CN111741473A - Method and device for controlling wireless coverage and network security - Google Patents
Method and device for controlling wireless coverage and network security Download PDFInfo
- Publication number
- CN111741473A CN111741473A CN202010410532.8A CN202010410532A CN111741473A CN 111741473 A CN111741473 A CN 111741473A CN 202010410532 A CN202010410532 A CN 202010410532A CN 111741473 A CN111741473 A CN 111741473A
- Authority
- CN
- China
- Prior art keywords
- network
- wireless
- wireless coverage
- detection
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W16/00—Network planning, e.g. coverage or traffic planning tools; Network deployment, e.g. resource partitioning or cells structures
- H04W16/18—Network planning tools
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application relates to a method and a device for controlling wireless coverage and network security, wherein an access controller is adopted to uniformly set a management mode for an access point and set the wireless coverage range of a network; deploying at least three non-overlapping channels in a microcellular manner to construct a network; adjusting the transmitting power of the access points of the same channel; when the equipment is accessed, the 5.8G frequency band is preferentially accessed when both the 2.4G frequency band and the 5.8G frequency band can be used; and when the data is received, carrying out threat detection, and forwarding when the detection is passed. On one hand, the wireless network is beneficial to the extension of the traditional wired network by a user, and the traditional wired network can be replaced when necessary; on the other hand, the method is favorable for combining specific application environments, realizing various indoor and outdoor wireless access modes, and improving the overall performance and transmission speed of the wireless network in cooperation with technical requirements; on the other hand, the method is beneficial to protecting the safety of the wireless network before, during and after the network attack, and reduces the loss caused by malicious threats.
Description
Technical Field
The present application relates to the field of system integrated wireless network security, and in particular, to a method and an apparatus for controlling wireless coverage and network security.
Background
System integration (system integration) generally refers to a service of combining software, hardware and communication technologies to solve information processing problems for users, each separated part of the integration is originally an independent system, and each part of the integrated whole can organically and coordinately work with each other to exert the whole benefits and achieve the purpose of whole optimization. The essence of system integration is the optimized comprehensive overall design, a large-scale comprehensive computer network system, the system integration comprises the integration of computer software, hardware, operating system technology, database technology, network communication technology and the like, and the integration of product selection and matching of different manufacturers, the system integration achieves the goal of optimal overall performance, namely, all components and components can work together, and the whole system is a low-cost, high-efficiency, uniform-performance, extensible and maintainable system.
Currently, wireless technologies are widely used, so that wireless coverage must be considered in system integration, and in places with wireless coverage, terminals such as mobile phones and the like can normally receive and transmit signals to perform wireless communication, such as internet access, telephone making and wechat. In a place without wireless coverage, a terminal such as a mobile phone cannot perform wireless communication. The challenge is ubiquitous, and the coverage distance is limited due to fading and noise interference during wireless electromagnetic wave transmission. Therefore, one of the key issues that wireless communication needs to solve is wireless coverage, making wireless signals ubiquitous, and for wireless communication, network security issues need to be considered before, during, and after.
Disclosure of Invention
Accordingly, there is a need for a method and apparatus for controlling wireless coverage and network security.
A control method for wireless coverage and network security comprises the following steps:
an access controller is adopted to uniformly set a management mode for an access point, and the wireless coverage range of a network is set;
deploying at least three non-overlapping channels in a microcellular manner to construct a network;
adjusting the transmission power of access points of the same channel to reduce visibility between the access points and enhance multiplexing of spectrum resources of the same channel;
when the equipment is accessed, the 5.8G frequency band is preferentially accessed when both the 2.4G frequency band and the 5.8G frequency band can be used, so that the transmission speed of the wireless network is increased;
and when the data is received, carrying out threat detection, and forwarding when the detection is passed.
The control method of the wireless coverage and the network security comprehensively considers the problem of the wireless coverage matching with the network security in the system integration configuration, on one hand, the control method is beneficial to a user to use a wireless network as the extension of the traditional wired network, and can also replace the traditional wired network if necessary; on the other hand, the method is favorable for combining specific application environments, realizing various indoor and outdoor wireless access modes, and improving the overall performance and transmission speed of the wireless network in cooperation with technical requirements; on the other hand, the method is beneficial to protecting the safety of the wireless network before, during and after the network attack, and reduces the loss caused by malicious threats.
In one embodiment, the threat detection comprises: at least one of malicious code detection and abnormal traffic detection.
In one embodiment, the threat detection further comprises: at least one of system intrusion detection and sensitive information detection.
In one embodiment, the method for controlling wireless coverage and network security further includes the steps of: and when the data is received, performing compliance audit, and accessing the system when the audit is passed.
In one embodiment, the compliance audit comprises: at least one of a business audit, a database audit and a database firewall audit.
In one embodiment, the method for controlling wireless coverage and network security further includes the steps of: and scanning the network environment at regular time or starting time.
In one embodiment, the network environment scanning comprises: at least one of system scanning, WEB scanning, wireless scanning, and remote WEB site security inspection.
In one embodiment, the method for controlling wireless coverage and network security further includes the steps of: setting a security zone and configuring an internal and external network environment.
In one embodiment, the method for controlling wireless coverage and network security further includes the steps of: and (4) redundant backup.
A wireless coverage and network security control device is realized by adopting any one of the wireless coverage and network security control methods.
Drawings
Fig. 1 is a flowchart illustrating a method for controlling wireless coverage and network security according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating another embodiment of a method for controlling wireless coverage and network security according to the present invention.
Fig. 3 is a flowchart illustrating another embodiment of a method for controlling wireless coverage and network security according to the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanying the present application are described in detail below with reference to the accompanying drawings. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is capable of embodiments in many different forms than those described herein and that modifications may be made by one skilled in the art without departing from the spirit and scope of the application and it is therefore not intended to be limited to the specific embodiments disclosed below.
It will be understood that when an element is referred to as being "secured to" or "disposed on" another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like as used in the description of the present application are for illustrative purposes only and do not denote a single embodiment.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the description of the present application, the term "and/or" includes any and all combinations of one or more of the associated listed items.
In an embodiment of the present application, as shown in fig. 1, a method for controlling wireless coverage and network security includes the following steps: an access controller is adopted to uniformly set a management mode for an access point, and the wireless coverage range of a network is set; deploying at least three non-overlapping channels in a microcellular manner to construct a network; adjusting the transmission power of access points of the same channel to reduce visibility between the access points and enhance multiplexing of spectrum resources of the same channel; when the equipment is accessed, the 5.8G frequency band is preferentially accessed when both the 2.4G frequency band and the 5.8G frequency band can be used, so that the transmission speed of the wireless network is increased; and when the data is received, carrying out threat detection, and forwarding when the detection is passed. The control method of the wireless coverage and the network security comprehensively considers the problem of the wireless coverage matching with the network security in the system integration configuration, on one hand, the control method is beneficial to a user to use a wireless network as the extension of the traditional wired network, and can also replace the traditional wired network if necessary; on the other hand, the method is favorable for combining specific application environments, realizing various indoor and outdoor wireless access modes, and improving the overall performance and transmission speed of the wireless network in cooperation with technical requirements; on the other hand, the method is beneficial to protecting the safety of the wireless network before, during and after the network attack, and reduces the loss caused by malicious threats.
In one embodiment, a method for controlling wireless coverage and network security includes some or all of the following steps; that is, the control method of the radio coverage and the network security includes some or all of the following technical features.
In one embodiment, an access controller is adopted to uniformly set a management mode for an access point, and the wireless coverage range of a network is set; an Access Controller (AC, Access Controller or Wireless Access Point Controller), namely a Wireless Controller, is used for centralized control of Wireless Access Points (APs), and is a core of a Wireless network and responsible for managing all Wireless APs in the Wireless network, wherein the management of the APs includes: configuration issuing, relevant configuration parameter modification, radio frequency intelligent management, access security control and the like. Further, in one embodiment, an access controller is adopted to perform parameter configuration for a wireless access point; in one embodiment, the wireless access point actively sends self information, and the access controller performs parameter configuration for the wireless access point; that is, as shown in fig. 2, a method for controlling wireless coverage and network security includes the following steps: an access controller is adopted to uniformly set a management mode for an access point, and the wireless coverage range of a network is set; the wireless access point actively sends self information, and the access controller performs parameter configuration for the wireless access point; deploying at least three non-overlapping channels in a microcellular manner to construct a network; adjusting the transmission power of access points of the same channel to reduce visibility between the access points and enhance multiplexing of spectrum resources of the same channel; when the equipment is accessed, the 5.8G frequency band is preferentially accessed when both the 2.4G frequency band and the 5.8G frequency band can be used, so that the transmission speed of the wireless network is increased; and when the data is received, carrying out threat detection, and forwarding when the detection is passed. The rest of the embodiments are analogized and are not described in detail. In one embodiment, the wireless access point actively sends self information, and the access controller performs parameter configuration for the wireless access point or associated equipment thereof; in one embodiment, the self information includes at least one of a model number of the device itself, system information, and demand information. In one embodiment, the self information includes a model of the device itself, system information, and requirement information. Alternatively, in one embodiment, the self information includes a model number of the device itself, system information, or requirement information. The design is favorable for reasonably controlling the coverage area of a wireless network, and is favorable for an access controller to accurately configure parameters of wireless access points or related equipment thereof by matching with the technical scheme design of self information, the overall solution of the control method of the wireless coverage and the network security is more favorable for centralized management, the association time of a wireless client and the access controller is greatly reduced, the burden of a single access controller is reduced, the working efficiency of the whole network is improved, the rapid switching of wireless adapters of wireless equipment such as a mobile phone and the like in the wireless network can be realized, and the method has the advantages of three-layer roaming, permission issuing based on equipment or users and the like.
In one embodiment, a network is constructed using microcellular deployment of at least three non-overlapping channels; that is, the channels are deployed in microcells, and a network is constructed by at least three non-overlapping channels; microcells (microcells) are a technology developed on the basis of macrocells. Compared with the macro cell, the transmitting power is smaller, and the coverage radius is about 100-1 km; the base station antenna is arranged at a relatively low place, such as the lower part of a roof, 5-10 m higher than the ground, and a wireless beam is refracted, reflected and scattered between buildings or in the buildings and is limited in a street. Microcells were originally used to increase radio coverage and eliminate "blind spots" in macrocells. Meanwhile, the microcellular base station with low transmitting power allows a smaller frequency reuse distance, and the number of channels in each unit area is larger, so that the service density is greatly increased, and the microcellular base station is arranged on a 'hot spot' of a macrocell, and can meet the requirements of the quality and the capacity of the microcellular area. Further, in one embodiment, the network is constructed using microcell deployment of three or four non-overlapping channels. In one embodiment, the number of non-overlapping channels is set as desired. That is, as shown in fig. 3, a method for controlling wireless coverage and network security includes the following steps: an access controller is adopted to uniformly set a management mode for an access point, and the wireless coverage range of a network is set; deploying at least three non-overlapping channels in a microcellular manner to construct a network, wherein the number of the non-overlapping channels is set according to requirements; adjusting the transmission power of access points of the same channel to reduce visibility between the access points and enhance multiplexing of spectrum resources of the same channel; when the equipment is accessed, the 5.8G frequency band is preferentially accessed when both the 2.4G frequency band and the 5.8G frequency band can be used, so that the transmission speed of the wireless network is increased; and when the data is received, carrying out threat detection, and forwarding when the detection is passed. The rest of the embodiments are analogized and are not described in detail. The design mainly has the effects of reducing interference, ensuring network coverage quality, being beneficial to a user to use a wireless network as an extension of a traditional wired network, and also being capable of replacing the traditional wired network when necessary.
In one embodiment, the transmission power of the access points of the same channel is adjusted to reduce the visibility between the access points and strengthen the multiplexing of the spectrum resources of the same channel; further, in one embodiment, the transmission power of the access points of the same channel is adjusted step by step according to a preset grading mode; in one embodiment, the step-by-step adjustment of the transmission power of the access points of the same channel includes step-by-step increase of the transmission power of the access points of the same channel or step-by-step decrease of the transmission power of the access points of the same channel. In one embodiment, the number of the preset grades and the grade difference are set according to the number of the access points and the number of the non-overlapping channels, the grade difference is an adjustment value of the transmission power, and the grade differences of two adjacent grades are the same. In one embodiment, the step difference is a specific power value or a relative ratio, and in one embodiment, the transmission power is increased by 1% each time. The rest of the embodiments are analogized and are not described in detail. In one embodiment, the ratio of the number peak value of the historical access points to the number of the non-overlapping channels and the ratio of the number of the current access points to the number of the non-overlapping channels are adopted for comparison, and the number and the level difference of the preset grades are set according to the comparison result. Or, in one embodiment, the preset number of the hierarchies is a fixed value, and the ratio of the number peak of the historical access points to the number of the non-overlapping channels and the ratio of the number of the current access points to the number of the non-overlapping channels are used for comparing, and the level difference of the preset hierarchies is set according to the comparison result. In one embodiment, the number of preset levels is 10, 20, 50, 100, etc. The design is beneficial to the extension of a wireless network as a traditional wired network by a user on one hand, and is beneficial to strengthening the multiplexing of the same channel spectrum resources on the other hand, and the overall performance of the wireless network is improved.
Furthermore, in one embodiment, when the device is accessed, and further when both the first frequency band and the second frequency band are available, the second frequency band is preferentially accessed, so as to improve the transmission speed of the wireless network; in one embodiment, the second frequency band is higher in frequency than the first frequency band. In one embodiment, the second frequency band is a 5G frequency band. In one embodiment, the first frequency band is a 4G frequency band. In one embodiment, the second frequency band is a 5.8G frequency band, and the first frequency band is a 2.4G frequency band. In one embodiment, when the device is accessed, when both the 2.4G frequency band and the 5.8G frequency band can be used, the 5.8G frequency band is preferentially accessed, so as to improve the transmission speed of a Wireless Local Area Network (WLAN); that is, when accessing the device, it is further determined whether the 2.4G band and the 5.8G band are both available, and if so, the 5.8G band is preferentially accessed, so as to improve the transmission speed of the wireless network. Especially, the method is very effective for mobile terminals such as 5G mobile phones, and is favorable for realizing various indoor and outdoor wireless access modes on the one hand, and is favorable for matching with technical requirements to improve the overall performance and transmission speed of a wireless network on the other hand.
In one embodiment, threat detection is performed as data is received and forwarded when detection passes. Further, in one embodiment, the user terminal or the server or the external network device is forwarded when the detection passes. In one embodiment, the threat detection comprises: at least one of malicious code detection and abnormal traffic detection. In one embodiment, the threat detection further comprises: at least one of system intrusion detection and sensitive information detection. In one embodiment, the threat detection comprises: malicious code detection, abnormal flow detection, system intrusion detection and sensitive information detection; alternatively, in one embodiment, the threat detection comprises: malicious code detection, abnormal traffic detection, system intrusion detection, or sensitive information detection. Further, in one embodiment, big data is adopted to obtain specific information of a target information source, keywords are screened according to the specific information, and the keywords are used as the sensitive information. In one embodiment, the keywords are supplemented in a manual filling manner. In one embodiment, a historical keyword database is also established for the keywords so as to realize sensitive information detection by quick comparison when data is received. In one embodiment, big data is used periodically to obtain specific information of a target information source. In one embodiment, the obtaining of the specific information of the target information source by using big data comprises: analyzing a target information source and acquiring specific information of the target information source, screening keywords according to the specific information, establishing a historical keyword database for each keyword when the historical keyword database does not exist, further judging whether each keyword exists in the historical keyword database when the historical keyword database exists, and adding the keywords which do not exist in the historical keyword database into the historical keyword database if not so as to quickly compare and realize sensitive information detection when receiving data. In one embodiment, the updating condition of a target information source is analyzed by big data, the updated target information source is traversed in a crawler mode, specific information in the target information source is obtained, keywords are screened according to the specific information, a historical keyword database is established for each keyword when the historical keyword database does not exist, whether each keyword exists in the historical keyword database is further judged when the historical keyword database exists, and otherwise, the keyword which does not exist in the historical keyword database is supplemented to the historical keyword database. Further, in one embodiment, in the threat detection, big data is used to analyze the update condition of a target information source, the updated target information source is traversed in a crawler manner, specific information in the updated target information source is obtained, keywords are screened according to the specific information, when a historical keyword database does not exist, the historical keyword database is established for each keyword, when the historical keyword database exists, whether each keyword exists in the historical keyword database is further judged, otherwise, the keyword which does not exist in the historical keyword database is added to the historical keyword database, and the keyword is used as the sensitive information, so that sensitive information detection is realized through rapid comparison when data are received. For example, a method for controlling wireless coverage and network security comprises the following steps: an access controller is adopted to uniformly set a management mode for an access point, and the wireless coverage range of a network is set; deploying at least three non-overlapping channels in a microcellular manner to construct a network; adjusting the transmission power of access points of the same channel to reduce visibility between the access points and enhance multiplexing of spectrum resources of the same channel; when the equipment is accessed, the 5.8G frequency band is preferentially accessed when both the 2.4G frequency band and the 5.8G frequency band can be used, so that the transmission speed of the wireless network is increased; when receiving data, carrying out threat detection, and forwarding when the detection is passed; the threat detection includes: malicious code detection, abnormal flow detection, system intrusion detection and sensitive information detection; the method comprises the steps of analyzing the updating condition of a target information source by big data, traversing the updated target information source in a crawler mode, obtaining specific information in the target information source, screening keywords according to the specific information, establishing a historical keyword database for each keyword when the historical keyword database does not exist, further judging whether each keyword exists in the historical keyword database when the historical keyword database exists, and supplementing the keywords which do not exist in the historical keyword database to the historical keyword database, wherein the keywords are used as sensitive information, so that sensitive information detection is realized by quick comparison when data are received. The rest of the embodiments are analogized and are not described in detail. Further, in one embodiment, the threat detection further comprises: and detecting the threat of patch management. The design is beneficial to protecting the safety of the wireless network before, during and after the network attack, and reduces the loss caused by malicious threats.
In one embodiment, the method for controlling wireless coverage and network security further includes the steps of: and when the data is received, performing compliance audit, and accessing the system when the audit is passed. In one embodiment, the compliance audit comprises: at least one of a business audit, a database audit and a database firewall audit. In one embodiment, the compliance audit comprises: service audit, database audit and database firewall audit; alternatively, in one embodiment, the compliance audit comprises: service audit, database audit or database firewall audit. And the compliance audit is used for carrying out safety audit to ensure that the system is safe and controllable in operation. The design is equivalent to adding active steps of the process, the system can be accessed only through compliance audit, the safety risk that the system is neglected due to objective factors is avoided, the system is more suitable for networking work on many places on the premise of ensuring wireless coverage, and the safety performance of a wireless network is improved.
In one embodiment, the method for controlling wireless coverage and network security further includes the steps of: and scanning the network environment at regular time or starting time. In one embodiment, the network environment scanning comprises: at least one of system scanning, WEB (World Wide WEB, also known as World Wide WEB) scanning, wireless scanning, and remote website security inspection. In one embodiment, the network environment scanning comprises: system scanning, WEB scanning, wireless scanning and remote website security inspection; alternatively, in one embodiment, the network environment scanning comprises: system scanning, WEB scanning, wireless scanning, or remote WEB site security inspection. Network environment scanning is used for security inspection by adopting security tools to realize active prevention control. In one embodiment, the method for controlling wireless coverage and network security further includes the steps of: setting a security zone and configuring an internal and external network environment. Further, in one embodiment, the method for controlling wireless coverage and network security further includes the steps of: network security protection; in one embodiment, a method for controlling wireless coverage and network security comprises the following steps: an access controller is adopted to uniformly set a management mode for an access point, and the wireless coverage range of a network is set; deploying at least three non-overlapping channels in a microcellular manner to construct a network; adjusting the transmission power of access points of the same channel to reduce visibility between the access points and enhance multiplexing of spectrum resources of the same channel; when the equipment is accessed, the 5.8G frequency band is preferentially accessed when both the 2.4G frequency band and the 5.8G frequency band can be used, so that the transmission speed of the wireless network is increased; when receiving data, carrying out threat detection, and forwarding when the detection is passed; setting a security zone and configuring an internal and external network environment; and (5) network security protection. In one embodiment, the network security protection comprises: at least one of intrusion detection, wireless security detection, Web application security detection, and WAG load balancing. In one embodiment, the network security protection comprises: intrusion prevention detection, wireless security detection, Web application security detection and WAG load balancing; alternatively, in one embodiment, the network security protection includes: intrusion prevention detection, wireless security detection, Web application security detection, or WAG load balancing. Further, in one embodiment, the network security protection further includes: at least one of mandatory access control, network flow control, data leakage prevention anonymity detection, and token authentication. In one embodiment, the network security protection further comprises: mandatory access control, network flow control, data leakage prevention anonymous detection and token authentication. Or, in one embodiment, the network security protection further includes: mandatory access control, network flow control, data leakage prevention anonymity detection or token authentication. Further, in one embodiment, the network security protection further includes: forcibly disconnecting the connection or rejecting a target range of connections within a predetermined time period. In one embodiment, the connection to a certain IP range is forcibly cut off or rejected within 5 to 50 minutes. The design improves the safety of a local wireless network on one hand, improves the safety performance of remote networking on the other hand, is beneficial to preventing intrusion attack, guaranteeing information safety and realizing load balance, and is convenient for a user to comprehensively master network conditions and safety threats, so that the information such as terminals, applications, services, flow and the like of a system is controlled, the system is particularly suitable for integrating resources of group companies operated in a large scale, and a large number of employees can work on one platform.
In one embodiment, the method for controlling wireless coverage and network security further includes the steps of: and (4) redundant backup. The redundant backup is used for guaranteeing the data safety. Further, in one embodiment, the method for controlling wireless coverage and network security further includes the steps of: and (4) physical safety protection. Physical security protection is used to ensure hardware security. Further, in one embodiment, the method for controlling wireless coverage and network security further includes the steps of: and constructing a remote disaster recovery machine room and realizing data transmission by adopting a virtual private network. The design is favorable for organically combining the network security platform, the network platform and the application, realizes a uniform security system architecture of the whole network, and improves the expandability, controllability and safety of the whole solution.
In one embodiment, the wireless coverage target area of a company headquarters is planned as: 1 to 3 buildings, two 1 to 3 buildings, three 3 buildings, four 1 to 2 buildings, seven 1 to 3 buildings and nine 1 to 3 buildings; and is connected with a branch office directly or through a virtual private network, and simultaneously, the data transmission safety is required to be ensured. Due to the fact that the field wireless environment is complex and the problem of signal interference is serious, the control method of the wireless coverage and the network safety comprehensively considers the problem that the wireless coverage in system integration configuration is matched with the network safety, provides a safety network for perfecting the wireless coverage range, is beneficial to a user to use a wireless network as an extension of a traditional wired network, can replace the traditional wired network if necessary, can be matched with a remote disaster-tolerant computer room to realize wireless office work, safety monitoring, information issuing, visitor controlled wireless internet access and the like of the coverage range, is beneficial to combining a specific application environment, realizes various indoor and outdoor wireless access modes, and improves the overall performance and transmission speed of the wireless network in accordance with technical requirements; the safe area division is realized, the network intrusion and the attack event are detected immediately, and the safe area division is linked with other safety equipment, so that the safety of a wireless network is protected before, during and after the network attack, and the loss caused by malicious threats is reduced; safety protection is provided for headquarters and branch terminals, network access control is realized, and network access check of VPN users is realized; and the whole network has self-defense characteristics, so that the device is transversely linked to resist hybrid attacks, the support of future network technologies and applications, such as IPv6, wireless language, wireless video, multicast and other technologies, is ensured, and various requirements of the company on office, production and research and development can be met.
In one embodiment, a control device for wireless coverage and network security is implemented by using the control method for wireless coverage and network security described in any embodiment. In one embodiment, the control device for wireless coverage and network security has a functional module or functional hardware that adopts each step of the control method for wireless coverage and network security. In one embodiment, the control device for wireless coverage and network security comprises a setting module, a construction module, an adjustment module, an access module and a security module; the setting module is used for adopting an access controller to uniformly set a management mode for an access point and setting the wireless coverage range of a network; the building module is used for deploying at least three non-overlapping channels in a microcellular mode to build a network; the adjusting module is used for adjusting the transmitting power of the access points of the same channel so as to reduce the visibility among the access points and strengthen the multiplexing of the spectrum resources of the same channel; when the access module is used for accessing equipment, and further when both a 2.4G frequency band and a 5.8G frequency band can be used, the 5.8G frequency band is preferentially accessed so as to improve the transmission speed of a wireless network; and the security module is used for carrying out threat detection when receiving data and forwarding when the detection is passed. The rest of the embodiments are analogized and are not described in detail. Further, in one embodiment, the control device for wireless coverage and network security is provided with modules such as a firewall, a USB Key, an IDS, a VPN, an AAA, a bastion machine, a cipher machine, a DLP, an internet behavior management module, and an anti-virus module. The design comprehensively considers the safety problem of the wireless coverage matching network in the system integration configuration, is favorable for the user to use the wireless network as the extension of the traditional wired network on one hand, and can replace the traditional wired network when necessary; on the other hand, the method is favorable for combining specific application environments, realizing various indoor and outdoor wireless access modes, and improving the overall performance and transmission speed of the wireless network in cooperation with technical requirements; on the other hand, the method is beneficial to protecting the safety of the wireless network before, during and after the network attack, and reduces the loss caused by malicious threats.
Other embodiments of the present application further include a method and an apparatus for controlling wireless coverage and network security, which are capable of being implemented by combining technical features of the above embodiments.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the claims. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (10)
1. A control method for wireless coverage and network security is characterized by comprising the following steps:
an access controller is adopted to uniformly set a management mode for an access point, and the wireless coverage range of a network is set;
deploying at least three non-overlapping channels in a microcellular manner to construct a network;
adjusting the transmission power of access points of the same channel to reduce visibility between the access points and enhance multiplexing of spectrum resources of the same channel;
when the equipment is accessed, the 5.8G frequency band is preferentially accessed when both the 2.4G frequency band and the 5.8G frequency band can be used, so that the transmission speed of the wireless network is increased;
and when the data is received, carrying out threat detection, and forwarding when the detection is passed.
2. The method for controlling wireless coverage and network security according to claim 1, wherein the threat detection comprises: at least one of malicious code detection and abnormal traffic detection.
3. The method for controlling wireless coverage and network security according to claim 2, wherein the threat detection further comprises: at least one of system intrusion detection and sensitive information detection.
4. The method for controlling wireless coverage and network security according to claim 1, further comprising the steps of: and when the data is received, performing compliance audit, and accessing the system when the audit is passed.
5. The method of claim 4, wherein the compliance audit comprises: at least one of a business audit, a database audit and a database firewall audit.
6. The method for controlling wireless coverage and network security according to claim 1, further comprising the steps of: and scanning the network environment at regular time or starting time.
7. The method of claim 6, wherein the network environment scanning comprises: at least one of system scanning, WEB scanning, wireless scanning, and remote WEB site security inspection.
8. The method for controlling wireless coverage and network security according to claim 1, further comprising the steps of: setting a security zone and configuring an internal and external network environment.
9. The method for controlling wireless coverage and network security according to any one of claims 1 to 8, further comprising the steps of: and (4) redundant backup.
10. A control device for wireless coverage and network security, which is implemented by the control method for wireless coverage and network security according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010410532.8A CN111741473B (en) | 2020-05-15 | 2020-05-15 | Method and device for controlling wireless coverage and network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010410532.8A CN111741473B (en) | 2020-05-15 | 2020-05-15 | Method and device for controlling wireless coverage and network security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111741473A true CN111741473A (en) | 2020-10-02 |
| CN111741473B CN111741473B (en) | 2023-04-18 |
Family
ID=72647294
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010410532.8A Active CN111741473B (en) | 2020-05-15 | 2020-05-15 | Method and device for controlling wireless coverage and network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111741473B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112671466A (en) * | 2020-11-24 | 2021-04-16 | 深圳市宇虹飞科技有限公司 | Indoor wireless coverage transmission system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1750489A (en) * | 2004-09-17 | 2006-03-22 | 武汉中维宽带通信技术有限公司 | Method for constructing extendable WLAN network using general WLAN access point |
| US20110122769A1 (en) * | 2008-07-03 | 2011-05-26 | Zte Corporation | Synchronization, scheduling, network management and frequency assignment method of a layered wireless access system |
| CN103701818A (en) * | 2013-12-30 | 2014-04-02 | 福建三元达通讯股份有限公司 | ARP (address resolution protocol) attack centralized detection and defense method for wireless controller system |
| CN104486765A (en) * | 2014-12-22 | 2015-04-01 | 上海斐讯数据通信技术有限公司 | Wireless intrusion detecting system and detecting method |
-
2020
- 2020-05-15 CN CN202010410532.8A patent/CN111741473B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1750489A (en) * | 2004-09-17 | 2006-03-22 | 武汉中维宽带通信技术有限公司 | Method for constructing extendable WLAN network using general WLAN access point |
| US20110122769A1 (en) * | 2008-07-03 | 2011-05-26 | Zte Corporation | Synchronization, scheduling, network management and frequency assignment method of a layered wireless access system |
| CN103701818A (en) * | 2013-12-30 | 2014-04-02 | 福建三元达通讯股份有限公司 | ARP (address resolution protocol) attack centralized detection and defense method for wireless controller system |
| CN104486765A (en) * | 2014-12-22 | 2015-04-01 | 上海斐讯数据通信技术有限公司 | Wireless intrusion detecting system and detecting method |
Non-Patent Citations (3)
| Title |
|---|
| 李安邦: "企业无线部署与安全设计", 《电脑知识与技术》 * |
| 王刚: "邮政企业办公大楼WLAN建设方案的设计与实现", 《电子世界》 * |
| 谢丰等: "基于"无线控制器+FIT AP"解决方案的无线局域网设计与实现", 《电脑知识与技术》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112671466A (en) * | 2020-11-24 | 2021-04-16 | 深圳市宇虹飞科技有限公司 | Indoor wireless coverage transmission system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111741473B (en) | 2023-04-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7316031B2 (en) | System and method for remotely monitoring wireless networks | |
| EP3298814B1 (en) | System and method for faked base station detection | |
| CN101785336B (en) | Access control for an AD-HOC small-coverage base station | |
| CN104168669B (en) | The method and system of cell access is managed for using cellular infrastructure | |
| CN114301784B (en) | Method and device for constructing network target range training environment, electronic equipment and storage medium | |
| KR101314003B1 (en) | A HOME (e)Node-B WITH FUNCTIONALITY | |
| Tian et al. | A survey on C-RAN security | |
| CN101810022A (en) | Auto-discovery and management of base station neighbors in wireless networks | |
| CN101595694B (en) | Intrusion prevention system for wireless networks | |
| CN102170639B (en) | Authentication method of distributed wireless Ad Hoc network | |
| CN101540667A (en) | Method and equipment for interfering with communication in wireless local area network | |
| US20180288660A1 (en) | Connection control apparatus and connection control method | |
| CN111741473B (en) | Method and device for controlling wireless coverage and network security | |
| CN101365216A (en) | Position limiting method for wireless communication apparatus | |
| WO2022108705A2 (en) | Dynamic cellular network spectrum sharing | |
| Wetterwald et al. | SDN for public safety networks | |
| WO2011027091A1 (en) | Wireless communication method and apparatus | |
| Ishizu et al. | Cognitive wireless network infrastructure and restoration activities for the earthquake disaster | |
| CN115297466A (en) | Anti-theft method, system, equipment and storage medium of integrated small base station | |
| Wang et al. | Secure spectral-energy efficiency tradeoff in random cognitive relay networks | |
| EP2424327A1 (en) | Method, public land mobile network and network entity for providing wireless backhaul link | |
| Wang et al. | Application of Wireless Network in the Construction of Haihe River Water Conservancy Commission | |
| US11665608B2 (en) | Systems and methods for interference mitigation for non-member user equipment devices in the vicinity of closed access small cells | |
| Akande et al. | Development of a Modified Empirical Model for New Mobile Radio Network at 28 GHz Millimeter Wave Spectrum | |
| US11963021B2 (en) | Adaptive spatial reuse |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |