Better wireless security as well as more speed

Mark Knecht markknecht at gmail.com
Wed Feb 2 19:39:58 UTC 2005 

Hi,
   As I was working on this ogg file server project here at home I was
running 'iwlist wlan0 scanning' and, low and behold, just this morning
a new router turned on in my neighborhood. (Or it just became
visible...) I removed all power and Ethernet connections from my
router and continued scanning. The other cell was there (and still is)
with a different hardware address so I assume it's real.  Anyway, this
prompted me to look at my setups again and try to go to the next level
of both speed and security.

   My setup:

Router - Netgear 802.11b/g that also supports 108Mb/S

PCs - 2 FC2 machines with DWL-510G cards running under ndiswrapper

1) As a 1st step I changed my ESSID on all stations to a fairly random
string of letters and numbers. Took the network down and back up.
Everyone is still connected and the new ESSID shows up under iwlist
wlan0 scanning. However I assume that this means anyone scanning in
the neighborhood can get my ESSID so it would seemingly not help alot.
I changed it because stupidly the ESSID before was my home address.
Not smart.

2) As a second step I attempted to look at what options I have for
security options in the router. What it offers is:

Security:
- Disable
- WEP
- WPA-PSK (Wi-Fi Protected Access Pre-Shared Key)

Disable seems a bad choice. I've been using WEP as it seems to align
better with most of the examples in the Linux wireless HOWTO's. Is it
the best? WEP offers  the following in my router:

Security Encryption (WEP)
Authentication Type: 	(Automatic, Open System and Shared Key)
Encryption Strength:     (64, 128 and 152 bit)

and then 4 keys.

I had been using WEP, Open System and 128bit. I'm concerned that 'Open
System' means it broadcasts my ESSID which I'd like it not to do. Is
this what happens? If so does Shared Key or Automatic NOT broadcast
the ESSID?

The router also offers WPA-PSK. When I choose that it offers only an
8-63 character passphrase. Would this be better?

3) I'd also like to set the system up for 802.11g only operation if my
ndiswrapper stuff will work. How can I do this? As a first try I set
the router to g & b operation on channel 11. I then went to the
wireless PC and set up ifcfg-wlan0 to this:

[root at dragonfly root]# cat /etc/sysconfig/network-scripts/ifcfg-wlan0
# DLink DWL-520 using ndiswrapper
IPV6INIT=no
BOOTPROTO=static
ONBOOT=yes
USERCTL=no
PEERDNS=no
GATEWAY=192.168.10.3
TYPE=Wireless
DEVICE=wlan0
HWADDR=(wnic HW address)
NETMASK=255.255.255.0
IPADDR=192.168.10.52
ESSID=(Long random ESSID)
CHANNEL=5
KEY="(26 HEX characters) Restricted"
MODE=Managed
RATE=54Mb/s
[root at dragonfly root]#

After restarting the network I see this:

wlan0     IEEE 802.11b  ESSID:"(long random ESSID)"  Nickname:"dragonfly"
          Mode:Managed  Frequency:2.462GHz  Access Point: (router HW addr.)
          Bit Rate=11Mb/s   Tx-Power:20 dBm   Sensitivity=0/3
          RTS thr=2432 B   Fragment thr=2432 B
          Encryption key:(26 HEX characters)   Security mode:restricted
          Power Management:off
          Link Quality:100/100  Signal level:-56 dBm  Noise level:-256 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

So it appears that I'm only getting 11Mb/S. Can I improve on this?

And currently the other router is apparently still out there:

[root at dragonfly root]# iwlist wlan0 scanning
Warning: Driver for device wlan0 has been compiled with version 17
of Wireless Extension, while this program is using version 16.
Some things may be broken...

wlan0     Scan completed :
          Cell 01 - Address: 00:09:5B:4F:EB:16
                    ESSID:"NETGEAR"
                    Protocol:IEEE 802.11b
                    Mode:Managed
                    Frequency:2.462GHz
                    Quality:0/100  Signal level:-72 dBm  Noise level:-256 dBm
                    Encryption key:off
                    Bit Rate:1Mb/s
                    Bit Rate:2Mb/s
                    Bit Rate:5.5Mb/s
                    Bit Rate:11Mb/s
                    Bit Rate:52Mb/s
                    Extra:bcn_int=100
                    Extra:atim=0
          Cell 02 - Address: (My router's HW address)
                    ESSID:"(Long random ESSID)"
                    Protocol:IEEE 802.11b
                    Mode:Managed
                    Frequency:2.462GHz
                    Quality:0/100  Signal level:-49 dBm  Noise level:-256 dBm
                    Encryption key:on
                    Bit Rate:1Mb/s
                    Bit Rate:2Mb/s
                    Bit Rate:5.5Mb/s
                    Bit Rate:11Mb/s
                    Bit Rate:6Mb/s
                    Bit Rate:12Mb/s
                    Bit Rate:24Mb/s
                    Bit Rate:36Mb/s
                    Bit Rate:33Mb/s
                    Extra:bcn_int=100
                    Extra:atim=0

[root at dragonfly root]#

Thanks in advance for any and all ideas.

Cheers,
Mark

More information about the Redhat-install-list mailing list