Wireless LAN sniffing technology and prevention strategy
The wireless local area network (WLAN) has been more and more widely used in many fields because of its advantages of convenient installation and flexible networking, but because the data it transmits uses radio waves to spread in the air, the transmitted data may reach unexpected reception Devices, so WLAN has the problem that network information is easily stolen. Stealing data on the network is called sniffing. It is a technique that uses a computer's network interface to intercept data packets in the network. Sniffing generally works at the bottom of the network, and can record all data transmitted on the network without being noticed, thereby capturing account numbers and passwords, private or confidential information, and can even be used to compromise the security of network neighbors or use To gain higher-level access rights, analyze network structure, and perform network penetration.
The openness of wireless channels in WLAN brings great convenience to network sniffing. The threat of network sniffing to information security in WLAN comes from its passive and non-interfering nature. The host running the listener program only passively receives the information transmitted in the network during the eavesdropping process. It also does not modify the information packets transmitted in the network, which makes the network sniffing very concealed, and often makes the network information leaks difficult to be discovered. Although it has no obvious harm to actively attack and destroy the network, the losses caused by it are also immeasurable. Only by analyzing the principles and essence of network sniffing, can we effectively prevent accidents and enhance the security and protection capabilities of wireless LANs.
Principles of network sniffing
To understand the essence of network sniffing, we must first understand the process of data encapsulation and transmission in the network. According to the TCP / IP protocol, the data packet is sent after being encapsulated layer by layer. Assuming that clients A, B and FTP server C are connected through an access point (AP) or other wireless connection device, host A uses a FTP command to remotely log in to host C to download files. Then first enter the FTP password for logging in to host C on host A. The FTP password passes through the application layer FTP protocol, the transport layer TCP protocol, the network layer IP protocol, and the Ethernet driver on the data link layer. When it reaches the physical layer, it is broadcasted wirelessly. The host C receives the data frame and finds it was sent to itself after the comparison, and then it analyzes and processes the data frame. At this time, host B also receives the data frame broadcast by host A, and then checks whether the address in the data frame matches its own address, and discards the data frame if it finds a mismatch. This is the general process of communication based on TCP / IP protocol.
Network sniffing is to capture and parse information from communications. Suppose host B wants to know what the FTP password is to log into server C. Then all it needs to do is to capture the data frame broadcast by host A, parse the data frame, and strip out the Ethernet frame header, IP packet header, TCP packet header, etc., and then The header part and the data part are analyzed and processed accordingly to obtain useful information contained in the data frame.
When implementing sniffing, first set up a computer for sniffing, that is, install a wireless network card on the sniffing machine, and set the network card to promiscuous mode. In promiscuous mode, the network card can receive all the data packets passing through it, and then parse the data packets to realize data eavesdropping. Secondly, it realizes loop grabbing data packets, and sends the captured data packets to the next data analysis module for processing. Finally, data analysis is performed to extract the Ethernet frame header, IP packet header, TCP packet header, etc. in turn, and then perform corresponding analysis and processing on each header portion and data portion.
Corresponding prevention strategy
Although sniffing is hidden and not easily detectable, it is not without prevention methods. The following strategies can prevent sniffing.
——Strengthen network access control. An extreme method is to prevent electromagnetic wave leakage through the electromagnetic shielding of the house, and the risk of wireless network configuration can be reduced through powerful network access control. At the same time, configuring survey tools can also measure and enhance the security of AP coverage. Although it is known that signal coverage can provide some favorable conditions for WLAN security, this does not become a complete network security solution. It is still possible for an attacker to use high-performance antennas to sniff the transmitted data on the wireless network.
——The network is set as a closed system. In order to avoid the network being discovered by tools such as NetStumbler, the network should be set as a closed system. A closed system is a system that does not respond to clients whose SSID is marked as "any" and turns off the broadcast function of network identification. It can prohibit unauthorized access, but it cannot completely prevent sniffing.
——Encrypt with a reliable protocol. If the user's wireless network is used to transmit more sensitive data, then the WEP encryption method is not enough, and the SSL method such as e-mail connection needs to be further used. It is an optional layer between the HTTP protocol and the TCP protocol. SSL establishes an encrypted channel on top of TCP and encrypts the data passing through this layer to achieve the effect of secrecy.
It is also essential to use a secure shell instead of Telnet. SSH is a protocol that provides secure communication in applications. The connection is established by using an algorithm from RSA. After the authorization is completed, the next communication data is encrypted using IDEA technology. SSH later developed into F-SSH, which provides high-level, military-level encryption of the communication process. It provides the strongest general encryption for network communication via TCP / IP. At present, no one has broken through this encryption method. The information sniffed will naturally no longer have any value. In addition, using secure copies instead of file transfer protocols can also enhance data security.
——One-time password technology. Normal computer passwords are static and can be easily stolen by online sniffers. Using S / key one-time password technology or other one-time password technology can make eavesdropping account information meaningless. The principle of S / key is that the remote host has obtained a password (this password will not be transmitted in an unsecured network), when the user connects, he will get a "challenge" information, the user will pass this information and password through an algorithm, Generate a correct "response" message (if the passwords of both parties are correct). This authentication method does not need to transmit the password on the network, and the same "challenge / response message" will not appear twice.
Network sniffing is relatively simple to implement, especially with a good development environment, it can be easily achieved through programming, but it is quite difficult to prevent sniffing. At present, there is not a practical, once and for all method. In addition to achieving the above-mentioned security measures as much as possible, we should also pay attention to continuously improving the security awareness of network management personnel, and pay more attention to and diligent inspections.
Kara offers a wide range of illuminated and non-illuminated Rocker Switches.Ranging from 4 to 9poles,16VA to 30 amp,with many styles of colors and functions,especially the switches with High-Current and some types which meet the industry standard IP65,IP68. Certifications include UL, CSA, TUV, CE, and more.
Middle-Sized Rocker Switches,Middle Rocker Switches,Economic Middle-Sized Rocker Switches,Universal Middle-Sized Rocker Switches
Ningbo Kara Electronic Co.,Ltd. , https://www.kara-switch.com