O'Reilly logo

802.11 Security by Bruce Potter, Bob Fleck

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Kernel Configuration

Like any other operating system, a secure host starts with a secure kernel configuration. If unneeded devices or options are included in your kernel configuration, you will not only have a bloated and slower kernel, but you may also open yourself up to attacks. The kernel should be configured using the Principle of Least Privilege. In short, if you do not need something in your kernel, do not add it! Also, an OpenBSD kernel can be configured with special options that can lead to a more secure machine. These options should be added when possible to help keep attackers out.

Wireless Kernel Configuration

In order to use wireless NICs, the kernel must be configured to support your wireless networking card. The process of compiling an OpenBSD kernel is outside the scope of this book. For more information on compiling a custom OpenBSD kernel, see http://www.openbsd.org/faq/faq5.html and the options(4) manual page.

When compiling an OpenBSD kernel, there are two different files that you may need to edit in order to add or remove all of the required options. The first configuration file, /usr/src/sys/conf/GENERIC, contains options that are common across all the architectures OpenBSD can run on. OpenBSD has been ported to many platforms, including i386, Sparc, PowerPC, and VAX. Some options, such as firewalling and IPv6 support, are shared between all the platforms, and therefore when you change an option in /usr/src/sys/conf/GENERIC, it will be reflected in any kernel ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required