Wireless Security
To broadcast or not broadcast, that is the question (SSIDs) Sep 04 2008 08:44PM
lister lihim org (4 replies)
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 04 2008 10:36PM
Jesse Gough (jesse_gough symantec com)
RE: To broadcast or not broadcast, that is the question (SSIDs) Sep 04 2008 10:23PM
Ed Carmody (ecarmody gmail com)
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 04 2008 10:12PM
Jorge L. Vazquez (jlvazquez825 gmail com)
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 04 2008 10:08PM
Joshua Wright (jwright hasborg com) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

lister (at) lihim (dot) org [email concealed] wrote:
> I know that turning off SSID broadcast doesn't buy you anything, but what
> is the impact if it is turned off?

I believe SSID cloaking effectively reduces your security, despite being
a PCI mandate. Here is an article I wrote about the topic last year:

http://www.networkworld.com/columnists/2007/030507-wireless-security.htm
l

Especially with XPSP3/WZC and Vista, having a cloaked SSID forces your
clients to ask every AP "Are you my mother?". An attacker can use this
information to impersonate your SSID, and to compromise the anonymity of
the AP's you've visited before (if I see you probing for "mccarren",
"hhonors" and "ShadyLady", I know you were at McCarren Airport, were too
cheap to stay on the strip (Hilton) and visited the Shady Lady while you
were in town.

When you do not cloak your SSID, your clients don't have to keep asking
if their AP is there; they will know by looking at a beacon frame.

- -Josh

p.s. I don't know if the Shady Lady has a wireless network or not. Really.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQIVAwUBSMBcTDWX3FIa1TkuAQIEIA/+PqTz1nTZNa6YUZeWI3APjdwpUYgMzMmh
pgoV+xpbvpdfYZo7q7WOs5Ulvg2Df5cUY0RNxkdoiqdEeGj5ZjzVjfviMgueDRz2
OL78AiV35ZDYc+cyf7akOcFh1y6CXbQEX0tHNTcCok7thl3cBS9XWL7Z8BhG+Mkf
BNTDqEk8H4W3IwZpSfkvtGV+tWB0tOkaYRcOZuavkiiff2PY5wMSFpc3qkcSXG8o
wjV4BmJLSfkjU/c1xgeohTT3OyDR22Y/skD/dZZmeri4VsLUe1uclXP8grRFW7UD
LmFX6lXRUBY83pta0fGRzEloA+6LNG4+3lHriZS5o9i3gb2W6xDH0mjKUbCdBfui
9Iai7rnkxq5c1V7F6BxhxfQ+5xMj4bM2PVWYvOBaeoqyoUZwpUiYXJrByWFRkV9h
a8hWwzoKeKxI4YAZN06xYBT86pCzKmRhLfFnk+cpx60/VVBgwmOOVW2znegKFwRh
SHIP/zhia8mMMFdqWpOCeACBAzVA30R60n+QSQwQFDuKW2XtJZdWuaI+L8ksPFOk
PLUcb/qQFusZ+LbPvVl85jFgvDpZpCN/QbKUce7WfeS3jk7CB+qmg1DYAnIjLw9Z
OQyaoQGnWr4iaXiejUhXg17UY+DzXjgpFZaRWQSRgXWj3WtK4ZDaZPaDnkhYc0rI
DvtMUETxY60=
=sqtd
-----END PGP SIGNATURE-----

[ reply ]
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 05 2008 01:15AM
Mark Hofman (mhofman shearwater com au)


 

Privacy Statement
Copyright 2010, SecurityFocus