Two security-related questions for wireless

Rick Stevens rstevens at vitalstream.com
Fri Jul 9 23:57:26 UTC 2004


Terry Linhardt wrote:
> I'm running Core 2, and from a laptop using a wireless (802.11-B) card
> to reach a WAP.  I have absolutely no problems in using a wireless
> configuration  *provided* I broadcast my SSID.  But, as soon as I no
> longer broadcast my SSID my wireless card cannot "find" the WAP.
> 
> Two questions:  
> 
> 1) How can I configure my system to access my WAP by it's assigned ID.

I'm not sure you can.  The ESSID is required or your card can't find the
network in the first place.  You might be able to bypass it by forcing
"CHANNEL=" in your ifcfg-wlan0 file, but I won't guarantee it.  BTW,
what's your aversion to broadcasting your ESSID?  If you use a WEP key,
your network isn't really that succeptible to attack.

> 2) On a related security issue, how can I make use of WEP encryption.

Make sure your WAPs all have the same key (MINIMUM 128-bit encryption)
and put it in your ifcfg-wlanx file as "KEY=whatever".  If you use an
ASCII key, make sure it's "KEY=s:whatever" ("s" for string) or the
system will try to interpret it as hex-ASCII.

Typical ifcfg-wlan0 file:

	ONBOOT=yes
	BOOTPROTO=dhcp
	MODE=managed
	ESSID=mynetwork
	KEY=s:xxxxxxxxxxxxx

Without ESSID broadcasts, you might try:

	ONBOOT=yes
	BOOTPROTO=dhcp
	MODE=managed
	CHANNEL=9 (or whatever channel you use)
	ESSID=mynetwork
	KEY=s:xxxxxxxxxxxxx

The keys can also be in "/etc/sysconfig/network-scripts/keys-wlanx"
files if you wish.

Like I said, I'm not sure you need to hide your ESSID in the first
place.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-        Brain:  The organ with which we think that we think.        -
----------------------------------------------------------------------





More information about the users mailing list