铁路Wi-Fi应用分析与建议

Analysis and Suggestion on Railway Wi-Fi Application

无线Wi-Fi技术应用在实践中会产生很多安全问题,如弱口令、加密等级不足等,容易被黑客通过热点进入企业内部网络,造成信息泄露、核心数据被篡改等严重后果。依据国家政策和法规、行业规范和行业监管的迫切要求,分析铁路环境下典型Wi-Fi应用的安全防护现状及需求,有针对性地提出铁路无线网络安全防护的三大能力:信息安全感知能力、基本防护能力和网络行为管控能力,这些增强安全防护的能力是保证持续关注企业当前无线网络安全状况的基本条件。无线网络安全的一些重要措施,例如无线设备和相关数据集中管理,应能够持续捕获当前无线环境中所有的数据流量,将数据流量进行安全性分析,具备数据统计和分析能力,并针对无线网络数据链路层的无线网络攻击行为进行精准识别,必要时进行反制和阻断。

Security problems will emerge during Wi-Fi technology application, such as weak command, insufficient encryption level and hacker attack, resulting in information leak, data modification and other severe consequences. To fulfill the urgent demands from industrial specifications and supervision, the papa analyzes the security measures in typical railway Wi-Fi application and its needs, and promotes three abilities, namely, information security perception ability, basic protective ability and network behavior control ability, which are the basic conditions for monitoring the security status of corporate wireless network. The centralized management of wireless facilities and related data, for example, as an important security approach, can capture all data traffic continuously, make security analysis and statistics based on the data, and identify accurately the attacking behaviors on the DLL, with countermeasures or blockings conducted if necessary.