Using wireless encryption protocol
Wireless Encryption Protocol (WEP) is a standard method for information encryption on wireless networks. Almost all wireless routers produced now provide users with the choice of encrypted data. Proper use of this function can prevent the detailed information of its bank account (including password, etc. ) to avoid being intercepted by people with ulterior motives. However, it should be noted that Wi-Fi protected access technology (WPA and WPA2) is more robust than WEP protocol, so it plays a greater role in ensuring the security of wireless communication.
Use MAC address filtering
Under normal circumstances, both wireless routers and access points have the ability to prevent unknown wireless devices from connecting to the network. This function is realized by comparing the MAC address of the device trying to connect to the router with the MAC address of the device saved by the router. Unfortunately, however, this function is usually turned off when the router leaves the factory, because it requires some efforts from the user to make it work normally, otherwise it will not be able to connect to the network. Therefore, by enabling this function, only telling the MAC address of the router unit or home wireless device can prevent others from stealing their own Internet connection, thus improving security.
But don't rely entirely on this measure. It can also be said that using MAC address filtering is not a life-saving medicine for hackers who are determined to clone MAC addresses and try to connect to users' wireless networks, but you really should adopt this measure to reduce network risks.
Set the security password
It is very important to set the password for wireless Internet access. Choosing a strong password is helpful to the security of the wireless network, but don't use the default password that comes with the wireless router, and don't use words that are easy to find in the dictionary or the birthdays of family members as passwords.
Turn off the network when not in use.
If the user's wireless network does not need to provide service 24 hours a week, it can be turned off to reduce the chance of being used by hackers. Although many enterprises cannot do without the Internet, it may be unrealistic to put this suggestion into practice. But one of the most important measures to improve the security of the system is to shut it down directly. Because no one can access a service that does not exist or is not open.
Monitor network intruders
Users should always monitor network activities and ensure that their trends are tracked. The more users, especially administrators, know about malicious hacking, the easier it is to find countermeasures. Network administrators should collect logs about scanning and access attempts, and use a large number of existing statistical generation tools to turn these logs into more useful information. You should also set up a log server so that it can send warnings or emails to administrators when it finds malicious activities. In my opinion, knowing the danger is half the battle.
Change the service set identifier and prohibit SSID broadcasting.
Service Set Identifier (SSID) is the identity identifier of wireless access, which users use to establish a connection with the access point. This identity identifier is set by communication equipment manufacturers, and each manufacturer uses its own default value. For example, 3COM devices all use "10 1". Therefore, hackers who know these identifiers can easily enjoy your wireless service without authorization. You need to set a unique and hard-to-guess SSID for each wireless access point.
If possible, you should also prohibit broadcasting your SSID to the outside world. In this way, your wireless network will not be able to attract more users through broadcasting. Of course, this does not mean that your network is unavailable, but it will not appear in the list of available networks.
Internet access is only allowed at certain times.
Some of the latest wireless routers produced now allow users to access the Internet at certain times of the day. For example, you don't need to surf the Internet from 8: 00 am to 6: 00 pm from Monday to Friday, just turn on the router settings and disable access during these hours!
If the wireless network system does not take appropriate security measures, whether the wireless system is installed at home or in the office, it may cause serious security problems. In fact, some residential Internet service providers have prohibited users from sharing network services with other unauthorized people in their service agreements. Unsafe wireless networks may cause service loss or be used to attack other networks. In order to avoid some similar wireless network security vulnerabilities, here we introduce several convenient wireless network security skills.
Using wireless encryption protocol
Wireless Encryption Protocol (WEP) is a standard method for information encryption on wireless networks. Almost all wireless routers produced now provide users with the choice of encrypted data. Proper use of this function can prevent the detailed information of its bank account (including password, etc. ) to avoid being intercepted by people with ulterior motives. However, it should be noted that Wi-Fi protected access technology (WPA and WPA2) is more robust than WEP protocol, so it plays a greater role in ensuring the security of wireless communication.
Use MAC address filtering
Under normal circumstances, both wireless routers and access points have the ability to prevent unknown wireless devices from connecting to the network. This function is realized by comparing the MAC address of the device trying to connect to the router with the MAC address of the device saved by the router. Unfortunately, however, this function is usually turned off when the router leaves the factory, because it requires some efforts from the user to make it work normally, otherwise it will not be able to connect to the network. Therefore, by enabling this function, only telling the MAC address of the router unit or home wireless device can prevent others from stealing their own Internet connection, thus improving security.
But don't rely entirely on this measure. It can also be said that using MAC address filtering is not a life-saving medicine for hackers who are determined to clone MAC addresses and try to connect to users' wireless networks, but you really should adopt this measure to reduce network risks.
Set the security password
It is very important to set the password for wireless Internet access. Choosing a strong password is helpful to the security of the wireless network, but don't use the default password that comes with the wireless router, and don't use words that are easy to find in the dictionary or the birthdays of family members as passwords.
Turn off the network when not in use.
If the user's wireless network does not need to provide service 24 hours a week, it can be turned off to reduce the chance of being used by hackers. Although many enterprises cannot do without the Internet, it may be unrealistic to put this suggestion into practice. But one of the most important measures to improve the security of the system is to shut it down directly. Because no one can access a service that does not exist or is not open.
Monitor network intruders
Users should always monitor network activities and ensure that their trends are tracked. The more users, especially administrators, know about malicious hacking, the easier it is to find countermeasures. Network administrators should collect logs about scanning and access attempts, and use a large number of existing statistical generation tools to turn these logs into more useful information. You should also set up a log server so that it can send warnings or emails to administrators when it finds malicious activities. In my opinion, knowing the danger is half the battle.
Change the service set identifier and prohibit SSID broadcasting.
Service Set Identifier (SSID) is the identity identifier of wireless access, which users use to establish a connection with the access point. This identity identifier is set by communication equipment manufacturers, and each manufacturer uses its own default value. For example, 3COM devices all use "10 1". Therefore, hackers who know these identifiers can easily enjoy your wireless service without authorization. You need to set a unique and hard-to-guess SSID for each wireless access point.
If possible, you should also prohibit broadcasting your SSID to the outside world. In this way, your wireless network will not be able to attract more users through broadcasting. Of course, this does not mean that your network is unavailable, but it will not appear in the list of available networks.
Internet access is only allowed at certain times.
Some of the latest wireless routers produced now allow users to access the Internet at certain times of the day. For example, you don't need to surf the Internet from 8: 00 am to 6: 00 pm from Monday to Friday, just turn on the router settings and disable access during these hours!
Disable dynamic host configuration protocol
This seems to be a strange security strategy, but it makes sense for wireless networks. With this strategy, you will force hackers to delete your IP address, subnet mask and other necessary TCP/IP parameters. Because even if a hacker can use your wireless access point, he still needs to know your IP address.
Disable or modify SNMP settings
If your wireless access point supports SNMP, you need to disable it or modify the default public and private identifiers. If you don't do this, hackers will be able to use SNMP to get important information about your network. But for wireless networks, it makes sense. With this strategy, you will force hackers to delete your IP address, subnet mask and other necessary TCP/IP parameters. Because even if a hacker can use your wireless access point, he still needs to know your IP address.
Disable or modify SNMP settings
If your wireless access point supports SNMP, you need to disable it or modify the default public and private identifiers. If you don't do this, hackers will be able to use SNMP to get important information about your network.