This book attempts to give you all the knowledge and tools required to build a secure wireless network using Linux and FreeBSD. You will be able to use this book as a roadmap to deploy a wireless network; from the client to the access point to the gateway, it is all documented in the book. This is accomplished by a two-step process. First, we talk about wireless and 802.11b in general. This book will give you a broad basis in theory and practice of wireless security. This provides you with the technical grounding required to think about how the rest of the book applies to your specific needs and situations.
The second part of this book details the technical setup instructions needed for both operations systems including kernel configurations and various startup files. We approach the specific technical setup using a “from the edge to the core” concept. We start by examining the security of a wireless client that is at the very edge of the network. Then, we move toward the core by providing a method of setting up a secure access point for client use. From there, we move even farther toward the core by examining secure configuration of the network’s IP gateway. Finally, we zoom all the way out and discuss security solutions that involve many parts of the network, including end-to-end security.
Part I provides an introduction to wireless networks and the sorts of attacks the system administrator can expect.
Chapter 1 introduces wireless networking and some high-level security concerns. The chapter talks briefly about basic radio transmission issues such as signal strength and types of antennas. It also examines the differences and similarities between members of the 802.11 suite of protocols. Finally, we discuss the Wired Equivalency Protocol (WEP) and its weaknesses.
Chapter 2 examines the types and consequences of attacks that can be launched against a wireless network. This chapter opens with a discussion of denial-of-service attacks, proceeds to man-in-the-middle attacks, and finishes with a section on illicit use of network resources.
Part II shows you how to lock down a wireless client machine such as a laptop. These chapters contain general security best practices for workstations (which are, unfortunately, rarely used). They also contain specific wireless kernel, startup, and card configuration. Finally, we provide tactics for stopping attackers on the same wireless network as well as how to audit the entire workstation.
Chapter 3 discusses the general approach and concerns for securing a wireless client. This chapter provides a foundation for the five OS-specific chapters that follow it.
Chapter 4 discusses specific concerns for securing a FreeBSD wireless client. This chapter discusses kernel, interface, and operating system configuration issues. It also presents techniques and tools for detecting various attacks and defending against them.
Chapter 5 discusses specific concerns for securing a Linux wireless client. Kernel, interface, and operating system configuration issues are presented. This chapter also presents techniques and tools for detecting various attacks and defending against them including a basic firewall configuration.
Chapter 6 discusses specific concerns for securing an OpenBSD wireless client. This chapter discusses kernel, interface, and operating system configuration issues that are unique to OpenBSD. It also presents techniques and tools for detecting various attacks and defending against them.
Chapter 7 shows how to securely configure a Mac OS X wireless client. Techniques for hardening the operating system as well as firewall configurations are presented in this chapter.
Chapter 8 provides a brief discussion of securing a Microsoft Windows wireless client. Basic ideas such as anti-virus software and firewall options are covered in this chapter.
Part III covers the configuration and security of access points.
Chapter 9 shows how to install and securely configure a wireless access point. This chapter starts with a discussion of generic security problems occurring on most access points, especially firmware access points commonly available at computer stores. We also describe the installation and secure configuration of the HostAP drivers for Linux, FreeBSD, and OpenBSD.
Part IV covers the more complex issue of gateway configuration on several platforms.
Chapter 10 discusses the general issues related to the configuration and deployment of the network gateway. The discussion in this chapter frames the concerns that will be addressed using the configuration guides of the three chapters that follow it.
Chapter 11 provides the steps necessary to install and configure a properly secured IP gateway for a wireless network. The chapter discusses how to install the operating system and bring up all of the network interfaces. From there, firewall rules are presented with an explanation of why each rule is necessary. Finally, installation and configuration of supporting services such as DHCP and DNS are provided.
The remainder of the book covers technologies and techniques that can be used across the entire network.
Chapter 14 covers supplementary tools that can help secure wireless network traffic. This chapter examines the use of portals to control network access. Next, we examine the use of 802.1x and VPNs to secure the network.
Chapter 15 examines the interplay between the clients, access points, and gateways. This chapter opens with a discussion of how the users affect the architecture of the network. Finally, we attempt to look into the crystal ball and determine what the future holds for wireless security.