O'Reilly logo

802.11 Security by Bruce Potter, Bob Fleck

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

OS Protection

A secure kernel is only part of the solution for using a wireless network securely. A station on a wireless network is in a hostile environment. Anyone nearby can launch an attack against the station. The station should not rely on other network defenses to keep these attacks at bay; it must defend itself from hostile activity.

Firewall Configuration

The firewall configuration on a wireless client is relatively simple. Most clients are not running any services such as web or mail servers. The only new connections should be outbound from the host; there should be no inbound connection requests. If you do have services running on your client, you will need to modify your firewall configuration appropriately.

The Netfilter firewall included in Linux 2.4 is controlled by the program iptables. In a nutshell, Netfilter uses a list of firewall rules called chains to process packets. There are three different chains in a Netfilter firewall:

INPUT

Packets destined for the host machine are handled by the INPUT chain. If a host is running a web server, packets destined for port 80 on the host’s public IP address would be handled by the INPUT chain.

OUTPUT

The OUTPUT chain processes packets generated by the host for another host. A request by your workstation for a web page from a remote web server would be handled by your workstation’s output chain.

FORWARD

The FORWARD chain processes packets that are sourced by a non-local host and destined for a non-local host. This type of action ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required