Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux: A Wireless Solution Josh Joiner. Agenda Introduction Minimum Hardware Basic Components Steps on setting up a wireless network Security Concerns.

Published bySheila Davidson Modified over 8 years ago

Similar presentations

Presentation on theme: "Linux: A Wireless Solution Josh Joiner. Agenda Introduction Minimum Hardware Basic Components Steps on setting up a wireless network Security Concerns."— Presentation transcript:

1 Linux: A Wireless Solution Josh Joiner

2 Agenda Introduction Minimum Hardware Basic Components Steps on setting up a wireless network Security Concerns and Conclusion

3 Introduction What is a wireless network Wireless LANs range of coverage We are setting up a 802.11b (also known as Wi-Fi) implementation of a wlan. There are other implementation that can be found at http://ieee802.org/11/ http://ieee802.org/11/ http://ieee802.org/11/ More info on wireless can be found at: http://www.nsrc.org/wireless.html http://www.nsrc.org/wireless.html http://www.nsrc.org/wireless.html http://www.webopedia.com/TERM/W/Wi_Fi.ht ml http://www.webopedia.com/TERM/W/Wi_Fi.ht ml http://www.webopedia.com/TERM/W/Wi_Fi.ht ml http://www.webopedia.com/TERM/W/Wi_Fi.ht ml

4 Minimum Hardware Needed desktop or laptop(>=386) - ap Desktop or laptop - client Two or more 802.11b wireless cards (I use Lucent's Wavelan card) ISA-to-PCMCIA or PCI-to-PCMCIA adapter Hardware to set up the link from the gateway to the Internet. A Unix-like operating system.

5 Basic Components of a Wireless Network Wired Network Gateway or Acess Point Client(s)

6 Example Wireless Layout

7 How To: Step1: Install the PCI/ISA-to-PCMCIA adapter in the gateway Step2: Install Unix Like OS on the Gateway (desktop/laptop). I used Red Hat 7.0. Firewall software Firewall software DHCP server DHCP server SSH server SSH server Step 3: configure the wireless information in /etc/pcmcia/wireless.opts (see next slide for example)

8 My /etc/pcmcia/wireless.opts file: case "$ADDRESS" in *,*,*,*) INFO="LinuxAirport" INFO="LinuxAirport" ESSID=“name-of-network" ESSID=“name-of-network" MODE=“managed“ ##(there is several modes here) MODE=“managed“ ##(there is several modes here) RATE="auto" RATE="auto" KEY=“xxxxxxxxxxxxx" KEY=“xxxxxxxxxxxxx" # KEY="s:securityisfun" # KEY="s:securityisfun" # s: followed by thirteen chars, for 128-bit WEP # s: followed by thirteen chars, for 128-bit WEP # e.g. Lucent Gold # e.g. Lucent Gold ;; ;;esac

9 How to (cont) Step 4: Assign a wireless subnet under /etc/pcmcia/network.opts (see my next slide example) Step 5: Setup the external (dsl/lan) network. Step 6: Setup the firewall software in /etc/rc.d/rc.firewall (I used ipchains, see next slide for example)

10 /etc/pcmcia/network.opts case "$ADDRESS" in *,*,*,*) INFO="Sample private network setup" INFO="Sample private network setup" # Transceiver selection, for some cards -- see 'man ifport' # Transceiver selection, for some cards -- see 'man ifport' IF_PORT="" IF_PORT="" # Use BOOTP (via /sbin/bootpc, or /sbin/pump)? [y/n] # Use BOOTP (via /sbin/bootpc, or /sbin/pump)? [y/n] BOOTP="n" BOOTP="n" # Use DHCP (via /sbin/dhcpcd, /sbin/dhclient, or /sbin/pump)? [y/n] # Use DHCP (via /sbin/dhcpcd, /sbin/dhclient, or /sbin/pump)? [y/n] DHCP=“Y" DHCP=“Y" # If you need to explicitly specify a hostname for DHCP requests # If you need to explicitly specify a hostname for DHCP requests DHCP_HOSTNAME="" DHCP_HOSTNAME="" # Host's IP address, netmask, network address, broadcast address # Host's IP address, netmask, network address, broadcast address IPADDR="192.168.1.1" IPADDR="192.168.1.1" NETMASK="255.255.255.0" NETMASK="255.255.255.0" NETWORK="192.168.1.0" NETWORK="192.168.1.0" BROADCAST="192.168.1.255" BROADCAST="192.168.1.255"

11 /etc/pcmcia/network.opts # Gateway address for static routing GATEWAY="10.64.48.1" GATEWAY="10.64.48.1" # Things to add to /etc/resolv.conf for this interface # Things to add to /etc/resolv.conf for this interface DOMAIN="" DOMAIN="" SEARCH="" SEARCH="" DNS_1="" DNS_1="" DNS_2="" DNS_2="" DNS_3="" DNS_3="" # Extra stuff to do after setting up the interface start_fn () { return; } start_fn () { return; } # Extra stuff to do before shutting down the interface # Extra stuff to do before shutting down the interface stop_fn () { return; } stop_fn () { return; } # Card eject policy options # Card eject policy options NO_CHECK=n NO_CHECK=n NO_FUSER=n NO_FUSER=n ;; ;;esac

12 /etc/rc.d/rc.firewall #!/bin/sh# # rc.firewall-2.2 FWVER="1.01" echo -e "\n\nLoading simple rc.firewall version $FWVER..\n" #Setting the EXTERNAL and INTERNAL interfaces for the network EXTIF="eth0"INTIF="eth1" echo " External Interface: $EXTIF" echo " Internal Interface: $INTIF" # Network Address of the Internal Network #INTLAN="192.168.1.0/24" echo -e " Internal Interface: $INTLAN\n" # Load all required IP MASQ modules echo " loading required IPMASQ kernel modules.." # Needed to initially load modules # /sbin/depmod -a echo -en " Loading modules: " echo ". Done loading modules."

13 #CRITICAL: Enable IP forwarding since it is disabled by default since # Redhat Users: you may try changing the options in /etc/sysconfig/network from: # FORWARD_IPV4=false to FORWARD_IPV4=true echo " enabling forwarding.." echo "1" > /proc/sys/net/ipv4/ip_forward #CRITICAL: Enable automatic IP defragmenting since it is disabled by default echo " enabling AlwaysDefrag.." echo "1" > /proc/sys/net/ipv4/ip_always_defrag echo " clearing any existing rules and setting default policy.." /sbin/ipchains -P input ACCEPT /sbin/ipchains -P output ACCEPT /sbin/ipchains -P forward REJECT /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users) # echo " setting default timers.." /sbin/ipchains -M -S 7200 10 160

14 # DHCP: For people who receive their external IP address from either DHCP or # BOOTP such as ADSL or Cablemodem users, it is necessary to use the # following before the deny command. # # This example is currently commented out. ## /sbin/ipchains -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp # Enable simple IP forwarding and Masquerading # echo " enabling IPMASQ functionality on $EXTIF" /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -i $EXTIF -s $INTLAN -j MASQ echo -e "\nrc.firewall v$FWVER done.\n"

15 How To (cont): Step 7: Setup DHCPD (see sample config) Step 8: Now you are ready to configure the clients.

16 /etc/dhcpd.conf subnet 192.168.1.0 netmask 255.255.255.0 { # --- default gateway option routers 192.168.1.1; option routers 192.168.1.1; option subnet-mask 255.255.255.0; option subnet-mask 255.255.255.0; option domain-name “domainname.com"; # replace this w option domain-name “domainname.com"; # replace this w ith the domain name of your internal net, if any option domain-name-servers 10.64.48.5; # replace this w option domain-name-servers 10.64.48.5; # replace this w ith the IP of your Domain Name Server range dynamic-bootp 192.168.1.128 192.168.1.255; range dynamic-bootp 192.168.1.128 192.168.1.255; default-lease-time 21600; # 6 hrs default-lease-time 21600; # 6 hrs max-lease-time 43200; # 12 hrs max-lease-time 43200; # 12 hrs} subnet 10.64.48.0 netmask 255.255.252.0 { not authoritative; not authoritative;}

17 Security Concerns and Conclusion You can enable WEP (Wired Equivalent Privacy ) but it is not very secure. There are other solutions for Wireless Encryption: EAPTLS (Extensible Authentication Protocol Transport Level Security) EAPTLS (Extensible Authentication Protocol Transport Level Security) TKIP(Temporal Key Integrity Protocol ) TKIP(Temporal Key Integrity Protocol ) One of the better ways to implement security on a wireless network is to setup a VPN for secure access. The same client can often tunnel IPsec over wireless to a VPN gateway located between the access point and the rest of the corporate network.

18 Questions?

19 Sites of Reference http://www.oreillynet.com/pub/a/wireless/2 001/03/06/recipe.html http://www.oreillynet.com/pub/a/wireless/2 001/03/06/recipe.html http://www.live.com/wireless/unix-base- station.html http://www.live.com/wireless/unix-base- station.html

Download ppt "Linux: A Wireless Solution Josh Joiner. Agenda Introduction Minimum Hardware Basic Components Steps on setting up a wireless network Security Concerns."

Similar presentations

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.

Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.

Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
1 CMPT 471 Networking II DHCP © Janice Regan, 2006-2013.

1 CMPT 471 Networking II DHCP © Janice Regan,
hotEx RADIUS Manager Installation

hotEx RADIUS Manager Installation
1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.

1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
CCENT Review. Put the following descriptions in order from Layer 7 to Layer 1 and give the name of each layer.

CCENT Review. Put the following descriptions in order from Layer 7 to Layer 1 and give the name of each layer.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.

© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
195Eg Ethernet Wired LAN 195Eg. Wireless Ethernet Setting IP Address Using Utility Programs Begin Programming Definition Selection Programming Modes of.

195Eg Ethernet Wired LAN 195Eg. Wireless Ethernet Setting IP Address Using Utility Programs Begin Programming Definition Selection Programming Modes of.

Similar presentations

Ads by Google