Chapter 11. Managing Network Connections / 11.4. NetworkManager and Security
	11.3. Using GNOME NetworkManager Applet		Chapter 12. Browsing with Firefox

NetworkManager and Security

NetworkManager distinguishes two types of wireless connections, trusted and untrusted. A trusted connection is any network that you explicitly selected in the past. All others are untrusted. Trusted connections are identified by the name and MAC address of the access point. Using the MAC address ensures that you cannot use a different access point with the name of your trusted connection.

If no wired connection is available, NetworkManager scans for available wireless networks. If multiple trusted networks are found, the most recently used is automatically selected. If all are untrusted, NetworkManager waits for your selection.

If the encryption setting changes but the name and MAC address remain the same, NetworkManager attempt to connect, but it first asks you to confirm the new encryption settings and provide any updates, such as a new key.

In a system with a wireless connection only, NetworkManager does not automatically start the connection during boot. You must log in first to establish a connection. If you want to make a wireless connection accessible without login, configure the trusted connection with YaST. Only wireless connections configured with YaST are sufficiently credible for NetworkManager to use during boot.

If you switch to offline mode after using a wireless connection, NetworkManager removes the ESSID. This ensures that the card really is unassociated.

Configuring Your Wireless Card as an Access Point

If your wireless card supports access point mode, you can use NetworkManager for configuration.

Click Create New Wireless Network.

Add the network name and set the encryption in the Wireless Security dialog.

Unprotected Wireless Networks Are a Security Risk

	Unprotected Wireless Networks Are a Security Risk
If you set Wireless Security to `None`, everybody can connect to your network, reuse your connectivity, and intercept your network connection. To restrict access to your access point and to secure your connection, use encryption. You can choose from various WEP and WPA–based encryptions. If you are not sure which technology is best for you, see Chapter 28: Wireless Communication, in the SUSE Linux Enterprise Desktop Deployment Guide.

If you set Wireless Security to None, everybody can connect to your network, reuse your connectivity, and intercept your network connection. To restrict access to your access point and to secure your connection, use encryption. You can choose from various WEP and WPA–based encryptions. If you are not sure which technology is best for you, see Chapter 28: Wireless Communication, in the SUSE Linux Enterprise Desktop Deployment Guide.

Using NetworkManager with VPN

NetworkManager supports several VPN technologies. To use them, first install NetworkManager support for your VPN technology. You can select from:

NovellVPN
OpenVPN
vpnc (Cisco)

VPN support is included in the NetworkManager-novellvpn, NetworkManager-openvpn, and NetworkManager-vpns packages.

Procedure 11.2. Configuring a VPN connection with NetworkManager

Click the NetworkManager applet and select VPN Connections+Configure VPN.
Click Add, then click Forward to start the Create VPN Connection wizard.
Select the type of VPN connection you want to create, then click Forward.
Type a name for your configuration in the Connection Name field.
Specify all required information for your type of connection.
For example, for an OpenVPN connection, enter Gateway and choose the way to authenticate from Connection type. Complete the other required options depending on the connection chosen.
Alternatively, load settings from a saved configuration file by pressing Import Saved Configuration and choosing your saved configuration file in a standard file dialog.
Click Forward.

After the VPN is configured, you can select it from VPN Connections. To close a VPN connection, click Disconnect VPN.

GNOME Keyring Manager and Novell CASA

If you do not want to enter your credentials anew each time you want to connect to an encrypted network, you can use GNOME Keyring Manager to store your credentials encrypted on the disk, secured by a master password. Whenever any GNOME application that uses GNOME Keyring needs to access passwords or credentials stored there, a check is made if the keyring is locked or not. If it is locked, you will be prompted for the master password to unlock the keyring. For more information about GNOME Keyring Manager, refer to Section 2.4.4, “Managing Keyrings”.

Another option is to use single sign-on with Novell CASA. Single Sign-on is a method of access control that enables users to authenticate once and thus gain access to the resources of multiple software systems. If Novell CASA is configured for your system, NetworkManager will not ask for an additional password to unlock GNOME Keyring Manager. Instead, the keyring will be unlocked automatically when the users logs in to the desktop. For more information about Novell CASA, refer to Section 2.4.5, “Using Single Sign-on with Novell CASA”.