802.11 Planet: WiFi and the Penguin: Setting Up 802.11b Under Linux
Dec 26, 2001, 18:08 (1 Talkback[s])
(Other stories by Michael Hall)
"As most are aware by now, the WEP encryption provided
by vendors for their 802.11b offerings is not bulletproof by any
means. Given a suitably active network and a little time, programs
like Airsnort (see Resources, below) can easily crack WEP keys,
providing intruders the ability to sniff traffic over a WLAN.
Trusting the physical layer of a network has never been considered
good practice, but with a wireless layer that can effectively
extend the "physical" presence of the LAN out to a sidewalk or
neighboring building, it's even more important to make sure that
services are adequately secured.
The immediate implication here is that traditional Linux/Unix
services that relied on a modicum of physical security, most
notably NFS, are much more dangerous on a network with a wireless
component. Consider, for instance, basic NFS configurations, which
rely on a combination of IP address and user id to authenticate
clients. Viewed as an acceptable risk in a network with reasonable
physical security, NFS becomes more problematic. Efforts are
underway to tunnel NFS transactions via SSH (see Resources, below),
but it's important to remember that a security scheme built on the
physical security of a network and WEP simply isn't a security
scheme at all in the wireless world.
Fortunately, there are ways to provide more security in the form
of traffic encryption. As a springboard to further investigation
we'll offer a quick example with OpenSSH, the open source
implementation of the ssh protocol. Through use of OpenSSH, common
network protocols can be routed through an encrypted tunnel,
providing a much harder nut to crack for potential intruders."