ProHoster > Blog > internet nhau > Kuburitswa kwehostapd uye wpa_supplicant 2.11, kuita kweiyo isina waya protocol stack

Kuburitswa kwehostapd uye wpa_supplicant 2.11, kuita kweiyo isina waya protocol stack

Mushure memakore maviri nehafu ebudiriro, kuburitswa kwehostapd/wpa_supplicant 2.11, sutu yewireless protocol IEEE 802.1X, WPA, WPA2, WPA3 uye EAP, yakaburitswa. Iyo seti inosanganisira iyo wpa_supplicant application yekubatanidza kune isina waya network semutengi uye iyo hostapd yekumashure maitiro kuti ive nechokwadi chekushanda kwenzvimbo yekuwana uye yekusimbisa server, iyo inosanganisira zvinhu zvakaita seWPA Authenticator, RADIUS yekusimbisa mutengi / server, uye EAP server. Iyo kodhi kodhi yeprojekiti yakagoverwa pasi peiyo BSD rezinesi.

Shanduko huru mukuburitswa kutsva kwehostapd uye wpa_supplicant:

  • Yakawedzera rutsigiro rwekutanga rweWi-Fi 7 (EHT/IEEE 802.11be) uye nerutsigiro rwakavandudzwa rweWi-Fi 6 (HE/IEEE 802.11ax).
  • Yakawedzerwa tsigiro yechitatu vhezheni yeDPP (Device Provisioning Protocol), inowanzozivikanwa se "Wi-Fi Easy Connect", uye yakapawo kugona kuendesa ma paramita ane Wi-Fi marongero uchishandisa DPP. Iyo DPP protocol inobvumira kugadziridzwa kwakareruka kweasina waya pasina chinongedzo che-on-screen, uchishandisa chimwe chigadziriso chepamberi chatobatana netiweki isina waya. DPP yakavakirwa pakushandiswa kweruzhinji kiyi yekusimbisa, semuenzaniso, ma paramita eIoT mudziyo isina skrini inogona kusetwa kubva kune smartphone zvichibva pane snapshot yeQR kodhi yakadhindwa pane iyo kesi uye encoding kiyi yeruzhinji.
  • Yakawedzera tsigiro yekuchinja kweAPI yakatsanangurwa muOpenSSL 3.0 cryptographic library bazi.
  • Mukuitwa kweEAP-SIM (Extensible Authentication Protocol - Subscriber Identity Module) uye EAP-AKA (Extensible Authentication Protocol - Authentible and Key Agreement) maprotocol euchokwadi, rutsigiro rwakaonekwa rwechigadziriso chekuona kuvanzika kweiyo mobile network subscriber identifier. , iyo isingabatanidzi kuburitswa kweIMSI kana ichibatanidza kune imwe nzvimbo yekuwana.
  • Yakawedzerwa tsigiro yeSAE AKM (Simultaneous Authentication of Equals - Authentication uye Key Management) maitiro ekushandisa ane makiyi anochinja.
  • Yakawedzerwa tsigiro yeAKM (Authentication uye Key Management) sarudzo yakavakirwa paSHA384 hashes.
  • Kuitwa kwePASN (Pre Association Security Negotiation) nzira, inoshandiswa kumisikidza kubatana kwakachengeteka uye kuchengetedza kuchinjana kwemafuremu ekudzora panguva yekutanga yekubatanidza, inopa rutsigiro rwe "yakachengeteka kubva" tekinoroji yekuona zvakachengeteka kureba pakati pemaWi- maviri. Fi zvishandiso.
  • Yakawedzerwa tsigiro yeUSD (Unsynchronized Service Discovery), iyo inorerutsa kuwanikwa kwesevhisi nemidziyo isina waya.
  • Yakawedzera tsigiro yeyakajeka SSID dziviriro panguva ina-nhanho yekubatanidza nhaurirano. Dziviriro inogoneswa uchishandisa iyo "ssid_protection = 1" sarudzo uye inovharira CVE-2023-52424 kusagadzikana, iyo inokutendera kuti ubatanidze kune isina kuchengetedzeka isina waya network.
  • Hostapd shanduko chaiyo:
    • Yakawedzerwa tsigiro yekuona kumashure kwekukanganisa kubva kune radar masisitimu anoshanda mune imwecheteyo frequency renji (kuchinja kune mamwe ma frequency kana aonekwa). Yakawedzerawo rutsigiro rweCAC (Channel Availability Check) michina, yakagadzirirwa kuteerera chiteshi isati yashandiswa kuitira kutarisa kugara kwayo neradar system.
    • Mukuitwa kweSAE (Simultaneous Authentication of Equals) nzira yekubatanidza nhaurirano, zvakave zvichiita kukumbira password kubva kuRADIUS server.
    • Yakawedzerwa rutsigiro rwe ACL (Access-Control List) uye PSK (Pre-Shared Key) inotarisa uchishandisa RADIUS protocol panguva yekubatanidza nhaurirano (wpa_psk_radius=3).
    • Mukushandiswa kweiyo ACS (Automatic Channel Selection) maitiro, pakusarudza chiteshi chekushandisa, bandwidth uye marudzi ematanho anotariswa.
    • Tsigiro yekushandisa akawanda BSSIDs (Basic Service Set Identifier) ​​pane imwe nzvimbo yekuwana yakawedzerwa kuti ive nechokwadi chekushanda kweasina waya network.
    • Yakawedzera rutsigiro rwekutanga yekushandisa TLS encrypt RADIUS mafoni.
  • Shanduko dzakananga kune wpa_supplicant:
    • Kuitwa kweMACsec standard (IEEE 802.1AE), iyo inopa maturusi ekuchengetedza chiteshi chekufambisa data, inopa kugona kushandisa GCM-AES-256 cipher suite uye inowedzera tsigiro yekumhanyisa hardware nekufambisa mashandiro kune network adapter side.
    • Tsigiro yeEAP-TLS yakagadziridzwa yeTLSv1.3.
    • Dziviriro yakavandudzwa kubva kuDoS kurwiswa kana uchishandisa PMF (Protected Management Frames).
    • Kufambira mberi kwakavandudzwa pakati peAKM (Kutendeseka uye Kutungamira Kwakakosha) paunosarudza SME/BSS (Service Management Entity/Basic Service Set) mutyairi.
    • Zvinogoneka kushandisa iyo PASN (Yakachengetedzwa Kuwana Yakachengeteka Negotiation) michina ine ekunze zvirongwa.
    • Yakawedzerwa rutsigiro rwekushandisa pre-yakagadzirwa MAC kero (mac_addr=3) pachinzvimbo chekugadzira isina kurongeka MAC kunetiweki yega yega.
    • Inogoneswa nekusarudzika kana uchishandisa chikamu chechipiri chechokwadi (phase2_auth=1) yeEAP-PEAP protocol, iyo inoreva kuvimbiswa kwevatengi mukati memugero wakachengeteka.
    • Tsigiro yeMSCS (Multi-Streaming Channel Switching) tekinoroji yakawedzerwa, ichibvumira mudziyo kuchinja pakati pezviteshi zvakati wandei.
    • Tsigiro yeSCS (Spatial Channel Switching) tekinoroji yakawedzerwa kuti igadziriswe yakakosha traffic kana uchishandisa QoS.

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster