4
1
I've recently started using wireless on an (Arch) laptop. My wireless manager (wicd) is set up to automatically associate with any networks with a certain ESSID and attempt to authenticate with them.
Is that a security risk? In particular, could an attacker set up a network with the same ESSID as the one I connect to, then wait for my wireless manager to try to connect, and receive my authentication details?
edit: The network I am connecting to uses WPA Enterprise authentication which requires an identity and password, not an encryption key.
Thanks, does something similar hold for a WPA Enterprise network? My connection requires identity and password, not a private key. – Pandamonium – 2012-02-07T13:17:24.880
Yes, the keys are never transmitted with WPA either (of any sort). With Enterprise - where you are using certificates, you can also confirm the AP is who they say they are by validating the cert they present is signed by a trusted CA. – Paul – 2012-02-07T13:22:32.600