802.11 Planet: WiFi and the Penguin: Setting Up 802.11b Under Linux
Dec 26, 2001, 18:08 (1 Talkback[s])
(Other stories by Michael Hall)
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
"As most are aware by now, the WEP encryption provided
by vendors for their 802.11b offerings is not bulletproof by any
means. Given a suitably active network and a little time, programs
like Airsnort (see Resources, below) can easily crack WEP keys,
providing intruders the ability to sniff traffic over a WLAN.
Trusting the physical layer of a network has never been considered
good practice, but with a wireless layer that can effectively
extend the "physical" presence of the LAN out to a sidewalk or
neighboring building, it's even more important to make sure that
services are adequately secured.
The immediate implication here is that traditional Linux/Unix
services that relied on a modicum of physical security, most
notably NFS, are much more dangerous on a network with a wireless
component. Consider, for instance, basic NFS configurations, which
rely on a combination of IP address and user id to authenticate
clients. Viewed as an acceptable risk in a network with reasonable
physical security, NFS becomes more problematic. Efforts are
underway to tunnel NFS transactions via SSH (see Resources, below),
but it's important to remember that a security scheme built on the
physical security of a network and WEP simply isn't a security
scheme at all in the wireless world.
Fortunately, there are ways to provide more security in the form
of traffic encryption. As a springboard to further investigation
we'll offer a quick example with OpenSSH, the open source
implementation of the ssh protocol. Through use of OpenSSH, common
network protocols can be routed through an encrypted tunnel,
providing a much harder nut to crack for potential intruders."