Industry News

Weida main product booster cables , battery clip, tow rope,ratchet tie down.

« Large-scale development of nuclear power in the preparation phase before the Concern: urban sewage treatment works on the Management of »

Virtual private network is not equal to the wireless network security

    Wireless LAN security held each time the theme activities, always someone asked me a virtual private network is a wireless network security solution.
    (Wi-Fi wireless network is to support the 802.11 family of standards called the popular wireless local area network). booster cables I always tell them a virtual private network can not replace effective wireless network security measures, and I even posted on the company's comprehensive guide to wireless LAN security,battery clip but supporters of the virtual private network or virtual private networks insist on their universal theory I had to use every place all the time to explain the virtual private network and the difference between the wireless network security.

    Virtual Private Network exclusive camp.

    Virtual private network including a dedicated sales exclusive camp,tow rope virtual private network and wireless network security companies and more familiar than part of a virtual private network, they will be wireless network security issues, looking at the scope of a virtual private network, ratchet tie dowm because it their business can be included. This is a very typical example, when you have time for a hammer, everything looks like a nail. They will tell you, just use a virtual private network do not have to worry about the security of a wireless network. Virtual private network from the exclusive camp's argument is, IEEE 802.11 standard itself can not provide an effective security solution. In order to strengthen the argument, they will dynamic Wired Equivalent Privacy (WEP) as an example the collapse mode, or wireless network directly to that Protected Access (WPA) mode is how easily be cracked.

    Wireless Protected Access (WPA) model really can be cracked.

    Any person claiming to protect the wireless network access (WPA) mode can be cracked is not know what the person is or how to access the wireless network protection crack. They are referring to is actually such a case, some simple models of wireless network access protection (typically used by home users) are using a pre-shared key PSK, the time when they were intercepted, it may be too simple because guessed. But this only shows the wireless network protected access pre-shared key is invalid. A simple consists of ten (or more) random letters and numbers can not be pre-shared key is deciphered by the exhaustive method of violence. And I can also point out that the use of pre-shared keys virtual private network, this problem also exists.

    Dynamic Wired Equivalent Privacy (WEP) mode is the IEEE 802.11 standard complaint.

    Dynamic Wired Equivalent Privacy (WEP) model has been completely cracked, this is no doubt. Dynamic IEEE 802.11 Wired Equivalent Privacy (WEP) model is the design of the twentieth century in the late nineties, when a powerful encryption technology as an effective weapon by the United States strict export restrictions. Fear of strong encryption has been cracked, wireless networking products are banned for export. However, just two years later, the dynamic Wired Equivalent Privacy mode was found to have serious shortcomings. However, errors in the nineties the twentieth century should not be in the presence of IEEE 802.11 wireless network security, or the standard itself, the wireless network industry can not wait for revised standards for Electrical and Electronics Engineers, so they launched a dynamic Key Integrity Protocol TKIP (dynamic Wired Equivalent confidential version of the patch effect).

    Should be avoided for some of the bad rather than abandoned.

    Virtual private network and the presence of wireless networks are poorly designed authentication mechanisms. For example, ASLEAP hacking technology allows people who do not use much the same way cracked very popular 802.1x authentication for wireless networks and the use of Point to Point Tunneling Protocol (PPTP) virtual private network authentication. Therefore, our concern should be how to improve the level of encryption, rather than the need for encryption.

    Wireless networks and virtual private network security definition.

    Modern wireless network security technology.

    Wireless Protected Access (WPA) or Wireless Protected Access Network 2 (WPA2) wireless network by the Alliance to the security standards, including effective policies and encryption algorithms. Wireless Protected Access is to support the draft 802.11i standard, Wireless Protected Access 2 support network is the final version of the standard version of 802.11i. Wireless network encryption is in the "data link layer" (Open Systems Interconnection Reference Model Communication of the second layer), and between the operation of hardware and firmware is transparent. Note that, due to the development of wireless network technology, exceptions may exist.

    In encryption, the wireless network protection and wireless network access Protected Access 2, the only difference is that the wireless network supports dynamic Protected Access 2 Key Integrity Protocol (RC4 encryption algorithm of an executive version) and Advanced Encryption Standard (for the top Government Security Policy), and wireless network protection is supported access and optional Dynamic Key Integrity Protocol Advanced Encryption Standard. Although the dynamic Key Integrity Protocol and Advanced Encryption Standard currently not cracked, but the Advanced Encryption Standard is no doubt in terms of security has certain advantages.

    Wireless Protected Access and Wi-Fi Protected Access 2 contains two authentication and access control modes: pre-shared key mode of household and business 802.1x mode. In the home mode, multiple rounds of hash, so that the rate of violent exhaustion method will become very slow, and in the core rules will not use the pre-computed hash tables (not including attacks on a common set of services identifier). Enterprise 802.1x port-based model is a standard network access control mechanism, its wide range of Extensible Authentication Protocol (EAP) for the open, including a powerful EAP-TLS, PEAP, EAP-TTLS uses the public key, etc. type of technology infrastructure, digital certificate authentication feature is relatively weak and Cisco LEAP and EAP-FAST and other means.

    Modern virtual private network security.

    Virtual Private Network is an information protection technology, encryption usually occurs at the network layer (open communication system interconnection reference model's third layer), to support the technology, including Internet protocol security protocol IPSec, PPTP Point to Point Tunneling Protocol and the second Layer Two Tunneling Protocol L2TP. Recent virtual private networks in order to facilitate firewall, network address translation and proxy browser has passed the Secure Socket Layer protocol layer encryption SSL channel will move to the presentation layer (Open Systems Interconnection Reference Model Communication sixth floor.) Note that most of the virtual private network packages must program the second layer through the second layer and third layer of the Internet Protocol security protocol IPSec or the sixth floor of the Secure Socket Layer SSL protocol layer implementation. Simulation allows the second layer virtual private network client a virtual IP address to the network control. Some support for SSL VPN tunnels (please do not, and the application layer SSL VPN confusing) providers such as Cisco, use the ActiveX / or Java technologies to rapidly deploy a network client. Microsoft will soon start to a new SSL tunnel technology called Secure Socket Tunneling Protocol SSTP, added to the Point to Point Tunneling Protocol is currently only supports PPTP and L2TP Layer Two Tunneling Protocol the Windows built-in virtual private network client .

    Virtual private networks use encryption and authentication to be based on actual use of the environment analysis and determined. Point to Point Tunneling Protocol PPTP support as a virtual private network can use the RC4 algorithm 40-bit, 56-bit and 128-bit encryption, support for IPSEC, and Layer Two Tunneling Protocol L2TP can also have a wider choice, DES (56 bit) , 3DES (168 bit) and Advanced Encryption Standard AES (128,192,256-bit) are included. Virtual private network may not be a strong authentication mechanism, like the Point to Point Tunneling Protocol PPTP pass through the password hash, or by the type of public key infrastructure technology to achieve, similar to the Layer Two Tunneling Protocol L2TP, you can use the server and client digital certificates. Some support for Internet Protocol security protocol IPSec solutions can choose to use pre-shared key or public key infrastructure technology based on PKI digital certificates. If this looks like the wireless network security technology, rather than the situation you think, the reason is very simple, cryptography are interlinked.

    Virtual private network and wireless network security technology suitable for any environment.

    In network security, virtual private network and wireless network security technology strengths. Virtual Private Network allows you to securely connect to any network (including the Internet), whether using a modem connection or wireless network hotspots. This is the work of virtual private network, anywhere in the world with Internet access. Wireless network security technology, but on mobile devices and wireless access point between the data link layer security, which means it can only work in a local LAN environment. However, wireless network security technology can provide faster speeds, lower cost and simple operation. Under the same conditions, the wireless network security technology can provide the same or even better than the security of a wired connection.

    When you use a virtual private network connected to the LAN of the time, local area network connection to the Internet will not be started until the login virtual private network client to manually open the date. The use of wireless network security technology of the time, even if the user does not login, the machine can automatically log into the network. This means that in Windows Update, enterprise management tools, group policy update, which landed for the new user login, are feasible. When the user activates, and into a laptop computer, it can automatically access the wireless LAN. The wireless network clients to centrally manage and distribute, so that the enterprise wireless network security will seem very attractive. For virtual private networks, there are some completely unable to use environment. For example, many embedded devices, wireless network technology like VoIP phones, label printers, barcode scanners, can not support the virtual private network, but can support the protection of wireless networks or wireless network access Protected Access 2 security model.

    Virtual private network and wireless network security technology can coexist.

    In the network topology, we can see a mix of virtual private network and wireless network technology, enterprise network security solutions. Virtual private network access the Internet gateway for the user to provide an encrypted connection, while the access point (more than one representative), the local device connection to provide a wireless LAN. Wireless network here is a closed network, you can encrypt the second level and above operations, to access control and authentication purposes. This topology uses a centralized authentication system for remote users to dial-up RADIUS Authentication Mode, you can share all the access points and virtual private network gateway. Virtual private network access point and gateway to the network access device's remote user authentication system, RADIUS authentication dial-up request to the remote user dial-up authentication system, RADIUS server, the server on the user directory (Lightweight Directory Access Protocol LDAP, activities Directory, Novell, and the like) to check for verification. This ensures both the virtual private network or wireless network is truly secure single sign-on, without causing waste of hardware.

    Virtual private network security solutions.

    Above the level in the network topology, virtual private network is the use of wireless networks and virtual private network only solution for mixed environments. If the notebook, Windows Mobile, Windows CE and Linux devices such as portable terminal through a virtual private network limited by an Internet hot spot to connect to the LAN, then they will be able to work. However, wireless network technology for the VoIP phone, label printers, barcode scanners and other types of embedded devices, not so lucky. They do not support this architecture. Performance bottleneck is in a virtual private network gateway, this gateway may need to upgrade to Gigabit. The local wireless network users to connect through two stages, the first step to connect to the wireless network, and then start the virtual private network software.

    Access points and wireless network cards to support the Advanced Encryption Standard encryption devices, virtual private network client software will take a lot of memory, the maximum transmission unit of data packets will make the state of the processor at full capacity. Fast roaming seamless access from the access point will become more difficult. Hackers can jump to the wireless access point and the dirty cheating, as sent to the Dynamic Host Configuration Protocol server large number of false claims or other types of possible attacks on the second floor. Hackers may use all such cases in the same subnet for other legitimate users to scan, this is the best way is to use host-based firewall.

    Separate virtual private network topology means that:

    * Gigabit expensive virtual private network gateway.

    Wireless network related infrastructure is not savings.

    ? Performance drop quickly.

    * Poor compatibility of embedded devices.

    * Select few management functions are not automatically login.

    * Allow the hacker to gain access to opportunities for open wireless networks and can scan the network and user

    Obviously, the best way is to use the right tool for the right job. Virtual private network security is like a hammer and wireless network security is like a screwdriver. You can not use a screwdriver to hammer a nail, it will not use a hammer, a screw rotation. If forced to use a hammer rotating screws, you will not get the desired results.
 

Post comment:

◎welcome to give out your point。

Calendar

Comments

Previous

iande Weida Electrical Appliance Tools Co.Ltd. professionally manufacture booster cables , battery clip, tow rope,ratchet tie down.