設計與實作以憑證為認證基礎的無線網路路由器

Abstract

因為無線網路的日益盛行，當使用者在享受無線網路的方便性背後，同樣地也面臨到網路安全的問題，也就是可能會被竊聽的潛在危險。有心人士只要在無線網路覆蓋的區域內，利用掃瞄封包後加以儲存複製的方式，就有方法可以組合分析而得到傳輸的內容。 雖然IEEE 802.1x已經規定了憑證認證的機制，可是它必須與RADIUS伺服器和CA協同工作。這樣的架構是可以在中、大型企業內的有線與無線網路上實現，卻不是一般家庭使用者，甚至小型企業所願意負擔與管理的，因為使用者必須要另外架設RADIUS伺服器與CA，以及整套的運作機制後才有辦法與意願來加以架構與使用的。 在考量原無線路由器的可擴充性與可行性之後，筆者試著將RADIUS 伺服器與CA整合進無線路由器當中，再加上容易操作管理的WEB GUI介面，不只成功的達到網路安全的需求，也讓使用者更方便的操作與管理。

When accessing a wireless network, a user will face many security problems. Someone can sniffer data packets within the wireless coverage. If data packets were not encrypted, a hacker can easily combine those packets and read the content. Although there's an authenticate mechanism base on certificate, it should work with a RADIUS server and a certificate authority. Such kind of architecture can only be used within a large or medium scale enterprise. SOHO user or small company may not has such equipments to use. To protect the wireless network security more easily, i think it's necessary to build RADIUS server and certificate authority into a wireless router. After done this program, a useful system came out. It can be easily configured and operated with IEEE 802.1x security policy. People won't need to waste their money and time to buy and install another RADIUS server and certificate authority. Only one wireless router can do such things.