Advertisement
After paying attention to the Wi-Fi signal strength you also need to pay attention to the Wi-Fi security level, which can help prevent information loss and even prevent scraping behavior.

In fact, after paying attention to the Wi-Fi signal strength you also need to pay attention to the Wi-Fi security level. It can help prevent information loss and even prevent dabbing.

First of all, a long enough wireless network password at home does not mean that it is a secure network. A long password doesn't mean it's secure, it just means that it will take a little longer for someone to break into your network and try to find out your password.

Usually our wireless networks will have different encryption methods, which fall under the category of wireless security protocols. The popular wireless security protocols include WEP, WPA, WPA2, and a variation of WPS and WPA3, which was released but not really widely implemented.

The WEP protocol, known as Wired Equivalent Privacy, was initially used for wireless networks and later became the Wireless Encryption Protocol (WEP), which quickly became the standard for wireless networks after the WEP protocol was announced in 1997. The encryption process uses the RC4 streaming encryption mechanism.

This results in the need to continuously generate new non-repeating IV vectors in order to maintain the encryption operation within a certain period, how to determine the IV non-repeating? In this encryption process the IV vectors are published in plaintext. So this method of encryption ends up being equivalent to not adding. Using some tools that can be downloaded publicly, crackers can directly crack a WEP-based network in 2-3 minutes.

After the wireless network standard struggled a bit after 1997, the method of using time code to generate keys for Wi-Fi was proposed by the Wi-Fi Alliance in 1999, which is also known as Temporal Key Integrity Protocol, TKIP. replacing to some extent the WEP exposed IV, this additional protocol standard is called Wi-Fi Over time, WPA's TKIP was soon cracked as well. These cracks focused on the guessing and pairing of IVs necessary for RC4.

Further down the road, the Wi-Fi Alliance updated the encryption algorithm of WPA, using AES instead of RC4 plus secret, and distributed a pre-shared key at the beginning of the network establishment, and later all traffic used the AES key calculated based on this key to encrypt the data again. This is when the network is considered relatively secure, and the wireless network encryption method with this feature is called WPA2.

Is WPA2 secure? Not necessarily, in 2017 two security personnel invented Key Reinstallation Attack, KRACK. simply put, the Wi-Fi network in order to deal with the disconnection signal is bad will have sent some packets retransmitted, this time a disguised Key can get Wi-Fi network data.

Through this method attackers can not control the computer, but the data on the Wi-Fi network is transparent to the attacker, if the transmission of non-SSL encrypted information, such as ordinary HTTP instead of HTTPS, the attacker can decrypt the wireless data.

In fact, the overall network security issue is an indebted matter, in the earliest days of WEP (Wired Equivalent Security) actually did just a wireless network similar to the security standards of the network cable, but even the network cable, in the absence of a switch to divide the strict broadcast domain is the premise of a wide range of broadcasts within the Ethernet and the loss of data protection capabilities.

Our network, again, because it has to be compatible with older devices, will lead to the use of these encryption methods with vulnerabilities even if we know the existence of certain vulnerability issues. In this premise, we actually need to do different levels of network isolation.

For example, many ESP8266/ESP32-based smart home products, due to the use of relatively cheap chips, do not have a high level of encryption support for network security itself. Therefore these devices should actually be connected to a relatively low authority network tier, for example, there is a RiHomeBase access point on the iN side, which is completely open for these devices. The rules on the routers and firewalls also set these devices to interoperate only with a specific node in the home, in order to have minimal network privileges.

At the same time some larger devices, such as cell phones, tablets, game consoles, etc., support a relatively high level of security themselves. It can be released to a higher level of access points.

Of course, the most secure is based on RADIUS authentication network system, you will need to support the router RADIUS service or set up a separate RADIUS server.

After the authentication based on the user name password, the entire traffic is encrypted with a layer of TLS, in this configuration the network is "fairly" secure. Of course, provided that you do not lose the key and certificate.