安全性

Wi-Fi®已經成為日常生活中不可或缺的組成部分。全世界數十億人的生活和工作都要依靠Wi-Fi,他們通過Wi-Fi購物、辦理銀行業務、安排生活並保持聯繫。保護Wi-Fi連接的安全對於個人資料安全保護發揮了重要作用。隨著Wi-Fi設備在全球的使用量持續上升,Wi-Fi Alliance®已經站在增強Wi-Fi安全性的前沿。

自2003年以來,Wi-Fi Alliance已經通過Wi-Fi Protected Access®技術系列,説明個人和企業增強了對流經Wi-Fi網路的資訊的保護。Wi-Fi Protected Access安全功能不斷發展,以隨著安全環境的變化,增加更強大的保護能力和新的安全實踐。

Wi-Fi Protected Access安全系列包括面向個人和企業網路的解決方案。

Wi-Fi CERTIFIED WPA2™

10多年來,WPA2™一直是值得信賴的安全技術。採用WPA2™的Wi-Fi網路可以安全地控制,誰可以連接到網路,並提供隱私保護,以確保通過Wi-Fi網路傳送的資訊不會被其他人截獲。自2006年以來,所有Wi-Fi CERTIFIED™設備都採用了WPA2。

WPA2認證計畫不斷發展,以隨著安全環境變化滿足不斷變化的安全需求。2018年,Wi-Fi Alliance推出了以下增強的配置、驗證和加密功能,以提升對網路的安全保護能力。

  • 強制使用“受保護的管理幀(Protected Management Frame)”,所有目前一代Wi-Fi CERTIFIED設備都將使用“受保護的管理幀”,此舉旨在保持關鍵任務型網路的彈性。
  • 增強對廠商安全措施的驗證,以降低可能由網路錯誤配置導致的漏洞,並利用集中式驗證服務,進一步保護運營商Wi-Fi網路的安全。

WPA2將繼續發展,以使所有Wi-Fi CERTIFIED設備滿足最高的互通性和安全性標準。

Wi-Fi CERTIFIED WPA3™

以WPA2取得的成功為基礎,WPA3™也將在2018年增加新功能,以簡化Wi-Fi安全配置,增強個人及企業網路的Wi-Fi安全保護。

  • 提高密碼驗證的彈性,甚至當使用者選擇的密碼達不到所推薦的複雜度時,也能提供可靠的保護。
  • 為顯示介面有限或沒有顯示介面的設備簡化安全配置及網路連接過程。
  • 更強大的、採用192位金鑰的加密強度適合政府、國防和其他對安全性敏感的環境,該加密強度與美國的“商用國家級安全演算法(Commercial National Security Algorithm,簡稱CNSA)套件”是一致的。

在可預見的未來,Wi-Fi CERTIFIED設備將繼續採用WPA2,支援WPA3的所有設備將繼續可與WPA2設備一起使用。2018年將陸續推出更多WPA3安全功能。

開放式 Wi-Fi網路

使用者在所有地方都要使用Wi-Fi網路:在家中、辦公室、酒店、購物中心、公共交通中心和市政服務處。在這類地方使用不安全的網路是有風險的,個人資料可能被竊取,這也是為什麼Wi-Fi Alliance強烈建議,只要可能,用戶就應確保使用安全的、要求身份驗證的網路。然而,在有些情況下,開放式Wi-Fi網路是惟一可行的選擇。雖然世界各地很多消費者使用開放式網路都沒有遇到任何問題,但重要的是,要意識到開放式網路是有風險的,要盡力保護使用者資料。為了應對這種風險,Wi-Fi Alliance開發了一種有利於開放式Wi-Fi網路使用者的解決方案。

Wi-Fi CERTIFIED Enhanced Open™是Wi-Fi Alliance的一項認證計畫,在保留開放式網路使用便利這一特點的同時,降低了訪問不安全的網路帶來的某些風險。Wi-Fi Enhanced Open™網路無需進行身份驗證,就為用戶提供資料加密,這對根本不提供任何保護的傳統開放式網路而言,是一大改進。這些保護對用戶是透明的。Wi-Fi Enhanced Open™基於“互聯網工程任務組(IETF)”RFC8110規範中定義的“機會性無線加密(Opportunistic Wireless Encryption,簡稱OWE)”協議和Wi-Fi Alliance的“機會性無線加密規範(Opportunistic Wireless Encryption Specification)”,在保持開放式網路易用性的同時提供資料加密,因此對使用者有利,它對網路提供商也是有利的,因為無需網路提供商維護、分享或管理公共密碼。

因為Wi-Fi Enhanced Open™是一項Wi-Fi CERTIFIED™計畫,所以該技術與傳統網路是相容的,包括那些採用“強制主頁(captive portal)”的傳統網路。希望部署全功能身份驗證和設備配置解決方案的網路運營商,應該考慮諸如Wi-Fi CERTIFIED Passpoint®這類方法。

Wi-Fi Alliance News See All
Media Coverage See All
Wi-Fi kicks off 2018 with a security boost
Wi-Fi Alliance Launches WPA2 Enhancements and Debuts WPA3
Your local public Wi-Fi network may be a whole lot safer soon
Product Finder
WPA2-Personal-certified products
WPA2-Enterprise-certified products
Download Additional Resources
Frequently Asked Questions
  • What does “security” mean in the context of Wi-Fi?

    In the context of Wi-Fi technology, security means two things. First, controlling who can connect to and configure your network and equipment. Second, it means securing the data travelling wirelessly across your Wi-Fi network from unauthorized view.

    Wi-Fi security is just one aspect of security for networks. A protected Wi-Fi network is a great start, but you should also consider measures to protect your computer (virus software, firewall, etc.) and your communications across the Internet (virtual private network (VPN), etc.)

  • What is a passphrase?

    The term passphrase refers to a single string of characters that the user enters into all their Wi-Fi devices on the same network.

    With WPA2-Personal, using a passphrase is equivalent to using security doors with metal keys. All users use the same key. Changing the passphrase for the network requires changing the passphrase for all devices.

    WPA2-Enterprise is the equivalent to using security doors with electronic card keys. Each user has an individual card key. It is possible to change each user's card key or revoke their card key without disturbing the other users.

  • What is the KRACK attack?

    This term refers to a potential key reinstallation vulnerability detected in late 2017. Wi-Fi Alliance took steps immediately to ensure users can continue to count on Wi-Fi to deliver strong security protections. For more information on this issue view our security update.

  • What are Protected Management Frames?

    Wi-Fi CERTIFIED WPA2 with Protected Management Frames provides WPA2 protection for unicast and multicast management action frames. Unicast management action frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging. WPA2 with Protected Management Frames augments WPA2 privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks.

  • Does WPA2 have session keys?

    WPA2 creates fresh session keys on every association. The benefit is that the encryption keys used for each client on the network are unique and specific to that client. Ultimately, every packet sent over the air is encrypted with a unique key. The ability to avoid key reuse and provide unique, fresh encryption keys is a basic tenet of good security practice and is why WPA2 offers such good security.

  • What security measures should I take when working away from my home?

    Configure Wi-Fi client devices (laptops, handsets, and other Wi-Fi enabled products) to enable security protections.

    Configure for approved connections: Many devices are set by default to sense and automatically connect to any available wireless signal. Wi-Fi Alliance recommends that you configure your device to not automatically connect to an open network without your approval.

    Disable sharing: Wi-Fi enabled devices may automatically enable themselves to sharing / connecting with other devices when attaching to a wireless network. File and printer sharing may be common in business and home networks, but this should be avoided in a public network such as a hotel, restaurant, or airport hotspot

    Users may also wish to use complementary security measures to improve the security of their activity over the internet including virtual private networks (VPNs), firewalls, etc.

  • Are Wi-Fi CERTIFIED products protected by security?

    Yes. All Wi-Fi CERTIFIED products are tested for the latest generation of Wi-Fi security: Wi-Fi Protected Access® (WPA2™)  The only way to be sure that a product meets these standards is to purchase only Wi-Fi CERTIFIED products.