OS Protection

A secure kernel is only part of the solution for using a wireless network securely. A station on a wireless network is in a hostile environment. Anyone nearby can launch an attack against the station. The station should not rely on other network defenses to keep these attacks at bay; it must defend itself from hostile activity.

Firewall Configuration

The firewall configuration on a wireless client is relatively simple. Most clients are not running any services such as web or mail servers. The only new connections should be outbound from the host; there should be no inbound connection requests. If you do have services running on your client, you will need to modify your firewall configuration appropriately.

The Netfilter firewall included in Linux 2.4 is controlled by the program iptables. In a nutshell, Netfilter uses a list of firewall rules called chains to process packets. There are three different chains in a Netfilter firewall:

INPUT

Packets destined for the host machine are handled by the INPUT chain. If a host is running a web server, packets destined for port 80 on the host’s public IP address would be handled by the INPUT chain.

OUTPUT

The OUTPUT chain processes packets generated by the host for another host. A request by your workstation for a web page from a remote web server would be handled by your workstation’s output chain.

FORWARD

The FORWARD chain processes packets that are sourced by a non-local host and destined for a non-local host. This type of action ...

Get 802.11 Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.