Pulogalamu ya ProHoster > Blog > Ulamuliro > Private PSK (Pre-Shared Key) - mawonekedwe ndi kuthekera kwa nsanja ya ExtremeCloud IQ

Private PSK (Pre-Shared Key) - mawonekedwe ndi kuthekera kwa nsanja ya ExtremeCloud IQ

WPA3 idakhazikitsidwa kale, ndipo kuyambira Julayi 2020 ndiyovomerezeka pazida zomwe zimapatsidwa satifiketi mu WiFi-Alliance; WPA2 sinathetsedwa ndipo sichita. Panthawi imodzimodziyo, WPA2 ndi WPA3 zimapereka ntchito mu PSK ndi Enterprise modes, koma tikupempha kuti tiganizire m'nkhani yathu teknoloji ya Private PSK, komanso ubwino womwe ungapezeke ndi chithandizo chake.

Private PSK (Pre-Shared Key) - mawonekedwe ndi kuthekera kwa nsanja ya ExtremeCloud IQ

Mavuto omwe ali ndi WPA2-Personal akhala akudziwika kwa nthawi yayitali ndipo, makamaka, adakhazikitsidwa kale (Mafulemu Oyang'anira Zofunika Kwambiri, kukonza zowonongeka kwa KRACK, etc.). Choyipa chachikulu chotsalira cha WPA2 pogwiritsa ntchito PSK ndikuti mawu achinsinsi ofooka ndi osavuta kusokoneza pogwiritsa ntchito kuukira kwa mtanthauzira mawu. Ngati mawu achinsinsi asokonezedwa ndipo mawu achinsinsi asinthidwa kukhala atsopano, padzakhala kofunikira kukonzanso zida zonse zolumikizidwa (ndi malo olowera), zomwe zitha kukhala njira yovutirapo kwambiri (kuthetsa vuto la "password yofooka", WiFi. -Alliance imalimbikitsa kugwiritsa ntchito mawu achinsinsi a zilembo zosachepera 20).

Nkhani ina yomwe nthawi zina sungathetsedwe pogwiritsa ntchito WPA2-Personal ikupereka mbiri zosiyanasiyana (vlan, QoS, firewall ...) kumagulu a zipangizo zogwirizanitsidwa ndi SSID yomweyo.

Mothandizidwa ndi WPA2-Enterprise ndizotheka kuthetsa mavuto onse omwe tafotokozazi, koma mtengo wake udzakhala:

  • Kufunika kokhala kapena kutumiza PKI (Public Key Infrastructure) ndi ziphaso zachitetezo;
  • Kuyika kungakhale kovuta;
  • Pakhoza kukhala zovuta kuthetsa mavuto;
  • Osati yankho labwino kwambiri pazida za IoT kapena kupeza alendo.

Njira yowonjezereka yothetsera mavuto a WPA2-Personal ndikusinthira ku WPA3, kusintha kwakukulu komwe ndiko kugwiritsa ntchito SAE (Simultaneous Authentication of Equals) ndi static PSK. WPA3-Personal imathetsa vutoli ndi "dictionary attack", koma sapereka chizindikiritso chapadera panthawi yovomerezeka ndipo, motero, kutha kugawa mbiri (popeza mawu achinsinsi omwe amagwiritsidwa ntchito amagwiritsidwanso ntchito).

Private PSK (Pre-Shared Key) - mawonekedwe ndi kuthekera kwa nsanja ya ExtremeCloud IQ
Ziyeneranso kuganiziridwa kuti oposa 95% a makasitomala omwe alipo panopa sakuthandizira WPA3 ndi SAE, ndipo WPA2 ikupitiriza kugwira ntchito bwino pa mabiliyoni a zipangizo zomwe zatulutsidwa kale.

Pofuna kupeza njira yothetsera mavuto omwe alipo kapena omwe angathe kufotokozedwa pamwambapa, Extreme Networks inapanga teknoloji ya Private Pre-Shared Key (PPSK). PPSK imagwirizana ndi kasitomala aliyense wa Wi-Fi yemwe amathandizira WPA2-PSK, ndipo amakulolani kuti mukwaniritse chitetezo chofanana ndi chomwe chinapezedwa ndi WPA2-Enterprise, popanda kufunika komanga maziko a 802.1X/EAP. Private PSK kwenikweni ndi WPA2-PSK, koma wogwiritsa ntchito aliyense (kapena gulu la ogwiritsa ntchito) akhoza kukhala ndi mawu achinsinsi opangidwa mwamphamvu. Kuwongolera PPSK sikusiyana ndi kuyang'anira PSK popeza njira yonseyi ndi yodzichitira. Makiyi achinsinsi amatha kusungidwa kwanuko kumalo olowera kapena mumtambo.

Private PSK (Pre-Shared Key) - mawonekedwe ndi kuthekera kwa nsanja ya ExtremeCloud IQ
Mawu achinsinsi amatha kupangidwa okha; ndizotheka kuyika mosinthika kutalika / mphamvu, nthawi kapena tsiku lotha ntchito, ndi njira yotumizira kwa wogwiritsa ntchito (pa imelo kapena SMS):

Private PSK (Pre-Shared Key) - mawonekedwe ndi kuthekera kwa nsanja ya ExtremeCloud IQ
Private PSK (Pre-Shared Key) - mawonekedwe ndi kuthekera kwa nsanja ya ExtremeCloud IQ
Mukhozanso kukonza chiwerengero chachikulu cha makasitomala omwe angagwirizane pogwiritsa ntchito PPSK imodzi kapena kukonza "MAC-binding" pazida zolumikizidwa. Polamulidwa ndi woyang'anira ma netiweki, kiyi iliyonse imatha kuchotsedwa mosavuta, ndipo mwayi wopezeka pa intaneti udzakanidwa popanda kufunikira kukonzanso zida zina zonse. Ngati kasitomala alumikizidwa pamene fungulo lithetsedwa, malo olowera amangochotsa pamaneti.

Zina mwazabwino za PPSK timawona:

  • kumasuka kugwiritsa ntchito ndi chitetezo chokwanira;
  • kubweza kuwukira kwa mtanthauzira mawu kumathetsedwa pogwiritsa ntchito mawu achinsinsi aatali komanso amphamvu, omwe ExtremeCloudIQ imatha kupanga ndikugawa;
  • Kutha kupatsa mbiri zosiyanasiyana zachitetezo ku zida zosiyanasiyana zolumikizidwa ndi SSID yomweyo;
  • Zabwino kwa alendo otetezeka;
  • Zabwino kuti zitheke zotetezedwa pomwe zida sizigwirizana ndi 802.1X/EAP (ma scanner am'manja kapena zida za IoT/VoWiFi);
  • kugwiritsa ntchito bwino ndikusintha kwazaka zopitilira 10.

Mafunso aliwonse omwe angabwere kapena kutsalira amatha kufunsidwa nthawi zonse kwa ogwira ntchito kuofesi yathu - [imelo ndiotetezedwa].

Source: www.habr.com

Kuwonjezera ndemanga