KernelTrap has spoken with OpenBSD creator Theo de Raadt and several other OpenBSD developers regarding their recent efforts to add comprehensive wireless hardware support to OpenBSD. The article takes an in depth look at several of the dozen new drivers found in the upcoming OpenBSD 3.7 release, exploring the stories behind their development.
OpenBSD’s “Out of the Box” Wireless Support
2005-03-08 OpenBSD 18 Comments
I hope it will still be as secure. I doubt it will though.
So, supporting wireless hardware makes a system insecure then?
What planet did you just arrive from? If the hardware is in use, on an un-WEP’ed network, sure, its insecure. But its insecure no matter what OS you use – its user stupidity, not the OS.
Using WEP makes your network insecure. That’s why people are moving to WPA. The weakness of wireless networks in general are very well known. The signals can be decrypted by doing analysis on message fragments.
The point is, that it’s more secure because the user doesn’t have to rely on the security of the closed firmware. When the firmware is closed and unknown, it’s impossible to know if there aren’t any serious firmware implementation bugs or even backdoors, which compromise security. Not having to rely on a closed firmware implementation is a good thing.
WEP (and possibly WPA – it’s too new and not thoroughly analyzed yet) aren’t ideal solutions to provide secure wireless communication. OpenBSD natively provides IPSec, and OpenVPN is in the ports tree. Simpler solutions with OpenSSH/authpf are possible, too. These solutions are much better and more proven than WEP or WPA.
There is many possiblities out there for securing youw wireless LAN. You can use a radius server with PKI certs and PEAP to authenticate wireless users with any type of authentication method. For examples use IAS to authenticate with AD, or if you hate windows, use freeradius on openbsd to authenticate with openldap (or AD). Just create the account on the radius server for your AP, have your clents download the certs required to attach to your network, pass authentication tokens to AD/OpenLDAP/PAM or whatever.
Securing your wireless network isn’t as expensive as one would think. There is much much more to wireless security then your little linksys WEP or WAP setup at home.
Besides…how will enabling wireless support make things less secure? Put a wireless card in an openbsd box and use it for a gateway for your wireless users. Sounds secure to me.
I think we all should help the OpenBSD team preasure vendors to release specs. It is good for all of us. (Even us GNU/Linux people) A big thanks to the OpenBSD-team!
It’s not WEP that makes your system insecure: it’s the user, because the the system offers out features (IPSec) that can be layered over WEP.
When you read this article you think: “Oh OpenBSD has good hardware support and will improve dramatically.”
That just isn´t true. I have a NDC NWH4020 (Prism2_usb) wireless thingie and the only OS that work with it are Windows and Linux 2.6 with wlan-ng-pre26. Most BSDs sucked with it. It just didn´t work (NetBSD, FreeBSD) or it was unstable(OpenBSD). Trust me, i have tried.
“I have a NDC NWH4020 (Prism2_usb) wireless thingie and the only OS that work with it are Windows and Linux 2.6 with wlan-ng-pre26. Most BSDs sucked with it. It just didn´t work (NetBSD, FreeBSD) or it was unstable(OpenBSD).”
Works fine for me with OpenBSD 3.7 beta.
“Trust me, i have tried.” —> ??????
there is no OpenBSD beta…but i guess you mean OpenBSD current 😉
Yes, indeed my Prism2 USB WLAN Stick (D-Link DWL-122) works also perfectly…
IPSec and WEP offer similar functionality in that they encrypt network traffic. IPSec has the advantage that it’s not broken. Anyone using IPSec doesn’t need WEP, and anyone relying on WEP to offer security is making a mistake. Therefore, using WEP makes a network insecure.
Whether or not this is WEP’s fault or the user’s depends on if the user is the one administrating the network. WEP purported to be a traffic encryption scheme, but fails. I’m not seeing how ignoring the fact that WEP is broken and blaming the user is constructive. The important part is that no one should use WEP, because it offers no security. Once someone knows that, then they will naturally look for alternatives.
OpenBSD is currently in 3.7-beta, this is what happens during about the last 6 or 7 weeks of the development cycle (which is 6 months long).
The -current flag is the constant name for the most recent build snapshot of the system, but the -beta and -release flags come out at times.
I guess this means there is still no support for the most popular card on campus the WPC54G from Linksys…
Though according to this post:
“Different versions of the WPC54G?”
Joe G User on 12-Jan-2005 04:08:26 PM
Pros: Linksys quality. Decent docs.
Cons: WPC54G – Broadcom, Atheros, … chipsets. Which chipset are you gonna get? Not all chipsets are created equal. from http://shopper-zdnet.com.com/Linksys_WPC54G_Wireless_G_Notebook_Ada…
So perhaps mine could be since Atheros is apparently supported… hmm. Anyway to check which mine is? If not can anyone recommend a solid g PC-Card from a reputable company that works on *BSDLinux ?
As Nate stated “OpenBSD is currently in 3.7-beta, this is what happens during about the last 6 or 7 weeks of the development cycle (which is 6 months long). ”
It has been that way for years. You may read up on it on openbsd.org. It actually might be helpful to so before making malinformed statements.
God******! IF you want to “surf” around wlan-style, dont your have another OS to chose!?
Perhaps WEP is unsecure but I don’t know many people using IPSec on their home network…
…to 3.7 and after that the day when a Prism54 driver is added so I can use my 3Com OfficeConnect. Next WLAN card I buy is not going to be one that isn’t/can’t be fully supported by OpenBSD et al so no money for Intel there.
In what way does blaming the user increase security?