It is rather tempting to say that on BSD, and on OpenBSD in particular, there's no need to 'make wireless networking simple', because it already is. Getting a wireless network running is basically not very different from getting a wired one up and running, but then of course there are some issues which turn up simply because we are dealing with radio waves and not wires. We will look briefly at some of the issues before moving on to the practical steps involved in creating a usable setup.
Moving to wireless networks provides an opportunity to view security at various level in the networking stack from a new perspective. We look briefly at two of the basic IEEE 802.11 security mechanisms below.[1]
It goes almost without saying that you will need further security measures, such as SSH or SSL encryption, to maintain any significant level of confidentiality for your data stream.
One consequence of using radio waves instead of wires is that it is comparatively easy for outsiders to capture your data in transit. The designers of the 802.11 family of wireless network standards seem to have been aware of this fact, and came up with a solution which they marketed under the name Wired Equivalent Privacy, or WEP.
WEP is a link level encryption scheme which is considered a pretty primitive homebrew among cryptography professionals. It was no great surprise that WEP encryption was reverse-engineered and cracked within a few months after the first products were released. Even though you can download tools for free to descramble WEP encoded traffic in a matter of minutes, for a variety of reasons it is still widely supported and used. You should consider network traffic protected only by WEP to be only marginally more secure than data broadcast in the clear. Then again, the token effort needed to crack into a WEP network may be sufficient to deter lazy and unsophisticated attackers.
It dawned fairly quickly on the 802.11 designers that their Wired Equivalent Privacy system was not quite what it was cracked up to be, and they came up with a revised and slightly more comprehensive solution which was dubbed WiFi Protected Access, or WPA.
WPA looks better than WEP, at least on paper, but the specification is complicated enough that it is not nearly as widely supported or implemented as its designers intended. In addition WPA has also attracted its share of criticism over design issues and bugs. Combined with the familiar issues of access to documentation and hardware, free software support varies. If your project specification includes WPA, look carefully at your operating system and driver documentation.
| [1] | For a more complete overview of issues surrounding security in wireless networks, see eg Professor Kjell Jørgen Hole's articles and slides at www.kjhole.com. For fresh developments in the WiFI field, the sites wifinetnews.com and The Unofficial 802.11 Security Web Page come higly recommended. |