Network security has always been the focus of network information construction. At the same time, wireless network security has always been an important issue in the construction of wireless networks. People hope to use a more secure wireless network to ensure Internet security.

However, network security problems frequently occur in wireless networks: Wi-Fi passwords are shared by the universal key APP, misconnected with fishing Wi-Fi resulting in lost money, personal information being stolen and private routers connected by employees to cause hackers to easily invade. Access to intranet corporate information, confidential data is difficult to save...

Construction guidance

As a builder of secure networks, Sundray Technology asks users to pay attention to Wi-Fi network security. Especially for enterprise networks, network security is the basis for ensuring the normal operation of the company. Sundray Technology gives you some network security recommendations:

1. Wireless office network should never use PSK password authentication method. No matter how complex your Wi-Fi password is, it will be shared by Wi-Fi sharing software.

2. Do not use low-end wireless devices to carry office applications.

Low-end wireless devices often only support one PSK password authentication method, and can not support safer and more secure enterprise authentication.

3. It is recommended to adopt 802.1X, Portal and other enterprise security authentication methods.

802.1X and Portal use the authentication method of account plus password. They will not be shared by Wi-Fi sharing software, and it is difficult to crack. It is recommended to use 802.1X authentication method. The authentication process and the online process will be encrypted. Guaranteed safe transmission.

4. It is recommended to deploy network security devices in the network, such as online behavior management, security audit, etc.

The network device can allocate different network rights according to different accounts, access locations, and time segments, and record and retain the network access behavior of all online users to protect the network intranet security.

solution

Sundray Technology has always been committed to creating a more secure wireless connection and comprehensive security measures to help customers achieve end-to-end secure connectivity and provide customers with more value delivery.

The first step: solving the problem of who can connect, who can not connect.

1. Select the appropriate authentication method according to different scenarios.

Sundray Wireless AC provides more than 10 kinds of authentication methods for various usage scenarios.

A. The wireless office network adopts 802.1X, Portal, WAPI and other security authentication methods;

B. The strange visitors' network adopts real-name authentication such as SMS and WeChat to meet the real-name Internet access requirements of the Ministry of Public Security;

C. For some production networks, such as handheld PDA terminals, IoT terminals, etc., intelligent PSK authentication can be adopted, and each terminal MAC corresponds to a unique password;

2. Choose the appropriate safety access and reinforcement scheme

A. For the wireless office network, provide more additional security access, such as account password + SMS verification code or APP audit release, to prevent account passwords from being leaked.

B. At the same time, the account and the terminal hardware code can be automatically bound. The account can only be authenticated successfully on a specific terminal. Other terminals cannot access even if the account password is correct (one account can be bound to 5 terminals, more than 1 terminal, needs the administrator to review the binding information).

C. For customers such as government and finance, smart and secure wireless network cards can also be used for access. The administrator imports the CA certificate into the network card to implement mutual authentication with the wireless AC/AP. At the same time, the network card can be restricted to connect to the specified SSID, or the office network can only allow the secure network card terminal to access.

Step 2: What can customer do after get in?

1. Accurately identify the user's online behavior.

Through the continuously updated application identification system (wireless AC built-in), you can accurately identify the applications, APP programs, website categories visited, specific websites, etc. that users use, and control more accurately.

2. Fine control of Internet access

Based on accurate identification, and then implement a rich access control strategy, including different accounts, access locations, time segments, terminal types, and special attributes, etc., to assign different access rights. For example, an account can only access the company intranet system in the office area and cannot be accessed in the rest area.

3. Internal network and external network traffic security control

The wireless AC has built-in rich security features to effectively solve the attacks and risks inside the wireless network. Sundray Wireless AC built-in behavior management and auditing can not only realize the control of traffic accessing the Internet, but also realize the traffic security inside the wireless network.

Tip: Although export security devices, such as firewalls and intrusion prevention systems, are usually deployed on the network, they can prevent external attacks or bandwidth to the Internet, but they cannot regulate the internal bandwidth of the wireless network.

4. local forwarding can achieve application control (the industry's first)

Sundray will also introduce application identification, control and audit based on local forwarding, which can greatly reduce the consumption of AC equipment performance and save user construction costs.

The third step: solve the problem and know what they have done?

1. Comprehensive audit user network behavior

Through online behavior auditing or online content auditing (wireless AC built-in), you can record what they have done on the network.

2. Audit data security storage

The audited data can be stored in the built-in data center or in an external data center to meet the New Network Security Act (for at least 6 months of storage requirements).

Sundray wireless controller also provides more security defenses
For example, illegal Wi-Fi detection, anti-phishing Wi-Fi, anti-private Wi-Fi, anti-scan attack, anti-DDOS attack, anti-ARP spoofing attack, etc., fully protect the security of the network.