An riga an karɓi WPA3, kuma tun daga Yuli 2020 ya zama tilas ga na'urorin da aka tabbatar ta hanyar WiFi-Alliance, WPA2 ba a soke ba kuma baya zuwa. A lokaci guda, duka WPA2 da WPA3 suna ba da aiki a cikin PSK da hanyoyin kasuwanci, amma muna ba da shawarar yin la'akari da fasahar PSK masu zaman kansu a cikin labarinmu, da fa'idodin da za a iya samu tare da taimakonsa.
WPA2-Matsalolin sirri an san su na dogon lokaci kuma, gabaɗaya, an riga an gyara su (Firam ɗin Gudanarwa na Farko, gyare-gyare don raunin KRACK, da sauransu). Babban abin da ya rage na WPA2 ta amfani da PSK shine cewa kalmomin sirri masu rauni suna da sauƙin fashe tare da harin ƙamus. A cikin taron na sasantawa da canza kalmar wucewa zuwa sabon, zai zama dole don sake saita duk na'urorin da aka haɗa (da wuraren samun dama), wanda zai iya zama tsari mai ɗaukar lokaci sosai (don magance matsalar "maɓallin kalmar sirri", WiFi- Alliance tana ba da shawarar amfani da kalmomin shiga na aƙalla haruffa 20).
Wani batu wanda wani lokaci ba za a iya warware shi ta amfani da WPA2-Personal shine aikin bayanan martaba daban-daban (vlan, QoS, Firewall ...) zuwa ƙungiyoyin na'urorin da aka haɗa zuwa SSID iri ɗaya.
Tare da taimakon WPA2-Enterprise yana yiwuwa a warware duk matsalolin da aka bayyana a sama, amma farashin wannan zai zama:
- Bukatar samun ko tura PKI (Maɓallin Maɓalli na Jama'a) da takaddun shaida na tsaro;
- Shigarwa na iya zama da wahala;
- Matsalar matsala na iya zama da wahala;
- Ba shine mafi kyawun mafita don na'urorin IoT ko damar baƙi ba.
Ƙarin bayani mai mahimmanci ga matsalolin WPA2-Personal shine sauyawa zuwa WPA3, babban cigaban wanda shine amfani da SAE (Saitunan Tabbatarwa na Daidaitawa) da PSK a tsaye. WPA3-Personal yana warware matsalar "harrin ƙamus", amma baya samar da takamaiman ganewa yayin tantancewa kuma, daidai da haka, ikon sanya bayanan martaba (tunda har yanzu yana amfani da kalmar sirri ta gama gari).
Hakanan yana da mahimmanci a tuna cewa sama da 95% na abokan ciniki a halin yanzu basa goyan bayan WPA3 da SAE, kuma WPA2 yana ci gaba da aiki cikin nasara akan biliyoyin na'urorin da aka riga aka saki.
Domin samun mafita ga abubuwan da ke wanzu, ko yuwuwar matsalolin da aka bayyana a sama, Extreme Networks sun haɓaka fasahar Maɓalli na Farko (PPSK) masu zaman kansu. PPSK ya dace da kowane abokin ciniki na Wi-Fi wanda ke goyan bayan WPA2-PSK kuma yana ba ku damar cimma matakin tsaro kwatankwacin wanda aka samu ta amfani da WPA2-Enterprise, ba tare da buƙatar gina kayan aikin 802.1X/EAP ba. PSK mai zaman kansa shine ainihin WPA2-PSK, amma kowane mai amfani (ko rukunin masu amfani) na iya samun kalmar sirrin da aka samar da su. Gudanar da PPSK bai bambanta da gudanarwar PSK kamar yadda gabaɗayan tsari ke sarrafa kansa ba. Ana iya adana maɓalli na maɓalli a cikin gida akan wuraren shiga ko cikin gajimare.
Ana iya ƙirƙirar kalmomin shiga ta atomatik, yana yiwuwa a sassauƙa saita tsayi/ƙarfin su, lokaci ko ranar karewa, hanyar isarwa ga mai amfani (ta mail ko SMS):
Hakanan zaka iya saita matsakaicin adadin abokan ciniki waɗanda zasu iya haɗawa ta amfani da PPSK ɗaya, ko ma saita "MAC-binding" don na'urorin da aka haɗa. A umurnin mai kula da cibiyar sadarwa, kowane maɓalli na iya zama cikin sauƙi a soke shi, kuma za a hana shiga hanyar sadarwar ba tare da buƙatar sake saita duk sauran na'urori ba. Idan an haɗa abokin ciniki lokacin da aka soke maɓalli, wurin samun dama zai cire haɗin ta kai tsaye daga hanyar sadarwar.
Daga cikin manyan fa'idodin PPSK, mun lura:
- sauƙin amfani tare da babban matakin tsaro;
- Ana magance harin ƙamus ta amfani da dogayen kalmomin sirri masu ƙarfi waɗanda ExtremeCloudIQ na iya samarwa da rarrabawa ta atomatik;
- ikon sanya bayanan bayanan tsaro daban-daban zuwa na'urori daban-daban da aka haɗa zuwa SSID iri ɗaya;
- mai girma don amintaccen damar baƙo;
- mai girma don amintaccen damar shiga lokacin da na'urori ba sa goyan bayan 802.1X/EAP (na'urar sikanin hannu ko na'urorin IoT/VoWiFi);
- an yi nasarar amfani da shi kuma an inganta shi sama da shekaru 10.
Idan kuna da tambayoyi ko kuna da tambayoyi, koyaushe kuna iya tambayar ma'aikatan ofishinmu - .
source: www.habr.com