ProHoster > Ibhulogi > Ulawulo > I-PSK yangasese (iSitshixo esabiwe kwangaphambili) - iimpawu kunye nobuchule be-ExtremeCloud IQ platform

I-PSK yangasese (iSitshixo esabiwe kwangaphambili) - iimpawu kunye nobuchule be-ExtremeCloud IQ platform

I-WPA3 sele yamkelwe, kwaye ukusukela ngoJulayi ka-2020 inyanzelekile kwizixhobo ezifumana isatifikethi kwi-WiFi-Alliance; i-WPA2 ayikarhoxiswa kwaye ayizukuhamba. Ngelo xesha, zombini i-WPA2 kunye ne-WPA3 zibonelela ngokusebenza kwiindlela ze-PSK kunye neShishini, kodwa sicebisa ukuba siqwalasele kwinqaku lethu iteknoloji ye-PSK yangasese, kunye neenzuzo ezinokufumaneka ngoncedo lwayo.

I-PSK yangasese (iSitshixo esabiwe kwangaphambili) - iimpawu kunye nobuchule be-ExtremeCloud IQ platform

Iingxaki nge-WPA2-Personal ziye zaziwa ixesha elide kwaye, ubukhulu becala, sele zilungisiwe (izakhelo zoLawulo oluPhambili, ukulungiswa kwe-KRACK vulnerability, njl.). Eyona ntsilelo ingundoqo eseleyo ye-WPA2 usebenzisa i-PSK kukuba amagama ayimfihlo abuthathaka kulula ukuwaqhekeza usebenzisa uhlaselo lwesichazi-magama. Ukuba igama eligqithisiweyo liphazamisekile kwaye igama eligqithisiweyo litshintshile libe elitsha, kuya kufuneka ukuba uhlengahlengise zonke izixhobo ezidibeneyo (kunye neendawo zokufikelela), ezinokuthi zibe yinkqubo enzima kakhulu (ukusombulula ingxaki "yephasiwedi ebuthathaka", i-WiFi. -Alliance icebisa ukuba kusetyenziswe iipassword ezinoonobumba abangama-20 ubude.

Omnye umba ngamanye amaxesha awukwazi ukusonjululwa usebenzisa i-WPA2-Personal inika iiprofayili ezahlukeneyo (vlan, QoS, firewall ...) kumaqela ezixhobo ezixhunyiwe kwi-SSID efanayo.

Ngoncedo lwe-WPA2-Enterprise kunokwenzeka ukusombulula zonke iingxaki ezichazwe ngasentla, kodwa ixabiso le nto liya kuba:

  • Isidingo sokuba ne-PKI (i-Public Key Infrastructure) kunye neziqinisekiso zokhuseleko;
  • Ukufakela kunokuba nzima;
  • Kusenokubakho ubunzima malunga nokulungisa ingxaki;
  • Ayisiso isisombululo se-IoT okanye ukufikelela kwiindwendwe.

Isisombululo esinamandla ngakumbi kwiingxaki ze-WPA2-Personal kukutshintshela kwi-WPA3, eyona nto iphuculweyo kukusetyenziswa kwe-SAE (i-Simultaneous Authentication of Equals) kunye ne-PSK engatshintshiyo. I-WPA3-Personal isombulula ingxaki "ngokuhlaselwa kwesichazi-magama", kodwa ayinikezeli ukuchongwa okukodwa ngexesha lokuqinisekisa kwaye, ngokufanelekileyo, ukukwazi ukunika iiprofayili (ekubeni i-password ye-static eqhelekileyo isetyenziswa kwakhona).

I-PSK yangasese (iSitshixo esabiwe kwangaphambili) - iimpawu kunye nobuchule be-ExtremeCloud IQ platform
Kufuneka kwakhona kuthathelwe ingqalelo ukuba ngaphezu kwe-95% yabathengi abakhoyo okwangoku abaxhasi i-WPA3 kunye ne-SAE, kwaye i-WPA2 iyaqhubeka isebenza ngempumelelo kwiibhiliyoni zezixhobo esele zikhutshwe.

Ukuze ufumane isisombululo kwiingxaki ezikhoyo okanye ezinokuthi zichazwe ngasentla, i-Extreme Networks iphuhlise i-Private Pre-Shared Key (PPSK) ubuchwepheshe. I-PPSK iyahambelana nawuphi na umxhasi we-Wi-Fi oxhasa i-WPA2-PSK, kwaye ikuvumela ukuba ufezekise umgangatho wokhuseleko olufaniswa nelo liphunyeziweyo nge-WPA2-Enterprise, ngaphandle kwesidingo sokwakha isiseko se-802.1X/EAP. I-PSK yaBucala yi-WPA2-PSK, kodwa umsebenzisi ngamnye (okanye iqela labasebenzisi) unokuba negama eliyimfihlo elenziwe ngokutshintshatshintshayo. Ukulawula i-PPSK akwahlukanga ekulawuleni i-PSK njengoko yonke inkqubo izenzekelayo. I-database engundoqo inokugcinwa kwindawo kwindawo yokufikelela kwiindawo okanye kwifu.

I-PSK yangasese (iSitshixo esabiwe kwangaphambili) - iimpawu kunye nobuchule be-ExtremeCloud IQ platform
Amagama okugqithisa angenziwa ngokuzenzekelayo; kuyenzeka ukuseta ngokuguquguqukayo ubude/amandla abo, ixesha okanye umhla wokuphelelwa, kunye nendlela yokuhanjiswa kumsebenzisi (nge-imeyile okanye ngeSMS):

I-PSK yangasese (iSitshixo esabiwe kwangaphambili) - iimpawu kunye nobuchule be-ExtremeCloud IQ platform
I-PSK yangasese (iSitshixo esabiwe kwangaphambili) - iimpawu kunye nobuchule be-ExtremeCloud IQ platform
Ungaqwalasela kwakhona inani eliphezulu labathengi abanokudibanisa usebenzisa i-PPSK enye okanye uqwalasele "i-MAC-binding" yezixhobo ezixhunyiwe. Ngomyalelo womlawuli wenethiwekhi, nayiphi na isitshixo sinokurhoxiswa ngokulula, kwaye ukufikelela kwinethiwekhi kuya kunqatshelwa ngaphandle kwesidingo sokuphinda kuqwalaselwe zonke ezinye izixhobo. Ukuba umxhasi uqhagamshelwe xa isitshixo sirhoxiswa, indawo yokufikelela iya kuyikhupha ngokuzenzekelayo kwinethiwekhi.

Phakathi kweenzuzo eziphambili zePPSK siqaphela:

  • ukukhululeka kokusetyenziswa kunye nezinga eliphezulu lokhuseleko;
  • ukugxotha uhlaselo lwesichazi-magama kusonjululwe kusetyenziswa amagama ayimfihlo amade kwaye anamandla, apho i-ExtremeCloudIQ inokuvelisa ngokuzenzekelayo kwaye isasazeke;
  • ukukwazi ukwabela iiprofayili ezahlukeneyo zokhuseleko kwizixhobo ezahlukeneyo eziqhagamshelwe kwi-SSID efanayo;
  • Inkulu yokufikelela ngokukhuselekileyo kwiindwendwe;
  • Inkulu yokufikelela ngokukhuselekileyo xa izixhobo zingaxhasi i-802.1X/EAP (izikena eziphathwa ngesandla okanye izixhobo ze-IoT/VoWiFi);
  • ukusetyenziswa ngempumelelo kunye nokuphuculwa ngaphezu kweminyaka eyi-10.

Nayiphi na imibuzo ephakamayo okanye eshiyekileyo inokusoloko ibuzwa kubasebenzi beofisi yethu - [imeyile ikhuselwe].

umthombo: www.habr.com

Yongeza izimvo