Re: SSID cloaking reducing WLAN security

We already had this discussion a few times. Actually, cloaking
decreases the potential of attack in most residential settings, where
there are several nearby access points with even less protection.
Search for "Low-Hanging Fruit" and you'll see what I mean. Most of
your WiFi abusers aren't sitting there with frequency counters looking
for access points that aren't broadcasting their SSIDs. Most are
looking for obvious, open access points.

Even when your non-broadcasting AP shows up on their passive scanner,
it shows up initially without the SSID, and it's usually easier to hop
on one that requires less effort.

That said, I advocate using WPA-Personal(PSK) on home networks, on top
of MAC address access control and SSID hiding. Cloaking your SSID
does not increase your risk of attack, however.

In a business setting, using SSID cloaking as your only line of
defense is goofy and foolhardy. New encryption systems or a
sandbox-VPN should always be used in those situations.


On 4/21/07, scott <redhowlingwolves@xxxxxxxxxxxxx> wrote:
If some form of unity was involved with the writing,and compatibility of
drivers,at least for most *nix servers....without having to resort to in
house compatibility testing,.....I believe the security of wireless
could be much improved.
Many people I know don't try to secure their wireless networks because
of cmp issues.....ie: no drivers from the NIC device makers that are
useable with the router they happen to be using!

I flipped out when I was told; "I talked to an IT guy and he said the
depencdenies for...such and such card...are too hard!!!"!?

Never mind that he could be the one taking advantage of your unsecured
router! (This was a Windows case,none the less.....)

Wireless,whether your SSID is broadcast or not,is inherently vulnerable
to outsiders.I say inherently,because it uses radio waves,....ask any
ham radio operator how they can manipulate radio waves any way they
choose....!Especially if you happen to be within their range!

Cloaking, just gives the possibility to potential attackers ,that there
could be something worth checking out!

IMHO
Regards,
Scott







--
http://www.focushacks.com/focushacks-gpg.txt - My GPG encryption key

Relevant Pages

  • Re: WPA-PSK audit
    ... There is one point to add to what you said, and is that once the attacker gets the authentication frames between the client and the AP the brute force attack is done off-line... ... The time it takes to crack the psk (if you do have ... SSID you are auditing is not in the top 1000 ssids from wiggle anyways ...
    (Pen-Test)
  • Re: WPA-PSK audit
    ... All of these tools use a dictionary attack ... The time it takes to crack the psk (if you do have ... SSID you are auditing is not in the top 1000 ssids from wiggle anyways ... authentication mechanism for enterprise networks. ...
    (Pen-Test)
  • Re: Router help please
    ... when a computer in this network communicates. ... it just means that SSID doesn't add ... Yes and no. Using the Deassocation Attack one can launch bruteforce ... Wikipedia even tells about a passive bruteforce search at the same ...
    (comp.security.firewalls)
  • Re: Wireless wep crackin on windows
    ... There is another method to find the key without trying to crack wep data, ... You can use Evil Twin access point attack. ... All the needed info (SSID, channel etc) for this attack can be provided by ...
    (Pen-Test)