Sure it can hurt. I found out the hard way that a default vista setup wont connect to an ap with a hidden ssid. I know that can be changed but no sense hiding the SSID if it creates problems and give no security gains.
Clients also seem to authenticate way faster if the SSID is broadcast. From: Joe Fox [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2008 11:01 AM To: NT System Admin Issues Subject: Re: HIPPA and wireless Ok, so I missed that thread. I already had advised Shook to use the highest level of encryption afforded by the device in my followup and in my original post said that most devices support WPA2. If you're using the highest level of encryption afforded by the device, in this case WPA2, then hiding the SSID can't hurt. In George Ou's articles on ZDNet, when he was referring to hiding SSID's as a security measure, I believe that he was referring to using that as your only security measure, without any type of encryption (read as "Open Network"). Same goes for MAC address filtering - not effective if there is no encryption is involved. As far as LEAP being useless, it is only useless when combined with weak passwords. Since we were using Cisco ACS to hook into AD, our password policy required strong passwords, with a very aggressive password expiration and history policy. Hopefully this clears up any confusion that may have been in my initial responses. -Joe On Wed, Jul 9, 2008 at 10:10 AM, Phillip Partipilo <[EMAIL PROTECTED]> wrote: Sidenote, it was recently talked about here that hiding the SSID is worthless. I'm too lazy to search back thru my emails but somebody posted a link to iirc a zdnet hosted article that listed a list of the top wifi security fallacies, where mac filtering was #1, and hiding ssid was on that list too. On Jul 9, 2008, at 10:01 AM, Joe Fox wrote: That should do the trick. Just make sure that you are using the highest level of encryption afforded by the devices. Also take all the other necessary precautions, hidding the SSID, turning off beaconing, etc. Of course this means that you'll have to manually configure the wireless on each workstation, but that can just means more hours that can be billed for, and that can't be all bad ;) -Joe On Wed, Jul 9, 2008 at 9:51 AM, Andy Shook <[EMAIL PROTECTED]> wrote: Nice but I don't need anything that sexy. I'm talking single Linksys wireless "router" and wireless NICs doing WPA2 or something; would that be cool? Shook ________________________________ From: Joe Fox [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2008 9:46 AM To: NT System Admin Issues Subject: Re: HIPPA and wireless -- Joe Fox Systems/Network Administrator Mobile# (716) 846-9308 http://www.linkedin.com/in/josephfoxjr The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient be advised that any unauthorized use, disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone at 716-846-9308 or by return e-mail. ________________________________ If this email is spam, report it here: http://www.OnlyMyEmail.com/ReportSpam <http://www.onlymyemail.com/view/?action=reportSpam&Id=ODEzNjQ6Njg1MjEyN DMzOnBqcEBwc25ldC5jb20%3D> -- Joe Fox Systems/Network Administrator Mobile# (716) 846-9308 http://www.linkedin.com/in/josephfoxjr The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient be advised that any unauthorized use, disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone at 716-846-9308 or by return e-mail. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
