Bo mt mng khng dy

I. Gii thiu v Wireless Cng ngh khng dy l mt phng thc chuyn giao t im ny n im khc m khng s dng ng truyn vt l, m s dng radio, cell, hng ngoi v v tinh. Mng khng dy ngy nay bt ngun t nhiu giai on pht trin ca thng tin v tuyn v nhng ng dng in bo v radio. Mc d mt vi pht minh xut hin t nhng nm 1900, nhng s pht trin ni bt t c vo k nguyn ca cng ngh in t v chu nh hng ln ca nn kinh t hc hin i, cng nh cc khm ph trong lnh vc vt l hc. Cho n nay, mng khng dy t c nhng bc pht trin ng k. Ti mt s nc c nn cng ngh thng tin pht trin, mng khng dy thc s i vo cuc sng. Ch cn mt laptop, PDA, hoc mt phng tin truy cp mng khng bt k no l bn c th truy cp mng bt c ni u, trn c quan, trong nh, ngoi ng, trong qun c ph, trn my may, nh ga, khch sn,... bt c u trong phm vi ph sng ca WLAN. Tuy nhin chnh s h tr truy cp cng cng, cc phng tin truy cp li a dng, t n gin n phc tp, kch c cng nhiu loi lm cho cc nh qun tr au u trong vic bo mt. Lm th no tch hp c cc bin php bo mt vo cc phng tin truy cp m vn m bo nhng tin ch nh nh gn, gi thnh thp m vn m bo h tr truy cp cng cng. c ph chun bi IEEE (Institute of Electrical and Electronic Engineers) vo nm 1999, IEEE 802.11 hay Wireless LAN (gi tc l WLAN) tr nn pht trin mnh v ph bin trn th gii, tuy nhin mt s nc m nn cng ngh thng tin mi pht trin nh Vit Nam hin nay th WLAN vn cn kh mi m cn c nghin cu v u t thch ng.

Cc ng dng ca WLAN

II.Cc kiu tn cng c th xy ra i mng WLAN

Mt s tn cng c c th gy v hiu ha hoc c th tm cch truy nhp WLAN tri php theo mt vi cch.

Tn cng theo kiu t chi dch v (Denial of Services Attack ). Tn cng b ng (Nghe trm) Passive attacks. Tn cng ch ng (kt ni, d v cu hnh mng) Active attacks. Tn cng kiu chn p, Jamming attacks. Tn cng theo kiu thu ht, Man-in-the-middle attacks.

Trn y ch lit k mt vi kiu tn cng, trong mt vi kiu c th thc hin c theo nhiu cch khc nhau. n ng theo ki u t h i d h v e uthenti tion tt k nd epl y tt k Deauthentication Attack Kiu tn cng deauthetication l phng php khai thc hiu qu mt li xut hin trong chun 802.11. Trong mt mng 802.11, khi mt node mi mun tham gia vo mng li th n s phi tin hnh cc quy trnh xc thc v lien kt. Sau khi p ng c cc yu cu th node s c cp php truy cp vo mng. C 2 loi xc thc.1 loi l Open, loi xc thc ny cho php cc node c th tham gia vo mng. 1 loi l Share key loi ny i hi node phi c password ca mng. Sau khi xc thc, cc node s thc hin cc quy trnh lien kt, kt qu mang li cho node kh nng c th trao i d liu v broadcast n ton mng. Trong sut qu trnh xc thc v lien kt th ch c mt vi thng ip iu khin v qun l l c php . Mt trong s cc thng ip ny cung cp cho node kh nng yu cu deauthetication gia node v Access Point (AP) . Thng ip ny c s dng khi mt node mun chuyn i gia cc mng wireless vi nhau. iu ny c thc hin khi trong mt khu vc tn ti nhiu hn mt mng wireless, khi node s s dng thng ip ny. Ngay khi nhn c thng ip deauthentication mt node s ri khi mng v thit lp v trng thi ban u. Trong kiu tn cng deauthentication, k tn cng s s dng mt node gi mo tm kim a ch ca Access Point (AP) ang iu khin mng m k mun tn cng. Nh chng ta cp trn, AP trong chun 802.11 cng tng t nh BS trong chun 802.16. Ngha l cc AP l mt phn ca mt mng Lan khng dy hoc c dy, y cng chnh l im yu ca h thng mng Lan s dng AP. Nguy him y chnh l ta c th d dng tm c a ch ca AP m khng phi gp bt c kh khn no, bi v n khng c m ha bo v. Mt vi AP c cu hnh n trn mng, tuy nhin iu ny cng khng ngn c vic k tn cng c th tm thy c a ch ca AP thng qua vic lng lu thng trn ng mng gia AP v cc node. Ta c th d dng c c a ch ip ca AP bi v a ch ca AP c s dng trong mng wireless ch nhm mc ch gip cho cc thnh vin tham gia trong mng c th xc nh c chnh xc mng mnh ang tham gia thng qua c th deauthentication , v n khng c bo v bi bt quy trnh xc thc no c. Quy trnh ny chnh l im yu m nhng k tn cng c th khai thc, khi k tn cng bit c a ch ca AP, n s s dng a ch broadcast gi thng ip deauthentication n cho tt c cc node bn trong mng. Cc node s chp nhn cc thng ip deauthentication khng h

my may nghi ng cng nh c cc bin php xc minh xem th c phi thng ip deauthentication c gi t AP hay khng. Bc tip theo ca quy trnh ny l tt c cc node nhn c deauthentication s tin hnh reconnect, reauthorize v reasociate n AP. Vic cc node ng lot tin hnh reauthenticated s khin cho mng b tc nghn. Ngoi thng ip authentication th mt s thng ip khc trong mng 802.11 c th b k xu khai thc tn cng mng v d nh thng ip disassociation. Tuy nhin loi thng ip ny nhng k tn cng t n, bi v nhng k c th gi mo cc thng ip khc gy ra nhng hu qu ln hn. Trong thc t nhng k tn cng c th s dng mt vi loi thng ip khc gy ra cc cuc tn cng ging nh deauthentication C 3 c im ca thng ip deauthentication khin cho n d dng b nhng k tn li dng khai thc.

u tin l thng ip deauthentication khng s dng cc c ch xc thc nhn dng ngoi tr vic s dng a ch xc thc. c im th 2 l n khng tin hnh m ha cc thng tin c s dng to thng ip v vy k tn cng c th d dng tm thy cc thng tin gi mo. c im cui cng l cc node khng h c bt c phng php no bit c thng ip b gi mo

Replay Attack Tn cng Replay attack nh chng ta bit, k tn cng s tin hnh lng nghe trn ng truyn ca nn nhn. Khi nn nhn tin hnh trao i cc thng tin quan trng v d nh passwork th k tn cng s chn cc gi tin li. Cc gi tin b bt khng b k tn cng thay i ni dung m gi nguyn i n 1 thi gian thch hp no s gi gi tin i gi dng nh n c gi ra t my gc. Trong mng 802.11 tn cng Replay Attack hu nh chc chn s to ra hin tng Denial of Service. Hin tng ny xy ra bi v cc node nhn c thng ip s dnh trn bng thng v thi gian s l cho vic decoded thng ip dn n tnh trng Denial of Service. 802.11 d b thng tn i vi loi hnh tn cng ny bi v kiu tn cng ny da trn vic thiu hon ton th t nh s ca cc thng ip. Cc node nhn packets do nhng k tn cng gi n, cc paket ny u hp l tuy nhin th t ca packet khng p ng c trnh t packet m node nhn c, iu ny khin cho node dnh ton b bng thng v thi gian decode chng. Ngoi ra 802.11 cng khng h c bt k phng php no xc nh v loi b replayed messages. n ng b ng (P ssive tt ks) Nghe trm c l l phng php n gin nht, tuy nhin n vn c hiu qu i vi WLAN. Tn cng b ng nh mt cuc nghe trm, m khng pht hin c s c mt ca ngi nghe trm (hacker) trn hoc gn mng khi hacker khng thc s kt ni ti AP lng nghe cc gi tin truyn qua phn on mng khng dy. Nhng thit b phn tch mng hoc nhng ng dng khc c s dng ly thng tin ca WLAN t mt khong cch vi mt anten hng tnh.

M hnh tn cng b ng - Passive Attacks Phng php ny cho php hacker gi khong cch thun li khng b pht hin, nghe v thu nht thng tin qu gi.

Qu trnh ly cha kha WEP trong tn cng b ng C nhng ng dng c kh nng ly pass t cc Site HTTP, email, cc instant messenger, cc phin FTP, cc phin telnet m c gi di dng text khng c m ha. C nhng ng dng

khc c th ly pass trn nhng phn on mng khng dy gia Client v Server cho mc ch truy nhp mng. Xt mt tnh hung khc m trong HTTP hoc email password b ly trn nhng phn on mng khng dy, v sau c hacker s dng vi mc ch truy nhp ti WLAN . n ng h ng ( tive tt ks) Nhng hacker c th s dng phng php tn cng ch ng thc hin mt vi chc nng trn mng. Mt s tn cng ch ng c th c dng tm cch truy nhp ti mt server ly nhng d liu quan trng, s dng s truy nhp ti mng internet ca t chc cho nhng mc ch c hi, thm ch thay i cu hnh c s h tng mng. Bng cch kt ni ti mt mng WLAN thng qua mt AP, mt ngi s dng c th bt u thm nhp xu hn vo trong mng v thm ch lm thay i chnh mng khng dy . Chng hn mt hacker qua c b lc MAC, sau hacker c th tm cch ti AP v g b tt c cc b lc MAC, lm cho n d dng hn trong ln truy nhp tip theo. Ngi qun tr c th khng n s kin ny trong mt thi gian. Hnh di y m t mt kiu tn cng ch ng trn WLAN

M hnh tn cng ch ng - Active Attacks Mt vi v d ca tn cng ch ng c th nh vic gi bomb, cc spam do cc spammer hoc cc doanh nghip i th mun truy nhp n h s ca bn. Sau khi thu c mt a ch IP t DHCP server ca bn, hacker c th gi hng ngn l th s dng kt ni Internet v ISPs email server ca bn m bn khng bit. Kiu tn cng ny c th l nguyn nhn m ISP ca bn ct kt ni cho email ca bn do s lm dng email, mc d li khng phi do bn gy ra. Mt i th c th ly bng danh sch khch hng, bng lng ca bn m khng b pht hin. Khi hacker c kt ni khng dy ti mng ca bn th anh ta cng c th truy cp vo mng hu tuyn trong vn phng, v hai s kin khng khc nhau nhiu. Nhng kt ni khng dy cho php hacker v tc , s truy nhp ti server, kt ni ti mng din rng, kt ni internet, ti

desktop v laptop ca nhng ngi s dng.Vi mt vi cng c n gin, c th ly cc thng tin quan trng, chim quyn ca ngi s dng, hoc thm ch ph hy mng bng cch cu hnh li mng. S dng cc server tm kim vi vic qut cc cng, to nhng phin rng chia s v c nhng server phc v vic c nh password, hacker khng th thay i c pass, nng cao cc tin ch v ngn chn kiu tn cng ny. n ng theo ki u hn p (J mming tt ks) Trong khi mt hacker s dng phng php tn cng b ng, ch ng ly thng tin t vic truy cp ti mng ca bn, tn cng theo kiu chn p, Jamming, l mt k thut s dng n gin ng mng ca bn. Tng t nh vic k ph hoi sp t mt s t chi dch v mt cch p o, s tn cng c nhm vo Web server, v vy mt WLAN c th ngng lm vic bi mt tn hiu RF p o. Tn hiu RF c th v tnh hoc c , v tn hiu c th di chuyn hoc c nh. Khi mt hacker thc hin mt cuc tn cng Jamming c ch , hacker c th s dng thit b WLAN nhng c nhiu kh nng hn l hacker s dng mt my pht tn hiu RF cng sut cao hoc my to sng qut.

Tn cng theo kiu chn p - Jamming Attacks loi b kiu tn cng ny, yu cu trc ht l tm c ngun pht tnh hiu RF , bng cch phn tch ph. C nhiu my phn tch ph trn th trng, nhng mt my phn tch ph cm tay v chy bng pin thi tin li hn c. Mt vi nh sn xut ch to nhng b phn tch ph cm tay, trong khi mt vi nh sn xut khc to ra cc phn mm phn tch ph cho ngi dng tch hp ngay trong cc thit b WLAN. Khi Jamming gy ra bi mt ngun c nh, khng ch , nh mt thp truyn thng hoc cc h thng hp php khc, th ngi qun tr WLAN c th phi xem xt n vic s dng b thit t cc tn s khc nhau.

V d nu mt admin c trch nhim thit k v ci t mt mng RF trong mt khu phng rng, phc tp, th ngi cn phi xem xt mt cch k cng theo th t. Nu ngun giao thoa l mt in thoi, hoc cc thit b lm vic di tn 2,4Ghz, th admin c th s dng thit b di tn UNII, 5Ghz, thay v di tn 802.11b, 2,4Ghz v chia s di tn ISM 2,4Ghz vi cc thit b khc. S Jamming khng ch xy ra vi mi thit b m dng chung di tn 2,4Ghz. Jamming khng phi l s e da nghim trng v jamming khng th c thc hin ph bin bi hacker do vn gi c ca thit b, n qu t trong khi hacker ch tm thi v hiu ha c mng.. n ng bng h thu ht (M n-in-the-middle Attacks) Kiu tn cng ny, Man-in-the-middle Attacks, l mt tnh trng m trong mt c nhn s dng mt AP chim ot s iu khin ca mt node di ng bng cch gi nhng tn hiu mnh hn nhng tn hiu hp php m AP ang gi ti nhng node . Sau node di ng kt hp vi AP tri php ny, gi cc d liu ca ngi xm nhp ny, c th l cc thng tin nhy cm. Hnh v sau a ra mt m hnh cho s tn cng kiu ny

Tn cng bng cch thu ht - Man-in-the-middle attacks cc client lin kt vi AP tri php th cng sut ca AP phi cao hn nhiu ca cc AP khc trong khu vc v i khi phi l nguyn nhn tch cc cho cc user truy nhp ti. Vic mt kt ni vi AP hp php c th nh l mt vic tnh c trong qu trnh vo mng, v mt vi client s kt ni ti AP tri php mt cch ngu nhin. Ngi thc hin man-in-the-middle attack trc tin phi bit SSID m client s dng, v phi bit WEP key ca mng, nu n ang c s dng. Kt ni ngc (hng v pha mng li) t AP tri php c iu khin thng qua mt thit b client nh l PC card, hoc workgroup bridge. Nhiu khi man-in-the-middle attack c sp t s dng mt laptop vi hai PCMCIA card. Phn mm AP chy trn mt laptop m mt PC card c s dng nh l mt AP v PC card th hai c dng kt ni laptop ti gn AP hp php. Kiu cu hnh ny lm laptop thnh mt man-in-the-middle attack vn hnh gia client v AP hp php. Mt hacker theo kiu man-in-the-middle attack c th ly c cc thng tin c gi tr bng cch chy mt chng trnh phn tch mng trn laptop trong trng hp ny.

Trc cuc tn cng

V sau cuc tn cng Mt iu c bit vi kiu tn cng ny l ngi s dng khng th pht hin ra c cuc tn cng, v lng thng tin m thu nht c bng kiu tn cng ny l gii hn, n bng lng thng tin th phm ly c trong khi cn trn mng m khng b pht hin. Bin php tt nht ngn nga loi tn cng ny l bo mt lp vt l Gii thiu v mt vi cch b kho WEP,WPA wireless trn thc t : Chng ta s dng Aircrack suite crack WEP Gi s ta cu hnh AP s dng WEP key nh sau :

pture g i tin gii m Airodump l mt phn trong Aircrack suite chuyn dng capture cc gi tin v lu di dng *.pcap hoc *.ivs Tip tc ta s dng Airodump trong Aircrack capture cc gi tin IVs : M Airodump ln ta s c tng t nh hnh sau:

Sau khi chn cc thng s cho ph hp Airodump bt u capture cc gi tin :

Ta s thy MAC ca AP di BSSID v MAC ca client di STATION nu cc gi tin c capture th ct Data v Packets s dng ln nhanh chng.Theo ti liu cho bit th crack c WEP-64bit ta cn t 200.000-500.000 gi tin; WEP-128 cn 500.000-1.000.000 gi(trn thc t thng t hn nhiu).Sau khi c s gi tin theo yu cu(khong 300.000 gi) ta c th tin hnh gii m. r k W P key vi i r k M Aircrack ta c:

Dng dng lnh : aircrack-ng.exe a 1 capture.ivs ch mt cha ti 1s l aircrack tm ra WEP key

C c WEP key v IP ca AP v MAC ca client (trong trng hp AP lc MAC) Hacker hon ton c th thm nhp c vo Network. III. hnh s h bo mt - Security Mt cng ty m s dng WLAN nn c mt chnh sch bo mt thch hp. V d , nu khng c chnh sch ng n m cho kch thc cell khng thch hp, th s to iu kin cho hacker c c hi tt truy cp vo mng ti nhng im ngoi vng kim sot ca cng ty, nhng vn nm trong vng ph sng ca AP. Cc vn cn a ra trong chnh sch bo mt ca cng ty l cc vn v password, cha kha WEP, bo mt vt l, s s dng cc gii php bo mt tin tin, v nh gi phn cng WLAN. Danh sch ny tt nhin khng y , bi cc gii php an ton s thay i vi mi mt t chc. phc tp ca chnh sch bo mt ph thuc vo nhng yu cu an ton ca t chc cng nh l phm vi ca mng WLAN trong mng Nhng li ch ca vic thc hin, bo tr mt chnh sch bo mt em li l vic ngn nga s n cp d liu, s ph hoi ca cc tp on cnh tranh, v c th pht hin v bt gi cc k xm nhp tri php. S bt u tt nht cho cc chnh sch bo mt l vic qun l. Cc chnh sch bo mt cn c xem xt v d on, v cn a vo cng vi cc ti liu xy dng tp on. Vic bo mt cho WLAN cn c phn b thch hp, v nhng ngi c giao trch nhim thc hin phi c o to mt cch quy m. i ng ny li phi thnh lp chng mc ti liu mt cch chi tit c th lm ti liu tham kho cho cc i ng k cn. 1. Bo mt thng tin nhy m Mt vi thng tin nn ch c bit bi ngi qun tr mng l: - Username v password ca AP v Bridge - Nhng chui SNMP - Cha kha WEP,WPA

- Danh sch a ch MAC Nhng thng tin ny phi c ct gi bi mt ngi tin cy, c kinh nghim, nh ngi qun tr mng, l rt quan trng bi n l nhng thng tin nhy cm m nu l ra th c th l nguyn nhn ca s truy nhp tri php, hoc thm ch l s ph hy c mt mng. Nhng thng tin ny c th c ct gi trong nhiu kiu khc nhau. 2. S n ton vt l Mc d bo mt vt l khi s dng mng hu tuyn truyn thng l quan trng, thm ch quan trng hn cho mt cng ty s dng cng ngh WLAN. Nh cp t trc, mt ngi m c card PC wireless (v c th l mt anten) khng phi trong cng khu vc mng c th truy cp ti mng . Thm ch phn mm d tm s xm nhp khng ngn cn nhng hacker n cp thng tin nhy cm. S nghe ln khng li du vt trn mng bi v khng c kt ni no c thc hin. C nhng ng dng trn th trng by gi c th pht hin cc card mng trong ch pha tp (dng chung), truy nhp d liu m khng to kt ni. Khi WEP l gii php bo mt WLAN thch hp, nhng iu khin cht ch nn t trn nhng ngi dng m c s hu cc thit b client khng dy ca cng ty, khng cho php h mang cc thit b client ra khi cng ty. V cha kha WEP c gi trong cc chng trnh c s trn thit b client, bt k ni no c card, v th ;lm cho mi lin kt an ton ca mng yu nht. Ngi qun tr WLAN cn phi bit ai, u, khi no mi card PC c mang i. Thng nhng yu cu nh vy l qu gii hn ca mt ngi qun tr, ngi qun tr cn nhn ra rng, bn thn WEP,WPA khng phi l mt gii php an ton thch hp cho WLAN. K c vi s qun l cht nh vy, nu mt card b mt hoc b n trm, ngi c trch nhim vi card (ngi s dng) phi c yu cu bo co ngay vi ngi qun tr, c nhng bin php n phng thch hp. Nhng bin php ti thiu phi lm l t li b lc MAC, thay i cha kha WEP,v.v. Cho php nhm bo v qut nh k xung quanh khu vc cng ty pht hin nhng hot ng ng ng. Nhng nhn s ny c hun luyn nhn ra phn cng 802.11 v cnh gic cc nhn vin trong cng ty lun lun quan st nhng ngi khng trong cng ty ang trn quanh ta nh vi cc phn cng c bn ca 802.11 th cng rt hiu qu trong vic thu hp nguy c tn cng. 3. Ki m k thit b WL N v ki m nh s n ton Nh mt s b sung ti chnh sch an ton vt l, tt c cc thit b WLAN cn c kim k u n lp chng mc cho php v khng cho php cc ngi s dng thit b WLAN truy nhp ti mng ca t chc. Nu mng qu ln v bao gm mt s lng ng k cc thit b khng dy th vic kim k nh k c th khng kh thi. Trong nhng trng hp nh vy th cn thit thc hin nhng gii php bo mt WLAN m khng da trn phn cng, nhng d nhin l vn da trn username v password hoc mt vi loi khc trong cc gii php bo mt khng da trn phn cng. Vi nhng mng khng dy trung bnh v nh, s kim k hng thng hoc hng qu gip pht hin nhng s mt mt cc phn cng. Qut nh k vi cc b phn tch mng pht hin cc thit b xm nhp, l cch rt tt bo mt mng WLAN. 4. S d ng gii php bo mt tin tin Nhng t chc WLAN cn tn dng mt vi c ch bo mt tin tin c sn trn th trng. iu cng cn c cp trong chnh sch bo mt ca cng ty. V nhng cng ngh ny kh mi,cn c quyn v thng c s dng phi hp vi cc giao thc, cc cng ngh khc.

Chng cn c lp thnh ti liu hng dn, nu c mt s xm phm xut hin, th ngi qun tr c th xc nh ni v cch m s xm nhp xut hin. Bi ch c s t c o to v bo mt WLAN, do nhng ngi ny l rt quan trng, v th chnh sch tin lng cng c cp n trong cc chnh sch bo mt ca cng ty, tp on. N cng l mt trong cc mc cn c lp ti liu chi tit. 5. Mng khng dy ng ng iu tt yu s xy ra l nhng ngi s dng ca cng ty vi nhng thng tin nhy cm ca h s kt ni t laptop ca h ti WLAN cng cng. iu ny cng nm trong chnh sch bo mt ca cng ty. Nhng ngi dng phi chy nhng phn mm firewall c nhn v cc phn mm chng virus trn laptop ca h. a s cc mng WLAN cng cng c t hoc khng c s bo mt no, nhm lm cho kt ni ca ngi dng n gin v gim bt s lng cc h tr k thut c yu cu. 6. S truy nhp ki m tr v gii hn Hu ht cc mng Lan ln u c mt vi phng php gii hn v kim tra s truy nhp ca ngi s dng. Tiu biu l mt h thng h tr chng thc, s cp php, v cc dch v Accounting, (Authentication, Authorization, Accountting (AAA)) c trin khai. Nhng dch v AAA cho php t chc gn quyn s dng vo nhng lp c bit ca ngi dng. V d mt ngi dng tm thi c th ch c truy cp vo internet trong mt phm vi no . Vic qun l ngi s dng cn cho php xem xt ngi lm g trn mng, thi gian v chng mc h vo

IV. Nhng khuyn o v bo mt

Phn di y a ra vi khuyn co trong vic bo mt mng WLAN. 1. Thay i administration password v c username nu AP h tr v SSID mc nh ca AP hoc wireless router. Nu khng thay i mng ca bn rt c th b xm nhp v sa i. Trnh dng SSID v password c lin quan n cc thng tin c nhn,t chc ca bn thn.

2. Thng xuyn cp nht firmware mi nht cho AP hoc Wireless router.

3. Nn dng ch n SSID hoc ESSID trnh b scan bi cc phn mm thng dng nh Net Stumbler, Air Magnet...

4. Nn t t P khi khng s dng.Trong khong thi gian khng theo di l c hi cho cc Hacker tn cng v thm nhp. 5. S dng cc cng c bo mt ca Acess Point nh Firewall, NAT.....Rt nhiu ngi khi s dng AP thng ch mc nh ca nh sn xut. Trong ch ny cc phn v bo mt thng khng c bt.

Tn dng cc cng ngh sn c nh VPNs, firewall, h thng pht hin xm nhp, Intrusion Detection System (IDS), cc giao thc v cc chun nh 802.1x v EAP, v chng thc client vi Radius Sever c th gip cc gii php an ton nm ngoi phm vi m chun 802.11 yu cu, v tha nhn. Gi v thi gian thc hin cc gii php ny thay i ty theo quy m thc hin. (RADIUS l chun khng chnh thc trong h thng chng thc ngi s dng. Cc AP gi nhng yu cu chng thc ngi s dng n mt RADIUS server, m c th hoc c mt c s d liu c gn sn hoc c th qua yu cu chng thc ti mt b iu khin vng, nh NDS server, active directory server, hoc thm ch l mt h thng c s d liu tng hp LDAP). 6. M ha : WEP, WPA WPA2 l nhng kiu m ha thng dng trong cc AP, nu AP ch h tr WEP th hy dng key di nht c th (thng l 128bit), nu c h tr WPA th xi key ti thiu 128bit or 256bit. a phn cc AP c support WPA u dng kiu WPA-PSK (pre-shared key hoc passphare key), WPA2 m ha th an ton hn na nhng phi cn thm 1 server Radius nhm mc ch xc thc. Nn t kha cng phc tp cng tt(bao gm k t hoa thng, s & k t c bit kt hp li), khng nn dng nhng t c ngha hay c trong t in, v cracker vn d c m kha WPA khi dng t in d theo kiu brute force attack.

Ch : Nn dng WPA WPA2 v s dng kiu m ha AES (Advanced Encryption Standard) y l kiu m ho tin tin nht hin nay.

7. Lc a ch MAC : AP u c tnh nng lc MAC ca cc client kt ni vo, c 2 cch lc l ch cho php v ch cm a ch MAC no .

8. Nn ch dng chun 802.11g nu c th v do cc phn mm crack wireless hin nay rt t h tr card wireless chun g 9. Nn thay i password nh k : y l phng php n gin nhng hu hiu bo m an ton cho Wlan. 10. nh c cell gim bt c hi nghe trm,kch c cell ca AP phi thch hp vi khu vc an ton. Phn ln hacker tm nhng ni m tn t thi gian v nng lng nht tm cch truy cp mng. V l do ny, rt quan trng khi khng cho php nhng AP pht ra nhng tn hiu ra ngoi khu vc an ton tr khi tuyt i cn thit. Vi AP cho php cu hnh mc cng sut u ra, do c th iu khin kch thc Cell RF xung quanh AP.Hoc s dng cc vt cn thng thng nh st,tng.... C gng t AP v pha trung tm ca khu vc s gim thiu vic r tn hiu ra ngoi phm vi mong i.

11. Nn tt DHCP ca Access Point v thit lp cc dy IP ca Lan ngoi cc dy thng thng nh: 192.168.0.X v 192.168.1.X.Dy IP cho php thit lp l 10.0.0.010.255.255.255,172.16.0.0- 172.31.255.255,192.168.0.0-192.168.255.255

12. Hy chc chn l bt ch logging (thng c tt theo mc nh) v thng xuyn kim tra log .Log c th bo cho ta bit cc cuc ving thm khng mi.

13. Dng ch HTTPs : hon ton c th iu khin AP qua cc trnh duyt web vn khng c m ho hoc ch cho php cu hnh AP trc tip qua line.

14. Bo mt cho mng ni b:M ha file khi truyn,s dng cc ch bo mt ca HH...... 15. Nn chia thnh 2 mng ring bit WirelessLAN v WiredLAN bng cc dy IP khc nhau trnh xm nhp 16. Switches khng Hubs : Mt nguyn tc n gin khc l lun kt ni cc AP ti switch thay v hub, hub l thit b c tnh cht broadcast, do d b mt password v IP address. 17. Wireless DM : tng khc trong vic thc hin bo mt cho nhng segment khng dy l thit lp mt vng ring cho mng khng dy, Wireless DeMilitarized one (WDM ). To vng WDM s dng firewalls hoc router th c th rt tn km, ph thuc vo quy m, mc thc hin. WDM ni chung c thc hin vi nhng mi trng WLAN rng ln. Bi cc AP v c bn l cc thit b khng bo m v khng an ton, nn cn phi tch ra khi cc on mng khc

 bin php bo mt ho ngi dng mng khng dy(end-user)

Tt ch ad hoc. M ho frame khng dy . Bo mt Data : m ha file (dng file rar c t password khi cn gi file quan trng, s dng cc ch bo mt ca HH..... Dng cc phn mm firewall.

Nhng bin php n ton dng ho ng d ng C hai loi ng dng c h tr lp truy cp: ng dng cho nhn vin v ng dng cho khch. - Mun s dng cc ng dng ca nhn vin phi qua cc bc kim tra an ton nhng lp di thng qua cc k thut xc thc phn "Cc dch v bo mt dng chung". - My ch v cc ng dng cng phi trang b cc bin php kim sot truy nhp, phn quyn trn cc dch v dnh cho nhn vin. - Khch s dng phi c chn li v s dng cc ti nguyn khu vc dnh cho khch xc thc trc khi cho truy nhp vo cc ti nguyn khc.