Features of protection of wireless and wired networks. Part 1 - Direct protection measures

Earlier we talked about highly technical problems of wired and wireless data transmission systems. This article will focus on security issues and more secure networking.

We localize problems

«Wi-Fi — ?», : , «», , , , «», .

:

. , , .

(, -). , , ARP . .

«», .

:

, .

. , , , . . , , , WiFi.

, , port security MAC. , -, MAC , -, . . — , , . , : .

, , . , , , MAC , . , , , . , , — . , , .

, - — . , . , - - .

:

. . !

:

. . , , WiFi. , VLAN, ACL, . , , VPN (). . , VPN .

, , , () port security. , , , MAC . . port security ACL — . .

, , WiFi.

:

. . , .

Ethernet-HUB, , , .

WiFi — .

:

« » : ( ) , , , .

WiFI

, , . , , .

, ( !) « ».

?

, :

• , MAC ;
• , , , , .

. , , .

WiFi

— (SSID) WiFi . Hide SSID , . , , , .

SSID, — BSSID (Basic Service Set Identifie). WiFi . WiFi .

MAC

« ». (Access Control List, ACL). - port security . ( ) MAC . MAC ( — MAC ). , WiFi. , .

Rogue AP

Rogue AP — , . , , , .

Zyxel .

, , , , .

, . WPA/WPA2-Enterprise, Extensible Authentication Protocol (EAP) , , , .

USG FLEX 100.

1. USG FLEX 100.

, WEP (Wired Equivalent Privacy, ), WPA, WPA2...

WPA2-PSK (pre-shared key) . , , — . - .

WiFi 6 c WPA3 WPA2 Enterprise , . ( RADIUS).

Nebula AX Dynamic Personal Pre-Shared Key (DPPSK) — , (PSK) . , WiFi .

WiFi 6?

WiFi 6, , WPA3 . , Zyxel - Unified Pro.

Unified Pro Zyxel WAX510D, Unified Pro Zyxel WAX650S, Unified Pro Zyxel NWA110AX  802.11ax (Wi-Fi 6) Nebula, .

2. Unified Pro Zyxel WAX650S Unified Pro Zyxel WAX510D.

, 802.11ax (WiFi 6).

WPA3-Enterprise 192-bit mode

WPA3-Enterprise — .

, WPA3-Enterprise :

• 256- Galois/Counter Mode — ,
• 384- Hashed Message Authentication Mode — ;
• Elliptic Curve Diffie-Hellman exchange, Elliptic Curve Digital Signature Algorithm — .

WPA3-Enterprise , SSL / TLS:

• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, EC DH/DSA - NIST P-384;
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, EC DH/DSA - NIST P-384, RSA 3072 ;
• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 — «» , EC, RSA 3072 , DH- 15.

WPA3-Personal WPA2-PSK

Pre-Shared Key, , WPA3 SAE, ( IEEE 802.11-2016)

. , (), — ( ) , SAE , .

dragonfly handshake, .

SAE (Key Reinstallation Attacks, KRACK ), offline , , , PSK-.

SAE forward secrecy, . , , , . SAE , , .

Enhanced Open —

, . , , (), .

Enhanced Open — Opportunistic Wireless Encryption, OWE, Internet Engineering Task Force RFC 8110, . unsophisticated packet injection, .

Enhanced Open — .

27 .

:

1. Telegram chat Zyxel
2. Zyxel
3. Youtube
4. Wi-Fi — ?
5. Wi-Fi : , WPA3
6. WiFi 6 MU-MIMO OFDMA:
7. WiFi 6 :
8. WPA3 — WiFi 802.11
9. Wi-Fi 6: , ?