Since the development of Wireless Network, a variety of security authentication methods have emerged. Wireless devices that support the new authentication methods are generally compatible with the old security authentication methods. However, old devices are often not eliminated so quickly. Sometimes, because compatibility issues are not considered, some devices cannot connect to the wireless network. . Therefore, even ordinary wireless users need to understand some knowledge of wireless network security authentication methods. The following introduction is based on such a need. It is very basic, but provides links for further understanding of related knowledge.
There are 7 choices in the wireless network card security settings in Windows 7 (or even 8): no authentication (open), shared, WPA2-personal, WPA-personal, WPA2-enterprise, WPA-enterprise, 802.1X. The following mainly introduces the common sense and choices of these types of security, as well as the problems and solutions caused by configuration errors.
The seven security types are described as follows:
1. No authentication (open)
Early WiFi did not provide data encryption, that is, an open wireless network without authentication. Any device can connect to the network without authorization. After connecting to such a wireless network, the wireless connection in the system will prompt "insecure", because the connection through such WiFi is easy to be eavesdropped.
Generally, when a temporary peer-to-peer network needs to be established between several computers occasionally, this type of security is used, which is simple.
2. Shared (WEP)
shared security type adopts WEP encryption standard. WEP stands for Wired Equivalent Privacy, which means wired equivalent privacy. In 1999, the WEP encryption protocol was passed, providing encryption security equivalent to wired connections. However, it turns out that WEP is easy to be cracked, so WPA encryption came into being.
Therefore, when a higher encryption standard is available, the WEP encryption type is generally not used.
For more information about WEP, you can refer to the Chinese entry on Wikipedia, but it is not as detailed as the English entry.
3.
WPA WPA2-Personal, WPA-Personal, WPA2-Enterprise, WPA-Enterprise, these four security types belong to WPA, WPA2 is an upgraded version of WPA.
First of all, the WPA design can be used on all wireless network cards, but it may not be used on the first generation of wireless hotspots (such as wireless routers). WPA2 may not be used on some older network cards. They all provide better safety performance than the shared type.
Secondly, WPA and WPA2 both use TKIP or AES encryption, which has a higher encryption level than WEP and is therefore more secure. In AES encryption mode, the length of the password (network security key) is required to be 8~63 ASCII characters or 8~64 hexadecimal characters (in short, 8~64 letters, numbers and English punctuation characters can be set Combination as a password). Generally, the longer the password, the safer it is, but I am afraid I can’t remember it. The TKIP (Temporary Key Integrity) protocol is a temporary transition scheme in the IEEE 802.11i standard and is generally not used.
Third, the reason why it is divided into personal edition and enterprise edition is to consider that enterprises often need a higher level of security, and individuals want to have a higher level of security, but at the same time it is not complicated to the point of useless.
The enterprise version requires a dedicated server to issue and verify certificates without using a password; the
personal version does not require a dedicated certificate, and can use a preset password (pre-shared key, abbreviated PSK). So many places call WPA-personal or WPA2-personal: WPA-PSK and WPA2-PSK.
Through these points of analysis, we can see that when building a wireless network in a small office or home, the WPA-PSK security type is generally selected and AES encryption is used. The reason why WPA2 is not used is to take care of some older devices.
In addition, newer network cards and routers use IEEE 802.11n, which can provide higher bandwidth (in theory, up to 600Mbps), but the IEEE 802.11n standard does not support the high throughput rate of WEP encryption (or TKIP encryption algorithm) unicast passwords . In other words, if the user selects the shared WEP encryption method or the TKIP encryption type WPA-PSK/WPA2-PSK security type, the wireless transmission rate will automatically drop to the 11g level (theoretical value 54Mbps, the actual value is lower). If the user is using 11n wireless products, then the wireless encryption method can only choose WPA-PSK/WPA2-PSK AES algorithm encryption, otherwise the wireless transmission rate will be automatically reduced. If you are an old 11g user, at least you should choose WEP wireless encryption.
Similarly, for more information about WPA, you can refer to the Chinese entry on Wikipedia, but it is not as detailed as the English entry.
4.
802.1X is similar to the enterprise version of WPA, and 802.1X also requires a dedicated authentication server to authenticate WiFi connections. Personal or small offices are generally not used.
In Windows XP system, Microsoft lists 802.1X separately. Sometimes users cannot connect to the wireless network because they choose this authentication (see the wireless connection prompt "Windows cannot find the certificate to log you on to the network" solution Method). Starting from Windows 7, this option has been juxtaposed with several other security types, and there should be no such problem.
This article was published on the page of Waterscape . Permalink: < https://cnzhx.net/blog/wifi-7-security-type/ >. Reproduced Please keep this information and related links.