Online warranty

Warranty policies
Search Products
Product category
Support Online
 

0906 613 677

0908.316.209

 
Web Link
News
  • banner
  • banner
  • banner
  • banner
  • banner
  • banner
Loading

Wi-Fi networks can be very safe if you know how to use reasonable security measures. Unfortunately, today's Internet is full of dangersWhat should and should not do to ensure security for wireless networks

Should not

1. Do not use WEPSecurity features WEP (Wired Equivalent Privacy) is a feature only "dead". Encryption of the basic features can be broken quickly and easily by hackers even "small hands". So the best you should not use WEP. If you are using this feature, please upgrade immediately WPA2 with 802.1X authentication authority.

2. Do not use WPA/WPA2-PSKShare security mode (PSK) WPA and WPA2 is not safe business environment. When using this mode, the admin will have to enter the lock code each customer. Therefore, PSK would need to be changed each time changes and network administrators the customer is lost or stolen keys. This is impractical and too costly.

3. Do not trust hidden SSID feature

A serious misunderstanding about wireless security features to disable broadcasting of the SSID AP will hide your network, or at least making it more difficult for the hacker to penetrate. However, this only removes the SSID from the AP warning. In fact they still exist in the 802.11 authentication request, and in certain circumstances, can still send probe request and response messages. Therefore, an eavesdropper can discover a hidden SSID "pretty quickly - especially on a busy network - only with a wireless device legal analysis. 

4. Do not trust MAC address filtering feature

Some misunderstandings about wireless security, which is the MAC address filtering feature adds an extra layer of security and control clients connected to the network. This may be partially true, but remember that a hacker can easily monitor the network to create features authorized MAC addresses and then change the MAC address of the computer.

So

1. Using appraisal rights 802.11i

The EAP (Extensible Authentication Protocol) of WPA and WPA2 use 802.1X authentication instead of right PSKs, giving each client individual login information: user name and password and / or technical certificate Digital. The actual encryption keys are regularly changed and exchanged internally in the system. So, to change or revoke user access all you have to do is modify the login credentials on a central server, instead of having to change each client's PSK. A single key access and protect users from eavesdropping and stealing information from hackers - it now becomes very easy with tools like the Firefox add-on Firesheep and the Android app DroidSheep. To enable 802.1X authentication, you need to have a RADIUS server / AAA. If you are running Windows Server 2008, you should consider using the Network Policy Server (NPS), or the Internet Authenticate Service (IAS) of earlier server versions. If you do not use Windows servers, consider using the open source FreeRADIUS server.

2. Installing security features 802.1X clientEAP mode of WPA/WPA2 is still vulnerable to attacks by hackers. However, you can prevent these attacks by installing the EAP settings of the client. For example, in the EAP settings of Windows, you can enable server certificate validation by selecting the CA certificate, specify the server address, and disable it that users trust the server New or CA certificates.You can also push the 802.1X settings on the field of customer participation through Group Policy or use a third party solution, such as Avenda Quick1X.

3. Using a system of wireless intrusion preventionUse an intrusion prevention system wireless security than the fight against hackers. For example, a hacker can set up rogue access points or conduct denial of service attacks. To help detect and combat these things, you should implement a system for wireless intrusion prevention (WIPS). The design and the approach WIPSs vary with different vendors, but they generally follow a certain sequence: tracking, alerting the user, and stop the fake AP appearance or malicious activity.

Currently on the market there are many security companies are offering WIPS solutions, such as AirMagnet and AirTight Networks. There are also open source options, such as Snort.

4. Deploying NAP or NAC802.11i and WIPS addition, you can also use the Network Access Protection (NAP) solution or network access control (NAC). These features may provide additional control of network access based on client identity and compliance with regulatory policies. It also includes functions can isolate the problem and remediation as soon as possible.If you are using Windows Server 2008 or later and Windows Vista, you can use the functionality of Microsoft NAP. If not, you might consider third-party solutions, such as open source PacketFence. 

5. Restrict SSIDs users can connect to your wifiMany network administrators often ignore the security risk is quite simple but dangerous: the user intentionally or accidentally connect to a nearby wireless networks or illegally opened their computers to can penetrate. However, filtering the SSIDs is one way to help prevent this. In Windows Vista and newer versions, you can use the netsh wlan commands to add filters to create the user can see the SSID and connect. For desktops, you could deny all SSIDs except the SSID of your wireless network. For laptops, you can just deny the SSIDs of neighboring networks, allowing them to remain connected to hotspots and their home networks. 

6. Safeguard the physical method for wireless network devicesKeep in mind that computer security is not just about technology and encryption. Safeguard the physical method for the wireless division also extremely important. Make sure that the AP is placed out of reach, such as on a high or a safe place and then place the antenna in an optimal position. If not secured, anyone can easily access and reset the default AP to open access.

Bookmark and Share

Other news:

 
Newsletter
  • Join our MailList system, you will receive the latest information on products, services and solutions, news, promotion and recruitment of companies Hop Thanh Thinh via email.
Cart

You have not ordered

 

Customer support

htktHow to order

htktTechnical Assistance

htktTechnical advice

htkt Pricing

htktDownload Driver

Advertisement

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner

banner