Regarding the privacy issue of the WLAN network, the security on the management level is mainly divided into two parts, one part is fake AP phishing websites, and the second part is device login security. Nikbakhsh et al. proposed a method based on a tracking algorithm to detect fake APs by tracking routes to determine whether there are fake APs.
By comparing whether the route tracking information of two APs with the same information in the area is the same, it can be judged whether the area False APs exist. When it is detected that there are two APs in the area with different routing tracking information, it can be judged that there is a fake AP.
At this time, the background administrator will receive an early warning. When configuring the network switch, save the device parameters such as the MAC address and SSID of the legal AP in the database; when receiving the device warning, compare the corresponding device parameters with the previously saved information to realize the detection of fake APs.
Regarding security at the device login level, Portal authentication (also known as Web authentication) is currently the mainstream. On the control plane, identity authentication and personalized information services can be provided to users in the form of web pages.
The user can actively visit the known Portal authentication website, and enter the user name and password for Portal authentication to authenticate the device. This method of actively performing Portal authentication from the beginning is called active authentication. In analogy, if a user tries to access other extranets through HTTP, no matter what website will be forced to visit the Portal authentication website, and passively start the Portal authentication process.
Before the Portal server establishes a reliable connection with the access device, the Portal server will check with the access device that the key sent by the Portal corresponds to the REQ_CHALLENGE message.
After the Portal key is verified, the Portal server sends the terminal online request message REQ_AUTH to the access device. A complete exchange of information between the server and the access device, confirms the identity and maintains connectivity.
Compared with traditional inspection methods, the portal authentication method, which is a website inspection method, greatly improves the privacy of user links, and can also effectively prevent malicious links to phishing websites. It can also be configured on the switch to only give users the minimum operating authority. Disable unsafe management protocols for users to access from the business level.
Integrity issues for WLAN networks Originally, the HTTP protocol was used to transfer information between Web browsers and web servers, and it belongs to the application layer in the TCP/IP layering. The key problem is that the communication uses plaintext without an encryption algorithm, the content may eavesdrop, and the identities of the two parties in the communication are not verified.
Therefore, it is possible that an attacker who disguises his identity cannot prove the integrity of the message, and it is easy for the attacker to tamper with key data.
The core technology of packet capture is to let the user’s device download an unknown certificate first, and bypass its own HTTP protocol through the link of the unknown certificate. The countermeasure can achieve the effect of certificate pinning through the SSL-Pinning protocol.
Specifically, configure the SSL certificate binding on the switch. After the client receives the certificate from the server, it performs a strong verification on the certificate to verify whether the certificate is recognized by the client. If not, the two-wire verification fails and the connection is disconnected. After opening the SSL proxy in the experiment, a request error is displayed, and then running Fiddler fails to capture packets.
Aiming at the readability problem of the WLAN network, China Huawei’s switch equipment has made a breakthrough. Compared with the traditional MAC address aging mechanism, the internal settings of the switch have been improved, and the port security function can be used to prevent MAC flooding to a large extent. Attack,
The switch can directly bind the important MAC address of the server and the corresponding port to prevent the attacker from communicating with the switch through the secondary cascading port and defend against MAC address attacks.
When the terminal display and MAC address drift alarm switches are turned on. When an attacker uses the self-learning vulnerability of the switch to generate hundreds of thousands of different MAC addresses in a few seconds and send them to the switch, the MAC address table of the switch will soon be filled with these forged MAC addresses.
When the device generates a MAC address drift alarm, it will print out the alarm information. And it will print multiple times at intervals to remind the network administrator. When opening the MAC address drift error report table, use the command display trap buffer to view the cached information of the alarm in the background, judge that there is MAC address drift on the device, and generate the interface of MAC address drift Blocking, to ensure the readability of the WLAN network.