How to build a secure WLAN

Security of WLAN must go through a continuous improvement and upgrading process. Currently, SSID, WEP and MAC address filtering control are three main security mechanisms used in WLAN. However, they have revealed lots of drawbacks during actual use. Wireless communication security must be greatly guaranteed to cater to the rapid development of wireless technology. Well, how to build a secure WLAN is a question that bothers a large number of people.

Build a secure WLAN
As for how to build a secure WLAN, most users have no idea since they lack professional network knowledge. In view of that, we’d like to offer several effective measures, such as VPN establishment, RADIUS and port access control to help users build a secure WLAN.
1.  VPN establishment: VPN is used to ensure the network security of private data on a public IP network platform through tunnel and encryption technology. Once IP connectivity is available, effective VPN establishment can be achieved. Although VPN establishment doesn’t conform to the standard definition of 802.11, VPN technology is a new technology used to ensure transmission security by using a more powerful and reliable encryption method. For wireless commercial networks, secure VPN establishment is the best replacement for current WEP mechanism and MAC address filtering control mechanism. In fact, VPN has been widely used in remote users’ secure access to internet.
2.  RADIUS: in the authentication process, RADIUS provides a secure way to authenticate information. Wireless terminal and RADIUS server are able to achieve mutual authentication over the wired LAN through access point, so enterprises don’t need to manage the internal MAC address table or user of each wireless access point. Instead, they can simplify the management by setting a single database within the RADIUS system. The access point can be seen as a RADIUS user who is able to collect user authentication information and send the information to specified RADIUS server. After that, RADIUS server will receive users’ connection requests and perform user authentication. At last, RADIUS server will respond to the access point and provide users with the necessary information related to service.
3.  Port access control: as a security standard originally put forward for Ethernet, port access control is indeed an effective measure to build a secure WLAN. Although port access control with 802.1x standards was originally designed for wired Ethernet, it is also suitable for WLAN with 802.11 standards. Port access control is regarded as an enhanced network security solution to WLAN. After wireless terminal has been associated with access point, whether the service of access point can be used or not depends on the authentication result of port access control. If the authentication is passed, access point will open this logic port for users. Otherwise, users are not allowed to access the internet.
4.  WPA: WPA uses Temporal Key Integrity Protocol (TKIP) and algorithm to encrypt data. Similar to WEP, WPA is also based on RC4 encryption algorithm. However, the difference lies in that TKIP introduces four new algorithms. The main purpose of WPA is to introduce the concept of security hole to old devices, so they can be upgraded through firmware and driver.
5.  RSN: RSN always uses dynamic authentication method and encryption algorithm between access points and mobile devices. Authentication method is based on 802.1X protocol and EAP, while encryption algorithm is based on AES. Dynamic negotiation of authentication and encryption algorithm makes RSN equipped with flexible upgrade capability. In a word, WPA has improved the safety performance of old devices to some extent, while RSN is the secure future of WLAN.