WPA3 yakatogamuchirwa, uye kubva muna Chikunguru 2020 inosungirwa kumidziyo yakasimbiswa neWiFi-Alliance, WPA2 haina kukanzurwa uye haisi kuenda. Panguva imwecheteyo, zvese WPA2 neWPA3 inopa kushanda muPSK uye Enterprise modes, asi isu tinokurudzira kufunga nezve Private PSK tekinoroji muchinyorwa chedu, pamwe nemabhenefiti anogona kuwanikwa nerubatsiro rwayo.
WPA2-Personal matambudziko ave achizivikanwa kwenguva yakareba uye, kazhinji, akatogadziriswa (Priority Management Frames, kugadzirisa kweKRACK vulnerability, nezvimwewo). Chinhu chikuru chasara chakaipa cheWPA2 uchishandisa PSK ndechekuti mapassword asina kusimba ari nyore kutsemuka nekurwiswa kweduramazwi. Muchiitiko chekukanganisa uye kushandura password kuita imwe nyowani, zvichave zvakakodzera kugadzirisa zvese zvakabatana zvishandiso (uye nzvimbo dzekuwana), izvo zvinogona kutora nguva zvakanyanya (kugadzirisa "isina simba password" dambudziko, WiFi- Alliance inokurudzira kushandisa mapassword emavara makumi maviri).
Imwe nyaya iyo dzimwe nguva haigone kugadziriswa uchishandisa WPA2-Personal ndeyekupihwa kweakasiyana profiles (vlan, QoS, firewall ...) kumapoka emidziyo yakabatana kune imwecheteyo SSID.
Nerubatsiro rweWPA2-Enterprise zvinokwanisika kugadzirisa matambudziko ese anotsanangurwa pamusoro, asi mutengo weizvi uchava:
- Iko kudikanwa kwekuve kana kutumira PKI (Public Key Infrastructure) uye zvitupa zvekuchengetedza;
- Kuiswa kungave kwakaoma;
- Kugadzirisa matambudziko kungave kwakaoma;
- Haisi iyo yakanakisa mhinduro yeIoT zvishandiso kana yevaenzi kuwana.
Imwe nzira yakasimba yekugadzirisa matambudziko eWPA2-Personal ndiyo shanduko yeWPA3, iyo huru yekuvandudza iyo kushandiswa kweSAE (Simultaneous Authentication of Equals) uye static PSK. WPA3-Personal inogadzirisa "dictionary attack" dambudziko, asi haipe yakasarudzika chiziviso panguva yechokwadi uye, zvinoenderana, kugona kugovera profiles (sezvo ichiri kushandisa yakajairika static password).
Izvo zvakakoshawo kuyeuka kuti pamusoro pe95% yevatengi varipo parizvino havatsigire WPA3 neSAE, uye WPA2 inoramba ichishanda zvinobudirira pamabhiriyoni emidziyo yakatoburitswa.
Kuti uwane mhinduro kune iripo, kana matambudziko anogona kutsanangurwa pamusoro apa, Extreme Networks yakagadzira Private Pre-Shared Key (PPSK) tekinoroji. PPSK inoenderana nechero mutengi weWi-Fi inotsigira WPA2-PSK uye inokutendera iwe kuti uwane mwero wekuchengetedza unofananidzwa newakawanikwa uchishandisa WPA2-Enterprise, pasina chikonzero chekuvaka 802.1X/EAP zvivakwa. Yakavanzika PSK ndeye WPA2-PSK, asi mushandisi wega wega (kana boka revashandisi) vanogona kuve neyavo inogadzirwa password. PPSK manejimendi haina kusiyana nePSK manejimendi sezvo maitiro ese ari otomatiki. Iyo kiyi dhatabhesi inogona kuchengetwa munharaunda munzvimbo dzekuwana kana mugore.
Mapassword anogona kugadzirwa otomatiki, zvinokwanisika kuseta kureba / kusimba kwavo, nguva kana zuva rekupera, nzira yekuendesa kumushandisi (netsamba kana SMS):
Iwe unogona zvakare kugadzirisa huwandu hwehuwandu hwevatengi vanogona kubatana vachishandisa imwe PPSK, kana kutogadzira "MAC-inosunga" yemidziyo yakabatana. Pakuraira kwenetiweki maneja, chero kiyi inogona kubviswa nyore, uye kuwana kunetiweki kucharambwa pasina chikonzero chekugadzirisa zvimwe zvese. Kana mutengi akabatana kana kiyi yakabviswa, nzvimbo yekupinda inozoibvisa kubva kunetiweki.
Pakati pezvakanakira zvakakosha zvePPSK, tinoona:
- kusununguka kwekushandisa nehuwandu hwekuchengetedzwa kwepamusoro;
- kudzinga kurwiswa kweduramazwi kunogadziriswa uchishandisa mapassword akareba uye akasimba ayo ExtremeCloudIQ inogona kugadzira nekuparadzira otomatiki;
- kugona kugovera akasiyana maprofile ekuchengetedza kumidziyo yakasiyana yakabatana neSSID imwechete;
- yakanaka kune yakachengeteka muenzi kuwana;
- yakanakira kuwana yakachengeteka kana zvishandiso zvisingatsigire 802.1X/EAP (handheld scanners kana IoT/VoWiFi zvishandiso);
- yakashandiswa zvinobudirira uye yakagadziridzwa kweanopfuura makore gumi.
Kana uine chero mibvunzo kana uine chero mibvunzo, unogona kugara uchibvunza vashandi vehofisi yedu - .
Source: www.habr.com