Hello everyone,
Today I will share with you the WLAN security strategy.
In order to ensure the security of the WLAN system, the following requirements need to be met:
1. Confidentiality: This is the most basic requirement of the security system. It can provide data, voice, address, and other confidentiality. Different users, unused business, and data have different security level requirements.
2. Legitimacy: Only those users who are identified as legitimate and authorized can receive the corresponding services. This requires user identification and authentication
3. Data Integrity: The protocol should guarantee the integrity of user data and identify the source of data.
4. Non-repudiation: The sender of data can not deny the message he sent, otherwise it is considered illegal.
5. Access control: The IP and MAC of STA should be maintained at the access end, and the controller should be accessed.
a. Link Authentication
Open System Authentication
Open system authentication is the default authentication mechanism and the simplest authentication algorithm, namely no authentication. If the authentication type is set to open system authentication, all clients requesting authentication will pass the authentication.
Shared key authentication
Shared key authentication is another authentication mechanism besides open system authentication. Shared key authentication requires wireless clients and devices to configure the same shared key.
b. User Access Authentication
PSK authentication
PSK authentication needs to configure the same pre-shared key on the wireless client and device. If the key is the same, PSK access authentication will succeed; if the key is different, PSK access authentication will fail.
802.1x protocol is a port-based network access control protocol. "Port-based network access control" refers to the authentication and control of user equipment at the port level of WLAN access equipment. If the user equipment connected to the port can be authenticated, it can access the resources in WLAN; if it can not be authenticated, it can not access the resources in WLAN.
MAC Access Authentication
MAC address authentication is an authentication method based on port and MAC address to control users' network access rights. It does not require users to install any client software. After the device detects the user's MAC address for the first time, it starts the authentication operation for the user.
c. Encryption algorithm
·RC4
·AES
security policy | Link authentication | Access authentication | encryption algorithm | Usage scenarios | remark |
WEP-open | open system | It has no access certification, supporting Portal certification, or MAC certification. | Not encrypted or RC4 | Public places such as airports, stations, business centers, and conference venues with high user mobility. | It is not safe to use it alone. Any wireless terminal can access the network. It is recommended to configure Portal authentication or MAC authentication at the same time. |
WEP-share-key | Shared Key Authentication | Not involve | RC4 | Network with Lower Security Requirements | WEP is not recommended because of its low security. |
WPA/WPA2-PSK | open system | PSK | TKIP/AES | Home users or small and medium-sized enterprise networks. | Security is higher than WEP-shared key authentication, no third-party server is needed, and the cost is low. |
WPA/WPA2-802.1X | open system | 802.1X | TKIP/AES | Large-scale enterprise network with high-security requirements. | High security, but the need for third-party servers, high cost. |
WAPI-PSK | open system | PSK | SMS4 | Home users or small and medium-sized enterprise networks. | Security is higher than WEP-shared key authentication, no third-party server is needed, and the cost is low. Only part of the terminals support the protocol and have few applications. |
WAPI-certificate | open system | Certificate authentication | SMS4 | Large-scale enterprise network with high-security requirements. | High security, need a third-party server, high cost. Only part of the terminals support the protocol and have few applications. |
That is all I want to share with you! Thank you!
