MAC address filtering on wireless network
To enhance security capabilities for Wi-Fi network, in addition to using the encoding, authentication, hide the network name ... you should incorporate more features MAC address filtering.
NETWORK
 |
Before Wi-Fi industry to address the problems and shortcomings of WEP (wireless encryption protocol) - Technology security with encryption, many experts recommend using more MAC address filtering mechanism in order to enhance security. Each Wi-Fi device is assigned a unique MAC address (Media Access Control) consists of 12 hexadecimal digits.The MAC address is the "underground" of the hardware device and sent automatically to Wi-Fi access points when the device connected to the network. Use the configuration manager of the access point (Access Point - AP ), you can establish a list of equipment is safe (allowed access to the network) or a list of equipment is not allowed access to the network (black list - black list). If MAC address filtering is enabled, the AP only allows the devices in the safe list are connected to the network and prohibit all devices in the blacklist access to the network, even if you lock connection whether you are using the connection protocol. With the emergence of reliable encryption protocol, which is the most powerful WPA2 (Wi-Fi Protected Access II), we heard it address filtering More MAC. However, an attacker (hacker) has found a way to attack this protocol, by spoofing the address of the connected device or a fake one of these devices.
Security layers
Sharony According Jacob, the main consultant and president of Mobius Consulting, the consulting firm in New York on wireless for that MAC address filtering is not enough. Sharony think a good security strategy must be built on multiple layers. In most cases, you should not use MAC address filtering - only a solution will not be enough to prevent the hacker sophisticated - that should be used in combination with other security layers. There are situations appropriate to use MAC address filtering, that is, in the case of attempts to secure additional investment, but not enough to meet.
Sharony According Jacob, the main consultant and president of Mobius Consulting, the consulting firm in New York on wireless for that MAC address filtering is not enough. Sharony think a good security strategy must be built on multiple layers. In most cases, you should not use MAC address filtering - only a solution will not be enough to prevent the hacker sophisticated - that should be used in combination with other security layers. There are situations appropriate to use MAC address filtering, that is, in the case of attempts to secure additional investment, but not enough to meet.
Use MAC address?
To set up MAC filtering, you should establish a list of MAC addresses for devices that need to connect to the network. Every time you want to add or remove a device, you must sign in the configuration manager of the AP.(AP level can allow businesses to do this with the command). In most routers (router) for small business / home users, but many companies are using, you open the browser and enter the IP address of the router (see the instruction manual, usually: 192.168.0.1 or 192.168.1.1) into the address bar of your browser. At that time, the browser screen Device manager will ask Added to your account (login ID and password) - see the default login account in the documentation that came with the device. Once successfully logged, to be safe, you should immediately change the default login account. Then you find the advanced settings for wireless networks and select the "MAC filtering" or "Access list" or some other appellation (although that would hang under different names, you should preview the documents instructions accompanying the product for more information).
To set up MAC filtering, you should establish a list of MAC addresses for devices that need to connect to the network. Every time you want to add or remove a device, you must sign in the configuration manager of the AP.(AP level can allow businesses to do this with the command). In most routers (router) for small business / home users, but many companies are using, you open the browser and enter the IP address of the router (see the instruction manual, usually: 192.168.0.1 or 192.168.1.1) into the address bar of your browser. At that time, the browser screen Device manager will ask Added to your account (login ID and password) - see the default login account in the documentation that came with the device. Once successfully logged, to be safe, you should immediately change the default login account. Then you find the advanced settings for wireless networks and select the "MAC filtering" or "Access list" or some other appellation (although that would hang under different names, you should preview the documents instructions accompanying the product for more information).
By filtering MAC address
If you need to add a new device on your system, you need to know the address of this device before. This address is usually printed on the outside of the product, but there are exceptions. In some products, such asphone mobile, MAC addresses can be found through the phone's software, but some products, finding the MAC address very difficult. The final project can is that you can temporarily disable MAC address filtering, which allows new devices to connect to, and retrieve the device's MAC address from the list of devices connected to the access manager of the AP. To add a MAC address of the new device to Wi-Fi network, you log on to the device manager, Wireless MAC Filter to open the item and enter the MAC address of that device on. Until then, you should activate (Enabled) function Wireless MAC Filter and select the mode to create a black list or safe list. In fact, if you are a manager and said wireless device's MAC address be connected to the network and the network access machines often implement MAC address filtering is another layer of security to be deployed.
If you need to add a new device on your system, you need to know the address of this device before. This address is usually printed on the outside of the product, but there are exceptions. In some products, such asphone mobile, MAC addresses can be found through the phone's software, but some products, finding the MAC address very difficult. The final project can is that you can temporarily disable MAC address filtering, which allows new devices to connect to, and retrieve the device's MAC address from the list of devices connected to the access manager of the AP. To add a MAC address of the new device to Wi-Fi network, you log on to the device manager, Wireless MAC Filter to open the item and enter the MAC address of that device on. Until then, you should activate (Enabled) function Wireless MAC Filter and select the mode to create a black list or safe list. In fact, if you are a manager and said wireless device's MAC address be connected to the network and the network access machines often implement MAC address filtering is another layer of security to be deployed.
 |
When would not use MAC filtering?
If the environment of your wireless network often changes, the new device connect and disconnect constantly, or you are managing a large enterprise network with thousands, even even tens of thousands of devices, maintaining and constantly updating the MAC address table storage quite difficult to deliver results as expected. There are many functions on the router supports Wi-Fi/AP can do this easier, such functions WPS (Wi-Fi Protected Setup), which allows network administrators to easily add new devices to the network and automatically adds the MAC address to the list. There are cases where networks too small and not yet time to use the filter by MAC address, but sometimes the home / office may have more customers want to access it - to use their devices to access. To resolve this situation Many new AP allows you to set up a second network completely separate from the main network (such as features on the Guest Access Wi-Fi router Cisco Linksys line E), a Wi-Fi network name (SSID - service set identifier) is unique for another client. The main network will be protected by a combination of encryption and MAC address filtering, while the second network to remain open for normal Internet visitors. MAC filtering instead of encryption available? there are situations where you can only Methods filter using MAC address? it was suggested that there is no case, must use encryption. For too many protocols and programs (the web) are not encrypted, which has many tools start wireless packet (for hackers) to download for free wireless encryption should have significance. A y others arguing for, the security method only uses MAC address filtering only relevant when using a personal access point, for example with the Novatel Wireless MiFi - The product used on the car, usually for family members or colleagues to access. With this, you can use the combination of MAC filtering and encryption or no encryption. Because sometimes, the encryption will become heavily requested by users know the access key.
If the environment of your wireless network often changes, the new device connect and disconnect constantly, or you are managing a large enterprise network with thousands, even even tens of thousands of devices, maintaining and constantly updating the MAC address table storage quite difficult to deliver results as expected. There are many functions on the router supports Wi-Fi/AP can do this easier, such functions WPS (Wi-Fi Protected Setup), which allows network administrators to easily add new devices to the network and automatically adds the MAC address to the list. There are cases where networks too small and not yet time to use the filter by MAC address, but sometimes the home / office may have more customers want to access it - to use their devices to access. To resolve this situation Many new AP allows you to set up a second network completely separate from the main network (such as features on the Guest Access Wi-Fi router Cisco Linksys line E), a Wi-Fi network name (SSID - service set identifier) is unique for another client. The main network will be protected by a combination of encryption and MAC address filtering, while the second network to remain open for normal Internet visitors. MAC filtering instead of encryption available? there are situations where you can only Methods filter using MAC address? it was suggested that there is no case, must use encryption. For too many protocols and programs (the web) are not encrypted, which has many tools start wireless packet (for hackers) to download for free wireless encryption should have significance. A y others arguing for, the security method only uses MAC address filtering only relevant when using a personal access point, for example with the Novatel Wireless MiFi - The product used on the car, usually for family members or colleagues to access. With this, you can use the combination of MAC filtering and encryption or no encryption. Because sometimes, the encryption will become heavily requested by users know the access key.
Use black list or safe list?
Typically, users want to use MAC address filtering to only allow the device to verify the connection - safe list. But there will also be cases where users want to create a blacklist - list of users is not allowed to connect to your network. If you want to ensure certain equipment is not connected to your network, for service as personal computer / mobile phone of the employees have retired; the device is determined to be related to the denial of service attacks in the past or neighbor that you suspect are trying to attack your network to access the internet, you should select the set whitelist.
Typically, users want to use MAC address filtering to only allow the device to verify the connection - safe list. But there will also be cases where users want to create a blacklist - list of users is not allowed to connect to your network. If you want to ensure certain equipment is not connected to your network, for service as personal computer / mobile phone of the employees have retired; the device is determined to be related to the denial of service attacks in the past or neighbor that you suspect are trying to attack your network to access the internet, you should select the set whitelist.
"If home / your office has set up Wi-Fi can carry on (do not use security such as encryption and MAC address filtering) for your customers to access the comments also suggest that, you should put all your home computer / office network to the black list now, so the machine that contains your important data is not "was accidentally" connect to the network and can be stolen data weight. "
"Some experts believe that, in some cases, network administrators can lock all devices (of many different manufacturers) are connected to the network based on the first couple of characters in the MAC address (however, this way you you understand more technical details, administrator, so hopefully we will have a separate presentation in the future). " MAC address filtering is a useful additional feature for encryption, but you should also remember that this feature can also threatened to use cream travel with the best encryption methods.Reference Lab Test PC World Vietnam Wi-Fi Planet
"Strategies" secure online transactions
Nothing will ensure that criminals abandoned the idea of entering a bank account to your online.Follow up to 6 note the following to make sure you stay safe when trading online. 1. Install security software efficiently: This is an indispensable tool for most users regularly browse the web in general and the use of online banking transactions. You should periodically update the new version of software "gatekeeper" system, if set up automatic updates.This way, your system will be more sensitive in detecting and preventing security threats. 2. Beware email: Some people may not care about this issue, but this is where most hackers are often attacked. Some banks have a habit of sending monthly email to clients trading statement, but you should not click on email links that it provides. Instead, open a browser and access directly to the bank's website to see the same information. 3. Not logged in non-secure web page: Make sure that the bank's website that you are using is secure before you enter the account password. URL website address of the bank must begin with the word "https" rather than "http" as usual. Unlike Microsoft's IE browser, both Firefox and Chrome are marked blue label at the top of the line if the site address in the form of safety. 4.Su password "strength": A password is considered the best if the random combination of characters and digits. You should avoid using a password with content related to the name, birth date or any word that means that hackers can guess it. If the browser asks if you want to save the password, do not hesitate to choose NO. Also, never use the same password for two sites or services. If you think you can not remember all the passwords they are using, consider a utility to manage and encrypt passwords. 5.Tranh away from the public network: Put in the habit of not accessing bank website, credit card company or make any online transactions from a public Wi-Fi networks (such as in cafes, railway stations, airports, ...). With the demand for this form, you should use the network at home or in the company. Minh Xuan PC World 3 / 2011 |
Tags: Technology
Previous Article
