Radio wave technology makes WiFi networks readily available and often freely accessible to users. As a result, connecting to a WiFi network can be an insecure undertaking.
The following types of WiFi connections are more secure:
Connecting to a private restricted-access WiFi network.
Private networks, such as internal networks that are established by corporations or universities, restrict network access to users who can provide the correct security challenge. Potential users must supply a key during the connection sequence or log in to the network through a secure Virtual Private Network (VPN) application.
Encrypting your connection to a WiFi network.
You can encrypt communications between your system and a WiFi network by using a secure key. Your access point to the WiFi network must be a router that is in your home or office with a secure key-generating feature. Your system and the router establish and then share the key before creating the secure connection.
The dladm command can use a Wired Equivalent Privacy (WEP) or a Wi-Fi Protected Access (WPA) key for encrypting connections through an access point. The WEP protocol is defined in the IEEE 802.11 specifications for wireless connections. The WPA protocol is defined in the IEEE 802.11i specifications for wireless connections. Oracle Solaris supports versions 1 and 2 of the WPA standard. For more information about dladm command options that are related to WEP and WPA, refer to the dladm(1M) man page.
The following procedure describes how to set up secure communications between a system and a router in the home. Many wireless and wired routers for the home have an encryption feature that is capable of generating a secure key.
Before You Begin
If you are connecting to a home wireless network, make sure that you have configured your router and have generated a WEP key. Follow the router manufacturer's documentation for generating and saving the key configuration.
# dladm create-secobj -c wep keyname
where keyname represents the name you want to give to the key.
The create-secobj subcommand then runs a script that requests the value for the key.
provide value for keyname: 5-or-13-byte key confirm value for keyname: Retype key
This value is the key that was generated by the router. The script accepts either a 5–byte or 13–byte string, in ASCII or hexadecimal format for the key value.
# dladm show-secobj OBJECT CLASS keyname wep
where keyname is the name of the secure object.
# dladm connect-wifi -e network -k keyname interface
# dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED net0 connected wifi-1 wep good g 11Mb
In the previous output, the wep value that is located under the SEC column indicates that the WEP encryption for the connection is in place.
The following example assumes that you have already done the following:
Followed the router manufacturer's documentation and created the WEP key.
Saved the key so that you can use it to create the secure object on your system.
A secure object is created as follows:
# dladm create-secobj -c wep mykey provide value for mykey: ***** confirm value for mkey: *****
When you supply the WEP key that is generated by the router, asterisks mask the value that you type.
The following command establishes an encrypted connection to the WiFi network citinet by using the secure object mykey.
# dladm show-secobj OBJECT CLASS mykey wep # dladm connect-wifi -e citinet -k mykey net0
The following command verifies that you are connected to the citinet wireless network through a WEP encryption.
# dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED net0 connected citinet wep good g 36Mb