The easy access of WLAN is its advantage, but it also puts forward higher requirements on the security of WLAN. The WLAN channel is open, and any device can capture and analyze WLAN signals, which is more vulnerable to attacks than wired access. In actual use, most WLAN protocols are based on the IEEE 802.11 standard, and Wireless Fidelity (WiFi) technology is the most important manifestation of the 802.11 protocol on WLAN.
At present, the main security issues of WLAN are based on the three major issues at the three levels of management layer, control layer, and forwarding layer, which correspond to the three major privacy, integrity, and availability of WLAN networks.
On the user level, the wireless access point (AP) is the channel through which mobile clients access the wired network. According to the automatic algorithm of the 802.11 protocol, if there are multiple APs with the same service set identifier (SSID) in the area, the AP with the highest signal strength will be the first choice for most clients to ensure the quality of the network. But at the same time, it also caused a lot of security problems, assuming that in the vicinity of densely populated airports, stations, etc., use fake APs with high signal strength to induce users to connect. This type of phishing AP does not set a password, and the user’s device can easily be automatically selected to the phishing pseudo-AP as long as the WiFi function is turned on. After the phishing attack is completed, the mobile terminal establishes a connection with the attacker’s system. Since the hacker uses a soft AP with a bridging function, the traffic of the mobile terminal can be forwarded to the Internet, so the mobile terminal can still continue to surf the Internet, so no any tips. It is difficult for ordinary users to understand such situations. Once the user connects to the fake AP, the mac address of the device is exposed. An attacker would be able to steal all user interactions, abuse the victim’s system access, and compromise the privacy of the WLAN network. Wireless networks are not only attacked because of the TCP/IP architecture based on traditional wired networks, but also may be threatened by security issues based on the 802.11 standard itself issued by the Institute of Electrical and Electronics Engineers (IEEE).
On the control plane, focus on the security of user management information and business data. Attackers can intercept key information sent by users on the website by capturing packets, access and modify system functions without authorization to perform illegal operations, such as intercepting post requests to obtain user For the data sent by the website or the simulated get, please download the unknown certificate, forge the HTTP proxy, and let the data pass through it. It is often used to modify the network to send and receive data. Using it can help complete a lot of web script intrusion work, so as to Monitoring and intercepting data sent by websites to users, especially valuable data such as account passwords or business information, are the key targets of attackers, which destroys the integrity of the WLAN network.
Security at the forwarding layer is a key issue in WLAN networks. By forwarding data in a network segment, attackers can easily break through the surface and infect machines in the entire network segment. Focusing on the readability of the WLAN network, we should pay attention to the security of the WLAN forwarding layer, so that the data can be read and written safely, and prevent the attack from spreading in the network.
For WLAN readability problems on the main MAC layer, such as MAC flooding attacks on the mac layer, the attacker identifies the MAC address by binding the port of the switch to the MAC address. The MAC address is fixed in the network card, and each machine has only a unique MAC machine code, but the IP address is dynamically allocated, so ARP mapping is required to realize the mapping conversion between MAC and IP addresses in the interaction between the switch and the host. The establishment of this ARP table is completed through the ARP protocol. Taking advantage of the vulnerability that the switch does not have a security verification mechanism for learning MAC addresses, attackers use false physical addresses to deceive the switch. After the MAC address table of the switch is filled, it will no longer be able to receive The new message achieves the attacker’s purpose of spoofing the ARP protocol. After the address table is full, the network switch will work in broadcast mode. Attackers can capture data packets on any host in the network, steal important information by decrypting the data packets, forge the victim’s MAC address, and cross-infect other users on the same network segment, resulting in serious consequences, destroying This affects the readability of the WLAN network, and it is very easy to induce large-scale infection of machines in the network segment.