Linux Today: Linux News On Internet Time.

802.11 Planet: WiFi and the Penguin: Setting Up 802.11b Under Linux

Dec 26, 2001, 18:08 (1 Talkback[s])
(Other stories by Michael Hall)
"As most are aware by now, the WEP encryption provided by vendors for their 802.11b offerings is not bulletproof by any means. Given a suitably active network and a little time, programs like Airsnort (see Resources, below) can easily crack WEP keys, providing intruders the ability to sniff traffic over a WLAN. Trusting the physical layer of a network has never been considered good practice, but with a wireless layer that can effectively extend the "physical" presence of the LAN out to a sidewalk or neighboring building, it's even more important to make sure that services are adequately secured.

The immediate implication here is that traditional Linux/Unix services that relied on a modicum of physical security, most notably NFS, are much more dangerous on a network with a wireless component. Consider, for instance, basic NFS configurations, which rely on a combination of IP address and user id to authenticate clients. Viewed as an acceptable risk in a network with reasonable physical security, NFS becomes more problematic. Efforts are underway to tunnel NFS transactions via SSH (see Resources, below), but it's important to remember that a security scheme built on the physical security of a network and WEP simply isn't a security scheme at all in the wireless world.

Fortunately, there are ways to provide more security in the form of traffic encryption. As a springboard to further investigation we'll offer a quick example with OpenSSH, the open source implementation of the ssh protocol. Through use of OpenSSH, common network protocols can be routed through an encrypted tunnel, providing a much harder nut to crack for potential intruders."

Complete Story

Related Stories: