40923248 cp2020

  • Home
    • Site Map
    • reveal
    • blog
  • 首YA
  • HW1
    • PCH 15 Introduction to Wireless Networking 無線網絡簡介
      • Wireless LANs 無線局域網
      • Wireless Devices 無線設備
      • Wireless Standards 無線標準
      • Privacy and Security 隱私和安全
      • Wireless Networking Types 無線網絡類型
    • PCH 16  Internet Connectivity 互聯網連接
      • Internet Connectivity 互聯網連接
      • Networking  Internet Connectivity  聯網 Internet連接
      • Setting up a Network 建立網絡
  • HW2
  • HW3
    • Birthday Dictionaries 生日字典
      • Exercise 33  and Solution   練習33 和解決方案
      • Discussion topics 討論主題
      • Dictionaries 辭典
      • QUICK REVIEW 快速復審
      • MORE ON DICTIONARY KEYS 有關字典鍵的更多信息
      • String formatting 字符串格式
      • Solutions 解決方案
    • Tic Tac Toe Draw 井字遊戲抽獎
      • Exercise 27 and Solution 練習27 和解決方案
      • Concepts 概念
      • Solutions解決方案
    • Birthday Plots 生日情節
      • Exercise 36 and Solution 練習36和解決方案
      • Discussion 討論區
      • When to make plots 什麼時候作圖
      • Plotting libraries in Python 用Python繪製庫
      • Installing bokeh 安裝背景虛化
      • Using bokeh 使用散景
  • 心得
  • 自評 65 分
Wireless Standards 無線標準 << Previous Next >> Wireless Networking Types 無線網絡類型

Privacy and Security 隱私和安全

Due to the nature of Wi-Fi being transmitted through radio frequencies, the data transferred is susceptible to being viewed and captured by any other radio receiver. Encryption and network security have become a paramount concern for IT professionals at all levels. If a Wi-Fi network is set up without encryption it is “open,” and anybody with packet sniffing software in the vicinity can capture the transmissions between the host and the wireless access point. Public cafes and retailers offering open access do so as a courtesy, but the user must know that any online login information, such as connecting to a bank, Facebook, or Twitter, is not secure and is susceptible to capture. For the prospective technician, you must know the current encryption types and best practices to secure a WLAN.

由於Wi-Fi是通過射頻傳輸的,因此傳輸的數據很容易被任何其他無線電接收器查看和捕獲。加密和網絡安全已成為各級IT專業人員最關心的問題。如果建立了未加密的Wi-Fi網絡,則它是“開放的”,附近裝有數據包嗅探軟件的任何人都可以捕獲主機與無線訪問點之間的傳輸。提供開放訪問權限的公共咖啡館和零售商這樣做是出於禮貌,但是用戶必須知道任何在線登錄信息(例如,連接到銀行,Facebook或Twitter)都不安全並且容易被捕獲。對於準技術人員,您必須了解當前的加密類型和最佳做法以保護WLAN。

Encryption Types 加密類型

In order to provide security for wireless networks, the 802.11 standards provide for three major types of password protection/encryption: wired equivalent privacy (WEP), Wi-Fi protected access (WPA), and Wi-Fi protected access 2 (WPA2).

為了提供無線網絡的安全性,802.11標準提供了三種主要的密碼保護/加密類型:有線等效保密(WEP),Wi-Fi保護訪問(WPA)和Wi-Fi保護訪問2(WPA2)。

Wired Equivalent Privacy WEP 有線等效保密 WEP

In the original 802.11 standard, the only security provided was WEP, which claims to be as secure as a wired network connection. This wireless connection was secured using encryption with a 40-bit WEP key that all access points and client devices would use (preshared key). This symmetric encryption was a good idea, but since the key was so small (40 bits), it was quickly broken by attackers.To solve this, WEP evolved into using a 64-bit key and could support keys up to 128 bits, which would provide strong encryption. Unfortunately, the WEP algorithm used for encryption also relied on using an initialization vector (IV) in combination with the preshared key to create the strong encryption, but the IV was only created at 24 bits and is sent in plain text or clear text during the preshared key exchange. This was quickly compromised by attackers using a brute-force attack to determine the password using the weak IV. Many utilities exist in the open-source realm that can crack WEP passwords within just a few minutes on modern hardware. For this reason, WEP is considered insecure today and should never be used in your networks.

在原始802.11標準中,唯一提供的安全性是WEP,它聲稱與有線網絡連接一樣安全。通過使用所有訪問點和客戶端設備都將使用的40位WEP密鑰(預共享密鑰)進行加密來保護此無線連接。這種對稱加密是一個好主意,但是由於密鑰太小(40位),攻擊者很快就將其破壞了。

為了解決這個問題,WEP演變為使用64位密鑰,並且可以支持高達128位的密鑰,從而可以提供強大的加密功能。不幸的是,用於加密的WEP算法還依賴於使用初始化向量(IV)結合預共享密鑰來創建強加密,但是IV僅以24位創建,並且在加密期間以純文本或明文發送。預共享密鑰交換。攻擊者使用強力攻擊使用弱IV來確定密碼,從而很快破壞了這一安全性。開源領域中存在許多實用程序,可以在短短幾分鐘內在現代硬件上破解WEP密碼。因此,WEP在今天被認為是不安全的,永遠不要在您的網絡中使用。

Wi-Fi Protected Access  WPA  Wi-Fi保護訪問 WPA

The WPA standard was introduced to replace the insecure WEP. WPA used a 48-bit IV in place of WEP’s 24-bit IV. This upgraded IV uses a temporal key integrity protocol (TKIP). TKIP is an IEEE standard that was designed to provide more secure encryption. TKIP is a suite of algorithms that allows WLAN equipment to upgrade to TKIP without replacing hardware. TKIP encrypts each data packet with a unique encryption key, and the keys are much stronger than WEP. To increase key strength, TKIP includes four additional algorithms. In addition to TKIP, the WPA standard uses message integrity check (MIC) to confirm that data was not modified in transit. MIC uses a “hash” to verify that a message has not been altered. WPA supported both preshared key mode and enterprise mode. In enterprise mode, users are required to authenticate before exchanging their keys and each key between the client and access point is only temporary, reducing the chance of compromise. Unfortunately, WPA also suffered security flaws centered on the use of passphrases and pre-shared key (PSK) management and is now also considered to be unsecure.

引入了WPA標準來代替不安全的WEP。WPA使用48位IV代替WEP的24位IV。此升級的IV使用臨時密鑰完整性協議(TKIP)。TKIP是旨在提供更安全的加密的IEEE標準。TKIP是一套算法,可以使WLAN設備升級到TKIP,而無需更換硬件。TKIP使用唯一的加密密鑰加密每個數據包,並且該密鑰比WEP強得多。為了增強按鍵強度,TKIP包括四個附加算法。除了TKIP,WPA標準還使用消息完整性檢查(MIC)來確認數據在傳輸過程中沒有被修改。MIC使用“哈希”來驗證消息是否未被更改。WPA支持預共享密鑰模式和企業模式。在企業模式下,要求用戶在交換密鑰之前進行身份驗證,並且客戶端和訪問點之間的每個密鑰只是臨時的,從而減少了洩露的機會。不幸的是,WPA還遭受了圍繞密碼短語和預共享密鑰(PSK)管理的安全缺陷,現在也被認為是不安全的。

Wi-Fi Protected Access 2  WPA2  Wi-Fi保護訪問2 WPA2

Wi-Fi protected access version 2 (WPA2) was implemented to replace both WEP and WPA because of the insecurities with the 24-bit and 48-bit initialization vectors. WPA2 requires stronger encryption and integrity checking, using counter mode (CCMP) with cipher block chaining message authentication code protocol for integrity checking. Additionally, the encryption used for WPA2 is the advanced encryption standard (AES) with a 128-bit key, the same algorithm used by the United States government to protect their classified networks. Using WPA2 creates a secure wireless network, but only when used with good passwords and shared keys. WPA2 also supports enterprise mode for centralized user authentication (used in corporate networks) and a personal mode for preshared key support (used in most homes and small offices). The key to security with WPA2 is a strong password, since the current method of breaking into a WPA2 network is to use brute force attacks against the preshared key. If your key is long and complex, the attackers will not be able to penetrate your WPA2 wireless networks.

由於24位和48位初始化向量的不安全性,實施了Wi-Fi保護訪問版本2(WPA2)來替代WEP和WPA。WPA2需要使用計數器模式(CCMP)和密碼塊鏈接消息身份驗證代碼協議進行更強的加密和完整性檢查,以進行完整性檢查。此外,用於WPA2的加密是具有128位密鑰的高級加密標準(AES),與美國政府用來保護其機密網絡的算法相同。使用WPA2可以創建安全的無線網絡,但前提是要使用良好的密碼和共享密鑰。WPA2還支持用於集中式用戶身份驗證的企業模式(用於公司網絡)和用於預共享密鑰支持的個人模式(用於大多數家庭和小型辦公室)。使用WPA2進行安全保護的密鑰是一個強密碼,因為當前闖入WPA2網絡的方法是對預共享密鑰使用暴力攻擊。如果密鑰又長又復雜,攻擊者將無法穿透您的WPA2無線網絡。

Wi-Fi Protected Access 2 Enterprise Wi-Fi保護訪問2企業

WPA2 enterprise is a client/server model using the remote authentication dial-in user service (RADIUS) protocol found in larger corporate networks. The RADIUS server runs in the application layer using UDP (user datagram protocol) as a transport method, and is usually a software background service running on a UNIX or Windows server. WPA2 enterprise eliminates a shared key and replaces it with a username and a password to connect to the corporate Wi-Fi network.
WPA2企業版是使用大型企業網絡中使用的遠程身份驗證撥入用戶服務(RADIUS)協議的客戶端/服務器模型。RADIUS服務器使用UDP(用戶數據報協議)作為傳輸方法在應用程序層中運行,通常是在UNIX或Windows服務器上運行的軟件後台服務。WPA2企業消除了共享密鑰,並用用戶名和密碼代替了共享密鑰以連接到公司的Wi-Fi網絡。

Wireless Standards 無線標準 << Previous Next >> Wireless Networking Types 無線網絡類型

Copyright © All rights reserved | This template is made with by Colorlib