Enhanced WiFi Security Patch For FreeBSD

Dan writes "Roland van Laar has a new, significant wi-fi patch for FreeBSD 5.1 and higher. The patch, available for download and testing, blocks clients with an empty or 'ANY' ssid and disables ssid broadcasting using the underlying firmware feature. SSID (Service Set ID) is used to identify wireless clients to a wireless / wired gateway. Wireless devices from the same manufacturer generally ship with the same default SSID. A beacon is a type of packet/frame that contains the SSID of a network. It is used to sync clocks on client devices and to make it easy for new network clients to see what networks are available. Preventing others from using your ssid is a means (although not foolproof!) of securing your wireless network."

SSIDs?

[Trbmxfz]

I suppose it's good news that there are people who do care about Wifi security.

However, I'm wondering: how much security does SSID-based blocking add (could individuals forge SSIDs, or would they have to be organizations with cash and determination?)? Shouldn't all connections on a wireless network use a strong encoding (SSH or such)?

How do real people provide and use services that are normally insecure (NFS comes to mind) over Wifi?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:SSIDs?

[_Sharp'r_]

Basically the way real people who care about security use Wifi securely is that they don't treat is like it's secure.

The simplest implementation of that is to design your network under the assumption that any Wifi portions are about as secure as the general Internet.

In other words, stick the Wifi network on it's own outside your firewalled "internal" network and use a VPN client to connect your laptop or whatever to the real network. The gateway for the Wifi network would in this case usually be a firewal

Re:SSIDs?

[jbplou]

For business this solution is good. For home use wep is good enough. if you rotate your ssid and wep keys you will be fine, most of your neighors probably aren't nerds enough to hack past wep. Plus wardrivers will move on to the next access point which most likely has the ssid broadcasting to linksys or belkin or something like that. but if I were really concerns about security I would probably setup 3 or 4 fake access points to confuse would be intruders.

Re:SSIDs?

[MrChuck]

For home use wep is good enough.

Then "for home use, no encryption is good enough".

There IS no security in WEP.

Presume it.

It's as secure as leaving your key under the mat and hoping your neighbor doesn't notice (ok break onto my LAN and you don't get much (vs. the house)). But telling people that WEP is "ok" is just irresponsible.

That said, I generally use SSH and the only cleartext on my wireless net is webbrowsing.

OS X, Unix and even that other OS all support IPSec. PPTP is even better.

Bad dot

Re:SSIDs?

[jbplou]

Like I said for home use WEP is good enough, most of my neighbors would not even know how to connect to my router if I gave them the web key.

Re:SSIDs?

[MrChuck]

Here's to hoping you block outbound port 25, don't use common (1819) addresses and don't use DHCP.

It just sucks when someone with not tons of effort can send a billion spams out your box one afternoon.

Card support?

[utlemming]

This is a great addition nontheless. If you can hide your SID then some warfaring punk can't find you easy. But then again you probably are using WEP or WPA or whatever the encyrption of the week is, so that is a nonissue. Now, I would be impressed if more wireless cards were supported. I am getting sick and tired of using my windows machine to down load my FreeBSD software toys.

Re:Card support?

[stox]

You might want to take a look at FreeBSD 5-Current. The framework for loading NDIS drivers has recently been added. That may be the solution to your problem. I have not used it yet, myself, so I can't comment on how well it does the job.

A step in the right direction

[RubberDuckie]

I'll have to give this a try. While it does not make WiFi secure, it is a small step to making it a bit more secure. At least this way, if I'm not using my wireless network (which is most of the time), it's not broadcasting SSID's for people to sniff.

On a side note, it's a real shame that a useful article has garnered mostly trolls and flamebait as responses. Sigh...

Wireless Leiden - the Why :-)

[dirkx]

Some people question the need for this; just some background as to why we in Wireless Leiden [wirelessleiden.nl] need this patch :-)

The issue is that througout the city we have omni antenna's - where -anyone- can associate with - and directional antennas which provide the interlinks between nodes (although the network covers a medium sized city - we use no copper; all interlinks are wireless).

On these interlinks we only want node-to-node traffic.

As the network is totally open (no username, password or any thing) - we hav

I love FreeBSD.

[readpunk]

I love FreeBSD, but I have a question. When on earth is anyone going to recognize the fact that there is a serious problem with the wi driver for dwl650 pcmcia cards? So many of us have them and yet the current driver for it, after a small amount of usage causes a full system lock up. Anyone have any info on that? I'd like to see the drivers for widely used software perfected before setting up default security for those who don't know how to on their access points.

The question beg's to be asked, shouldn't