Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
I have a neat little script to start Tigernet (thanks to George at the
swap meet for helping me set $PATH parameters.)
/#!/bin/bash/
PATH=/sbin:/usr/sbin:${PATH}
INTF="eth1"
SSID="TigerNet"
KEY="6162756e63686f663173263073"
MODE="Managed"
*echo* "Shutting down current network ...."
*sudo* ifdown eth0
*sudo* ifdown eth0
*echo* "Starting wireless on $INTF ...."
*sudo* ifup eth1
*sudo* iwconfig $INTF mode $MODE essid $SSID
*sudo* iwconfig $INTF enc $KEY
*echo* "Wireless configuration complete!"
If you want to use it, modify at will. My wireless is eth1 as I only
have two NICs in this laptop. If you use ndiswrapper, you have to
modprobe it to start. George's script had that in there, but my NIC is
an old Lucent Orinoco that has a native Linux driver so I don't need it.
Phillip
McNutt, Justin M. wrote:
I'm guessing lots of people got the email notice about this fact, but
I'm also guessing that some people didn't, or are going to forget and
wonder what happened when their wireless connectivity fails on Aug. 1.
Here's what to put in /etc/sysconfig/network-scripts/ifcfg-XXX:
KEY="open 6162-756e-6368-6f66-3173-2630-73"
ESSID=TigerNet
Meanwhile, this year's key is about as good a password as last year's,
which is to say: not very. I don't know much about wireless security,
If you don't know much about wireless security, then why are you talking about it?
but wouldn't it be possible to limit access to users who had a valid
pawprint or something like this? Then you could put a proxy in
between users and the the service they wanted, and encrypt everything
more securely. Or maybe I'm just dreaming. :-)
We could force all wireless users to use the VPN client, but that involves installing client software, plus an extra non-obvious step to get attached to the network.
Another more accurate description of the problem is that the way we use WEP keys on campus, they are not intended to be "passwords" in the sense that we're going to choose some hard-to-guess thing. It's too easy to crack *any* static WEP key to take it seriously as a password. It's only used to "keep honest people honest" as it were.
There are several solutions to this problem. We're working on the simplest one, which is to enable 802.1X (EAP) authentication on the wireless network. That solves two problems at once:
1) You have to have a valid pawprint to use the network, so we know you belong.
2) Once authenticated, you get a session-specific WEP key. Thus, if someone cracks your current key, it's not going to help him get anyone else's data, or even yours after the current session.
The 802.1X-enable network (SSID TigerNet1X) went "production" this morning. How long the non-802.1X network stays around is yet to be seen, but it's not going away any time soon. Security on *that* network is a whole 'nother matter, as is MAC address registration on *either* network.
--J
P.S. 802.1X and MAC address registration are not wireless-specific technologies by the way (hint, hint). It just so happens that if you enable 802.1X on a wireless network, you can pass a dynamic WEP key back as part of the authentication (it's a bonus, not a core feature).
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact