Two security-related questions for wireless

J. Erik Hemdal ehemdal at townisp.com
Sat Jul 10 04:43:49 UTC 2004 

> On Fri, 9 Jul 2004, Rick Stevens wrote:
> 
> > Terry Linhardt wrote:
> > > I'm running Core 2, and from a laptop using a wireless (802.11-B) 
> > > card to reach a WAP.  I have absolutely no problems in using a 
> > > wireless configuration  *provided* I broadcast my SSID.  But, as 
> > > soon as I no longer broadcast my SSID my wireless card 
> cannot "find" the WAP.
> > >
> > > Two questions:
> > >
> > > 1) How can I configure my system to access my WAP by it's 
> assigned ID.
> >
> > I'm not sure you can.  The ESSID is required or your card 
> can't find 
> > the network in the first place.  You might be able to bypass it by 
> > forcing "CHANNEL=" in your ifcfg-wlan0 file, but I won't 
> guarantee it.  
> > BTW, what's your aversion to broadcasting your ESSID?  If you use a 
> > WEP key, your network isn't really that succeptible to attack.
> 
> I think that if the WAP doesn't broadcast, then the station 
> needs to specify the correct SSID.  If the WAP does broadcast 
> then the station can "adopt" the broadcast SSID.

Yes, and the client (your laptop) needs to know the channel you're using
(often this is channel 6 by default).  Basically, when the access point
fails to broadcast, the clients need to know everything about the connection
before it will work. SSID alone won't do it.  You can set the channel by
correctly fiddling with redhat-config-network and editing the proper
interface.  Use system-config-network on FC2.

> 
> It's not clear to me what the point of broadcasting is if you 
> then install WEP keys.
> 

This makes connection a little easier.  Some access points will deliver a
WEP key automatically, so that you have encrypted transfers on a network
that is publicly-available.

> >
> > > 2) On a related security issue, how can I make use of WEP 
> encryption.
> >
> > Make sure your WAPs all have the same key (MINIMUM 128-bit 
> encryption) 

The encryption level is going to be set by the minimum encryption that all
your wireless clients can support.  In my experience, Windows XP doesn't
support 128-bit encryption.  This might prevent you from going to stronger
encryption.

> > Like I said, I'm not sure you need to hide your ESSID in the first 
> > place.

Probably for the same reason you set up a firewall rather than closing all
your ports.  You can't hack a network you can't see.\

Erik

More information about the users mailing list