Re: Two security-related questions for wireless

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 9 Jul 2004, Rick Stevens wrote:

> Terry Linhardt wrote:
> > I'm running Core 2, and from a laptop using a wireless (802.11-B) card
> > to reach a WAP.  I have absolutely no problems in using a wireless
> > configuration  *provided* I broadcast my SSID.  But, as soon as I no
> > longer broadcast my SSID my wireless card cannot "find" the WAP.
> >
> > Two questions:
> >
> > 1) How can I configure my system to access my WAP by it's assigned ID.
>
> I'm not sure you can.  The ESSID is required or your card can't find the
> network in the first place.  You might be able to bypass it by forcing
> "CHANNEL=" in your ifcfg-wlan0 file, but I won't guarantee it.  BTW,
> what's your aversion to broadcasting your ESSID?  If you use a WEP key,
> your network isn't really that succeptible to attack.

I think that if the WAP doesn't broadcast, then the station needs to
specify the correct SSID.  If the WAP does broadcast then the station can
"adopt" the broadcast SSID.

It's not clear to me what the point of broadcasting is if you then install
WEP keys.

>
> > 2) On a related security issue, how can I make use of WEP encryption.
>
> Make sure your WAPs all have the same key (MINIMUM 128-bit encryption)
> and put it in your ifcfg-wlanx file as "KEY=whatever".  If you use an
> ASCII key, make sure it's "KEY=s:whatever" ("s" for string) or the
> system will try to interpret it as hex-ASCII.
>
> Typical ifcfg-wlan0 file:
>
> 	ONBOOT=yes
> 	BOOTPROTO=dhcp
> 	MODE=managed
> 	ESSID=mynetwork
> 	KEY=s:xxxxxxxxxxxxx
>
> Without ESSID broadcasts, you might try:
>
> 	ONBOOT=yes
> 	BOOTPROTO=dhcp
> 	MODE=managed
> 	CHANNEL=9 (or whatever channel you use)
> 	ESSID=mynetwork
> 	KEY=s:xxxxxxxxxxxxx
>
> The keys can also be in "/etc/sysconfig/network-scripts/keys-wlanx"
> files if you wish.

Or the whole thing can be set using system-config-network.  Select the
wireless interface, then select the "Wireless Settings" tab and fill in
the blanks.

I believe that now the default key is a string and you specify a hex key
by preceeding it with "0x" (i.e., 0x4acd30e...).

>
> Like I said, I'm not sure you need to hide your ESSID in the first
> place.

-- 
		Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux