WPA3 twb tau txais yuav, thiab txij li Lub Xya Hli 2020 nws yog qhov yuav tsum tau ua rau cov khoom siv uas tau lees paub los ntawm WiFi-Alliance, WPA2 tsis tau muab tso tseg thiab tsis mus. Tib lub sijhawm, ob qho tib si WPA2 thiab WPA3 muab kev ua haujlwm hauv PSK thiab Enterprise hom, tab sis peb xav kom xav txog Private PSK thev naus laus zis hauv peb tsab xov xwm, nrog rau cov txiaj ntsig uas tuaj yeem ua tiav nrog nws cov kev pab.
WPA2-Cov teeb meem ntawm tus kheej tau paub ntev ntev thiab, feem ntau, twb tau kho lawm (Priority Management Frames, fixes for the KRACK vulnerability, etc.). Qhov tseem ceeb ntawm qhov tsis zoo ntawm WPA2 siv PSK yog tias cov passwords tsis muaj zog yog qhov yooj yim kom tawg nrog phau ntawv txhais lus nres. Thaum muaj kev cuam tshuam thiab hloov tus password mus rau ib qho tshiab, nws yuav tsum rov kho txhua yam khoom siv txuas nrog (thiab cov ntsiab lus nkag), uas tuaj yeem siv sijhawm ntau heev (los daws qhov teeb meem "tsis muaj zog password", WiFi- Alliance pom zoo kom siv cov passwords tsawg kawg 20 cim).
Lwm qhov teeb meem uas qee zaum tsis tuaj yeem daws tau siv WPA2-Tus Kheej yog txoj haujlwm ntawm cov profiles sib txawv (vlan, QoS, firewall ...) rau cov pab pawg ntawm cov cuab yeej txuas nrog tib SSID.
Nrog kev pab los ntawm WPA2-Enterprise nws muaj peev xwm daws tau tag nrho cov teeb meem tau piav qhia saum toj no, tab sis tus nqi rau qhov no yuav yog:
- Qhov yuav tsum muaj lossis siv PKI (Public Key Infrastructure) thiab daim ntawv pov thawj kev ruaj ntseg;
- Kev teeb tsa yuav nyuaj;
- Kev daws teeb meem yuav nyuaj;
- Tsis yog qhov kev daws teeb meem zoo tshaj plaws rau IoT cov khoom siv lossis cov qhua nkag.
Ib qho kev daws teeb meem ntau dua rau cov teeb meem ntawm WPA2-Tus kheej yog kev hloov pauv mus rau WPA3, qhov kev txhim kho tseem ceeb uas yog siv SAE (Simultaneous Authentication of Equals) thiab PSK static. WPA3-Tus kheej daws qhov teeb meem "dictionary attack", tab sis tsis muab cov cim tshwj xeeb thaum muaj kev lees paub thiab, raws li, muaj peev xwm muab cov profiles (vim nws tseem siv tus password zoo li qub).
Nws tseem ceeb heev uas yuav tsum nco ntsoov tias ntau dua 95% ntawm cov neeg siv khoom uas twb muaj lawm tam sim no tsis txhawb WPA3 thiab SAE, thiab WPA2 tseem ua haujlwm tau zoo ntawm ntau lab ntawm cov khoom siv uas twb tau tso tawm lawm.
Txhawm rau kom tau txais kev daws teeb meem rau cov uas twb muaj lawm, lossis cov teeb meem muaj peev xwm tau piav qhia saum toj no, Extreme Networks tsim Private Pre-Shared Key (PPSK) thev naus laus zis. PPSK yog sib xws nrog txhua tus neeg siv Wi-Fi uas txhawb WPA2-PSK thiab tso cai rau koj kom ua tiav qib kev ruaj ntseg piv rau qhov ua tiav siv WPA2-Enterprise, tsis tas yuav tsim 802.1X / EAP infrastructure. Tus kheej PSK yog qhov tseem ceeb WPA2-PSK, tab sis txhua tus neeg siv (lossis pab pawg neeg siv) tuaj yeem muaj lawv tus kheej dynamically generated password. PPSK kev tswj hwm tsis txawv ntawm PSK kev tswj hwm vim tias tag nrho cov txheej txheem yog automated. Cov ntaub ntawv tseem ceeb tuaj yeem khaws cia hauv zos ntawm cov ntsiab lus nkag lossis hauv huab.
Cov passwords tuaj yeem tsim tau, nws tuaj yeem hloov kho lawv qhov ntev / lub zog, lub sijhawm lossis hnub tas sijhawm, kev xa mus rau tus neeg siv (los ntawm kev xa ntawv lossis SMS):
Koj tuaj yeem teeb tsa cov neeg siv ntau tshaj plaws uas tuaj yeem txuas tau siv ib qho PPSK, lossis tseem teeb tsa "MAC-binding" rau cov khoom siv sib txuas. Ntawm cov lus txib ntawm tus thawj tswj hwm network, txhua tus yuam sij tuaj yeem tshem tawm tau yooj yim, thiab kev nkag mus rau lub network yuav raug tsis lees paub yam tsis tas yuav rov teeb tsa tag nrho lwm yam khoom siv. Yog tias tus neeg siv khoom txuas nrog thaum tus yuam sij raug tshem tawm, qhov nkag nkag yuav txiav nws tawm ntawm lub network.
Ntawm qhov zoo ntawm PPSK, peb nco ntsoov:
- yooj yim ntawm kev siv nrog qib siab ntawm kev ruaj ntseg;
- repelling phau ntawv txhais lus nres yog daws tau siv cov passwords ntev thiab muaj zog uas ExtremeCloudIQ tuaj yeem tsim thiab faib;
- muaj peev xwm muab cov kev ruaj ntseg sib txawv rau cov khoom siv sib txawv txuas nrog tib SSID;
- zoo heev rau kev ruaj ntseg qhua;
- zoo rau kev ruaj ntseg nkag thaum cov khoom siv tsis txhawb 802.1X / EAP (cov khoom siv tes tuav lossis IoT / VoWiFi li);
- ntse siv thiab txhim kho rau ntau tshaj 10 xyoo.
Yog tias koj muaj lus nug lossis muaj lus nug, koj tuaj yeem nug cov neeg ua haujlwm ntawm peb lub hoobkas - .
Tau qhov twg los: www.hab.com