Enhanced WiFi Security Patch For FreeBSD - Slashdot

Slashdot

Enhanced WiFi Security Patch For FreeBSD 59

Posted by timothy on Saturday December 27, 2003 @05:31PM
from the sekrit-treehouse-password dept.

Dan writes "Roland van Laar has a new, significant wi-fi patch for FreeBSD 5.1 and higher. The patch, available for download and testing, blocks clients with an empty or 'ANY' ssid and disables ssid broadcasting using the underlying firmware feature. SSID (Service Set ID) is used to identify wireless clients to a wireless / wired gateway. Wireless devices from the same manufacturer generally ship with the same default SSID. A beacon is a type of packet/frame that contains the SSID of a network. It is used to sync clocks on client devices and to make it easy for new network clients to see what networks are available. Preventing others from using your ssid is a means (although not foolproof!) of securing your wireless network."

This discussion has been archived. No new comments can be posted.

Enhanced WiFi Security Patch For FreeBSD

Load All Comments

Search 59 Comments Log In/Create an Account

Comments Filter:

SSIDs? (Score:2, Interesting)

by Trbmxfz (728040) writes:

I suppose it's good news that there are people who do care about Wifi security.

However, I'm wondering: how much security does SSID-based blocking add (could individuals forge SSIDs, or would they have to be organizations with cash and determination?)? Shouldn't all connections on a wireless network use a strong encoding (SSH or such)?

How do real people provide and use services that are normally insecure (NFS comes to mind) over Wifi?
- Re:SSIDs? (Score:5, Informative)
  
  by squiggleslash (241428) writes: on Saturday December 27, 2003 @06:29PM (#7818919) Homepage Journal
  
  How do you mean "forge" SSIDs?
  An SSID is just a small text string, typically a short word, used to identify networks. Typically you can ask your PC to list available networks and it'll provide you with a list of SSIDs, the joke being that most of them will have the names "DEFAULT", "BELKIN", etc. You configure your wireless hub to have a particular name, and then you'll be able to easily select yours. If you hide it, as the article suggests (not a particularly original feature, I'd guess most wireless hubs allow you to hide SSIDs, mine does), then it's still useful as you manually can tell your PC which network to connect to (eg enter the name) and it'll still find it despite the fact you've hidden the SSID.
  If someone was to try to masquerade their network as yours - say, give their network the same name as yours so that you might connect to it by accident - then they could do so, but any other wireless security you'd have switched on would automatically defeat it (within reason - WEP, for example, is probably the most popular 802.11 security technology, but it's infamously insecure.)
  
  Parent Share
  twitter facebook linkedin
- Re:SSIDs? (Score:3, Informative)
  
  by _Sharp'r_ (649297) writes:
  
  Basically the way real people who care about security use Wifi securely is that they don't treat is like it's secure.
  
  The simplest implementation of that is to design your network under the assumption that any Wifi portions are about as secure as the general Internet.
  
  In other words, stick the Wifi network on it's own outside your firewalled "internal" network and use a VPN client to connect your laptop or whatever to the real network. The gateway for the Wifi network would in this case usually be a firewal
  - Re:SSIDs? (Score:1)
    
    by jbplou (732414) writes:
    
    For business this solution is good. For home use wep is good enough. if you rotate your ssid and wep keys you will be fine, most of your neighors probably aren't nerds enough to hack past wep. Plus wardrivers will move on to the next access point which most likely has the ssid broadcasting to linksys or belkin or something like that. but if I were really concerns about security I would probably setup 3 or 4 fake access points to confuse would be intruders.
    - Re:SSIDs? (Score:2)
      
      by MrChuck (14227) writes:
      
      For home use wep is good enough.
      Then "for home use, no encryption is good enough".
      There IS no security in WEP.
      Presume it.
      It's as secure as leaving your key under the mat and hoping your neighbor doesn't notice (ok break onto my LAN and you don't get much (vs. the house)). But telling people that WEP is "ok" is just irresponsible.
      That said, I generally use SSH and the only cleartext on my wireless net is webbrowsing.
      OS X, Unix and even that other OS all support IPSec. PPTP is even better.
      Bad dot
      - Re:SSIDs? (Score:1)
        
        by jbplou (732414) writes:
        
        Like I said for home use WEP is good enough, most of my neighbors would not even know how to connect to my router if I gave them the web key.
        
        Re:SSIDs? (Score:2)
        
        by MrChuck (14227) writes:
        
        Here's to hoping you block outbound port 25, don't use common (1819) addresses and don't use DHCP.
        It just sucks when someone with not tons of effort can send a billion spams out your box one afternoon.
Card support? (Score:2)

by utlemming (654269) writes:

This is a great addition nontheless. If you can hide your SID then some warfaring punk can't find you easy. But then again you probably are using WEP or WPA or whatever the encyrption of the week is, so that is a nonissue. Now, I would be impressed if more wireless cards were supported. I am getting sick and tired of using my windows machine to down load my FreeBSD software toys.
- Re:Card support? (Score:3, Informative)
  
  by stox (131684) writes:
  
  You might want to take a look at FreeBSD 5-Current. The framework for loading NDIS drivers has recently been added. That may be the solution to your problem. I have not used it yet, myself, so I can't comment on how well it does the job.
A step in the right direction (Score:2, Informative)

by RubberDuckie (53329) writes:

I'll have to give this a try. While it does not make WiFi secure, it is a small step to making it a bit more secure. At least this way, if I'm not using my wireless network (which is most of the time), it's not broadcasting SSID's for people to sniff.

On a side note, it's a real shame that a useful article has garnered mostly trolls and flamebait as responses. Sigh...
Wireless Leiden - the Why :-) (Score:2)

by dirkx (540136) writes:

Some people question the need for this; just some background as to why we in Wireless Leiden [wirelessleiden.nl] need this patch :-)
The issue is that througout the city we have omni antenna's - where -anyone- can associate with - and directional antennas which provide the interlinks between nodes (although the network covers a medium sized city - we use no copper; all interlinks are wireless).
On these interlinks we only want node-to-node traffic.
As the network is totally open (no username, password or any thing) - we hav
I love FreeBSD. (Score:1)

by readpunk (683053) writes:

I love FreeBSD, but I have a question. When on earth is anyone going to recognize the fact that there is a serious problem with the wi driver for dwl650 pcmcia cards? So many of us have them and yet the current driver for it, after a small amount of usage causes a full system lock up. Anyone have any info on that? I'd like to see the drivers for widely used software perfected before setting up default security for those who don't know how to on their access points.

The question beg's to be asked, shouldn't

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

109 commentsOpenBSD 5.3 Released
78 commentsNetBSD 6.1 Has Shipped
75 commentsDragonFly BSD 3.4 Released, With New Packaging System

Hey, diddle, diddle the overflow pdl To get a little more stack; If that's not enough then you lose it all And have to pop all the way back.