Wireless Security
To broadcast or not broadcast, that is the question (SSIDs) Sep 04 2008 08:44PM
lister lihim org (4 replies)
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 04 2008 10:36PM
Jesse Gough (jesse_gough symantec com)
RE: To broadcast or not broadcast, that is the question (SSIDs) Sep 04 2008 10:23PM
Ed Carmody (ecarmody gmail com)
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 04 2008 10:12PM
Jorge L. Vazquez (jlvazquez825 gmail com)
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 04 2008 10:08PM
Joshua Wright (jwright hasborg com) (1 replies)
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 05 2008 01:15AM
Mark Hofman (mhofman shearwater com au)
The next PCI update, which will be active as of 1 October, drops this
requirement for this exact reason.
Not broadcasting the SSID doesn't improve security.

Mark

On 05/09/2008, at 08:08 , Joshua Wright wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> lister (at) lihim (dot) org [email concealed] wrote:
>> I know that turning off SSID broadcast doesn't buy you anything,
>> but what
>> is the impact if it is turned off?
>
> I believe SSID cloaking effectively reduces your security, despite
> being
> a PCI mandate. Here is an article I wrote about the topic last year:
>
> http://www.networkworld.com/columnists/2007/030507-wireless-security.htm
l
>
> Especially with XPSP3/WZC and Vista, having a cloaked SSID forces your
> clients to ask every AP "Are you my mother?". An attacker can use
> this
> information to impersonate your SSID, and to compromise the
> anonymity of
> the AP's you've visited before (if I see you probing for "mccarren",
> "hhonors" and "ShadyLady", I know you were at McCarren Airport, were
> too
> cheap to stay on the strip (Hilton) and visited the Shady Lady while
> you
> were in town.
>
> When you do not cloak your SSID, your clients don't have to keep
> asking
> if their AP is there; they will know by looking at a beacon frame.
>
> - -Josh
>
> p.s. I don't know if the Shady Lady has a wireless network or not.
> Really.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
> iQIVAwUBSMBcTDWX3FIa1TkuAQIEIA/+PqTz1nTZNa6YUZeWI3APjdwpUYgMzMmh
> pgoV+xpbvpdfYZo7q7WOs5Ulvg2Df5cUY0RNxkdoiqdEeGj5ZjzVjfviMgueDRz2
> OL78AiV35ZDYc+cyf7akOcFh1y6CXbQEX0tHNTcCok7thl3cBS9XWL7Z8BhG+Mkf
> BNTDqEk8H4W3IwZpSfkvtGV+tWB0tOkaYRcOZuavkiiff2PY5wMSFpc3qkcSXG8o
> wjV4BmJLSfkjU/c1xgeohTT3OyDR22Y/skD/dZZmeri4VsLUe1uclXP8grRFW7UD
> LmFX6lXRUBY83pta0fGRzEloA+6LNG4+3lHriZS5o9i3gb2W6xDH0mjKUbCdBfui
> 9Iai7rnkxq5c1V7F6BxhxfQ+5xMj4bM2PVWYvOBaeoqyoUZwpUiYXJrByWFRkV9h
> a8hWwzoKeKxI4YAZN06xYBT86pCzKmRhLfFnk+cpx60/VVBgwmOOVW2znegKFwRh
> SHIP/zhia8mMMFdqWpOCeACBAzVA30R60n+QSQwQFDuKW2XtJZdWuaI+L8ksPFOk
> PLUcb/qQFusZ+LbPvVl85jFgvDpZpCN/QbKUce7WfeS3jk7CB+qmg1DYAnIjLw9Z
> OQyaoQGnWr4iaXiejUhXg17UY+DzXjgpFZaRWQSRgXWj3WtK4ZDaZPaDnkhYc0rI
> DvtMUETxY60=
> =sqtd
> -----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus