use wireless encryption protocol

Wireless Encryption Protocol (WEP) is a standard method of information encryption on wireless networks. Despite its shortcomings, it is still useful to stop hackers. In order to make product installation simple and easy, many wireless device manufacturers set the factory configuration of their products to prohibit WEP mode. The biggest disadvantage of this is that data can be read directly from the wireless network, so hackers build from your wireless network From the beginning, you can immediately scan all kinds of information on the wireless network.

Change service set identifier and disable SSID broadcast

Service Set Identifier (SSID) is an identity identifier for wireless access, which users use to establish a connection with an access point. This identity identifier is set by the communication equipment manufacturer, and each manufacturer uses its own default value. For example, 3COM devices use "101". Therefore, a hacker who knows these identifiers can easily enjoy your wireless service without authorization. You need to set a unique and difficult to guess SSID for each of your wireless access points. If possible, you should also prohibit your SSID from broadcasting. In this way, your wireless network will not be able to attract more users through broadcasting. Of course, this does not mean that your network is unavailable, but that it will not appear in the list of available networks.

Disable Dynamic Host Configuration Protocol

This seems to be a strange security strategy, but for wireless networks, it makes sense. With this strategy, you will force hackers to crack your IP address, subnet mask, and other necessary TCP / IP parameters. Because even if a hacker can use your wireless access point, he must still know your IP address.

Disable or modify SNMP settings

If your wireless access point supports SNMP, then you need to disable it or modify the default public and private identifiers. If you do not do this, hackers will be able to use SNMP to obtain important information about your network.

Use access list

In order to better protect your network, set up an access list as much as possible. However, not all wireless access points support this feature. If you can do this, you can designate a machine to have access to the access point. Access points that support this feature sometimes use TFTP (Simple File Transfer Protocol) to periodically download and update access lists, thereby avoiding the huge management trouble of having to keep the lists on all devices synchronized.