On Mon, Apr 25, 2011 at 4:13 PM, Richard Kaye <rk...@artfact.com> wrote:
> The SSID is like a user name and the key is the password. I think even that metaphor gives SSID's too large a role in security. You don't walk around with your username on your nametag (well, at least I don't) so it's somewhat of a "secret" even though it's a weak one, RKaye. The SSID is easily readable in cleartext by any packet sniffer whether you are broadcasting it or not. The only thing disabling the SSID broadcast does is remove the SSID name from the GUI of a user trying to log in. These folks can be stumped by a six-letter password consisting of your dog's name. These aren't the people you need to be worried about. To quote Wikipedia, "Unfortunately, turning off the broadcast of the SSID may lead to a false sense of security. The method discourages only casual wireless snooping, but does not stop a person trying to attack the network.[2]" "It is not secure against determined crackers, because every time someone connects to the network, the SSID is transmitted in cleartext even if the wireless connection is otherwise encrypted. An eavesdropper can passively sniff the wireless traffic on that network undetected (with software like Kismet), and wait for someone to connect, revealing the SSID. Alternatively, there are faster (albeit detectable) methods where a cracker spoofs a "disassociate frame" as if it came from the wireless bridge, and sends it to one of the clients connected; the client immediately re-connects, revealing the SSID.[3] "As disabling SSID does not offer protection against determined crackers, proven security methods should be used such as requiring 802.11i/WPA2.[4]" http://en.wikipedia.org/wiki/Service_set_%28802.11_network%29 -- (Not picking on you, Richard, just replying to the end of the thread. No harm.) Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/banlktimf0fe8wkvuqzhbgyocggma6_c...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.