Slashdot Mirror

← Back to Stories (view on slashdot.org)

Enhanced WiFi Security Patch For FreeBSD

Posted by timothy on from the sekrit-treehouse-password dept.

Dan writes "Roland van Laar has a new, significant wi-fi patch for FreeBSD 5.1 and higher. The patch, available for download and testing, blocks clients with an empty or 'ANY' ssid and disables ssid broadcasting using the underlying firmware feature. SSID (Service Set ID) is used to identify wireless clients to a wireless / wired gateway. Wireless devices from the same manufacturer generally ship with the same default SSID. A beacon is a type of packet/frame that contains the SSID of a network. It is used to sync clocks on client devices and to make it easy for new network clients to see what networks are available. Preventing others from using your ssid is a means (although not foolproof!) of securing your wireless network."

4 of 59 comments (clear)

  1. Re:SSIDs? by squiggleslash · · Score: 5, Informative
    How do you mean "forge" SSIDs?

    An SSID is just a small text string, typically a short word, used to identify networks. Typically you can ask your PC to list available networks and it'll provide you with a list of SSIDs, the joke being that most of them will have the names "DEFAULT", "BELKIN", etc. You configure your wireless hub to have a particular name, and then you'll be able to easily select yours. If you hide it, as the article suggests (not a particularly original feature, I'd guess most wireless hubs allow you to hide SSIDs, mine does), then it's still useful as you manually can tell your PC which network to connect to (eg enter the name) and it'll still find it despite the fact you've hidden the SSID.

    If someone was to try to masquerade their network as yours - say, give their network the same name as yours so that you might connect to it by accident - then they could do so, but any other wireless security you'd have switched on would automatically defeat it (within reason - WEP, for example, is probably the most popular 802.11 security technology, but it's infamously insecure.)

    --
    You are not alone. This is not normal. None of this is normal.
  2. A step in the right direction by RubberDuckie · · Score: 2, Informative

    I'll have to give this a try. While it does not make WiFi secure, it is a small step to making it a bit more secure. At least this way, if I'm not using my wireless network (which is most of the time), it's not broadcasting SSID's for people to sniff.

    On a side note, it's a real shame that a useful article has garnered mostly trolls and flamebait as responses. Sigh...

  3. Re:SSIDs? by _Sharp'r_ · · Score: 2, Informative

    Basically the way real people who care about security use Wifi securely is that they don't treat is like it's secure.

    The simplest implementation of that is to design your network under the assumption that any Wifi portions are about as secure as the general Internet.

    In other words, stick the Wifi network on it's own outside your firewalled "internal" network and use a VPN client to connect your laptop or whatever to the real network. The gateway for the Wifi network would in this case usually be a firewall/VPN server.

    If someone gets on the Wifi network, they can't do anything with your encrypted packets and they can't get anywhere past the firewalled connection to anything else.

    --
    The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
  4. Re:Card support? by stox · · Score: 2, Informative

    You might want to take a look at FreeBSD 5-Current. The framework for loading NDIS drivers has recently been added. That may be the solution to your problem. I have not used it yet, myself, so I can't comment on how well it does the job.

    --
    "To those who are overly cautious, everything is impossible. "