Linux Today: Linux News On Internet Time.

More on LinuxToday

802.11 Planet: WiFi and the Penguin: Setting Up 802.11b Under Linux

Dec 26, 2001, 18:08 (1 Talkback[s])
(Other stories by Michael Hall)


Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers

"As most are aware by now, the WEP encryption provided by vendors for their 802.11b offerings is not bulletproof by any means. Given a suitably active network and a little time, programs like Airsnort (see Resources, below) can easily crack WEP keys, providing intruders the ability to sniff traffic over a WLAN. Trusting the physical layer of a network has never been considered good practice, but with a wireless layer that can effectively extend the "physical" presence of the LAN out to a sidewalk or neighboring building, it's even more important to make sure that services are adequately secured.

The immediate implication here is that traditional Linux/Unix services that relied on a modicum of physical security, most notably NFS, are much more dangerous on a network with a wireless component. Consider, for instance, basic NFS configurations, which rely on a combination of IP address and user id to authenticate clients. Viewed as an acceptable risk in a network with reasonable physical security, NFS becomes more problematic. Efforts are underway to tunnel NFS transactions via SSH (see Resources, below), but it's important to remember that a security scheme built on the physical security of a network and WEP simply isn't a security scheme at all in the wireless world.

Fortunately, there are ways to provide more security in the form of traffic encryption. As a springboard to further investigation we'll offer a quick example with OpenSSH, the open source implementation of the ssh protocol. Through use of OpenSSH, common network protocols can be routed through an encrypted tunnel, providing a much harder nut to crack for potential intruders."

Complete Story

Related Stories: