Secure WiFi Communications

Radio wave technology makes WiFi networks readily available and often freely accessible to users in many locations. As a result, connecting to a WiFi network can be an insecure undertaking. However, certain types of WiFi connections are more secure:

• Connecting to a private, restricted-access WiFi network

  Private networks, such as internal networks established by corporations or universities, restrict access to their networks to users who can provide the correct security challenge. Potential users must supply a key during the connection sequence or log in to the network through a secure VPN.

• Encrypting your connection to the WiFi network

  You can encrypt communications between your system and a WiFi network by using a secure key. Your access point to the WiFi network must be a router in your home or office with a secure key-generating feature. Your system and the router establish and then share the key before creating the secure connection.

The dladm command can use a Wired Equivalent Privacy (WEP) key for encrypting connections through the access point. The WEP protocol is defined in IEEE 802.11 specifications for wireless connections. For complete details on the WEP-related options of the dladm command, refer to the dladm(1M) man page.

How to Set Up an Encrypted WiFi Network Connection

The next procedure explains how to set up secure communications between a system and a router in the home. Many wireless and wired routers for the home have an encryption feature that can generate a secure key.

Before You Begin

If you are connecting to your own home's wireless network, make sure that you have configured your router and have generated the WEP key. Follow the router manufacturer's documentation for generating and saving the key configuration.

1. Become an administrator.

   For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.

2. Create a secure object that contains the WEP key.

   Open a terminal window on the system and type the following:

   # dladm create-secobj -c wep keyname

   where keyname represents the name you want to give to the key.

3. Supply the value for the WEP key to the secure object.

   The create-secobj subcommand then runs a script that requests the value for the key.

   provide value for keyname: 5-or-13-byte key
   confirm value for keyname: Retype key

   This value is the key that was generated by the router. The script accepts either a 5–byte or 13–byte string, in ASCII or in hexadecimal for the key value.

4. View the contents of the key that you just created.

   # dladm show-secobj
   OBJECT               CLASS
   keyname                wep

   where keyname is the name for the secure object.

5. Make an encrypted connection to the WiFi network.

   # dladm connect-wifi -e network -k keyname interface

6. Verify that the connection is secure.

   # dladm show-wifi
   LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
   net0       connected     wifi-1        wep     good       g      11Mb

   The wep value under the SEC heading indicates that WEP encryption is in place for the connection.

Example 5-3 Setting Up Encrypted WiFi Communications

This example assumes that you have already done the following:

• Connected your system to a home router that can create a WEP key

• Followed the router manufacturer's documentation and created the WEP key

• Saved the key so that you can use it to create the secure object on your system

Create a secure object.

# dladm create-secobj -c wep mykey
provide value for mykey: *****
confirm value for mkey: *****

When you supply the WEP key that is generated by the router, asterisks mask the value that you type.

# dladm show-secobj
OBJECT               CLASS
 mykey               wep
# dladm connect-wifi -e citinet -k mykey net0

The preceding command establishes an encrypted connection to the WiFi network citinet by using the secure object mykey.

# dladm show-wifi
LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
net0       connected     citinet       wep     good       g      36Mb

This output verifies that you are connected to citinet through WEP encryption.