Protected WLAN
Marko Vojinovic
vvmarko at gmail.com
Fri May 20 09:07:11 UTC 2011
On Friday 20 May 2011 05:30:11 JD wrote:
> On 05/19/11 21:14, Tim wrote:
> > On Fri, 2011-05-20 at 12:19 +0900, Misha Shnurapet wrote:
> >> Nope, if you're a plain user like me using an applet to "scan" you'll
> >> only see what's broadcast.
> >
> > Nope, depending on your client, you'll see them all. Even Windows did
> > that. You'd see a list of *all* transmitting access points, and the
> > ones with the so-called hidden SSID listed as "unnamed."
> >
> > It really is bogus advice to hide it.
> >
> > 1. Clueless user follows bogus advice, falsely believes it makes
> > them safer.
> >
> > 2. Clueless user, then, finds things that they want to connect to
> > their WLAN, now, won't connect.
> >
> > 3. Clueless user has to ask for help.
> > 4. Wastes all our time.
> > 5. Slightly clueful user, now, starts to broadcast their SSID and
> > everything works fine.
> >
> > 6. Or, pigheaded clueless user continues to hide their SSID, and
> > continues to fight with WLAN and mailing list...
>
> Tim, your points are way too generalized.
> No one said not broadcasting alone will make you
> safer. It is advised as part of the larger defense
> scheme
That is a very bad advice. Hiding SSID has *nothing* to do with any security,
and suggesting that it does is just a mirage, giving a casual reader a false
sense of security. It (a) breaks regular WLAN functionality and (b) gains
absolutely nothing in terms of security. Such a setup can be useful only if
you intentionaly want to break the regular functionality of your wireless
network. There are some scenarios where that might be useful, but none of them
have anything to do with security.
If you want to secure a wireless network, implement wpa2-psk/aes and use
strong passphrases for everything. That is the *only* thing that makes your
wlan reasonably secure. But hiding SSID, filtering MAC addresses, is just
useless in terms of security.
I believe that was Tim's point as well.
> of choosing a strong protocol, a strong encryption
> scheme, a 63 byte string, preferably random if user can
> work with it, ...etc ...etc.
> You keep harping about a point that is just one of several
> to help individuals be as safe as possible, while keeping
> things manageable.
Tim is not harping, he is just trying to point out (as I did) that it is *not*
one of the several things to help individuals be as safe as possible. It gains
exactly *zero* in terms of wireless security.
If you think that hiding SSID will help with security, you might as well add
that hanging a pack of onions in front of the house will also help make your
wireless more secure (in case of a vampire hacker attack, I guess :-) ). It is
advice of the same quality, securitywise. Iow, an urban legend (or a rural
one, depending on your preference ;-) ).
> You proceed on the assumption that
> everyone who wants to connect to your wlan is a savvy
> hacker with the right tools.
> I do not think that that is the case.
Those without the right tools will not be able to break in, even if you have
only a stupid plaintext password security implemented. Those with the right
tools (even incompetent idiots with the right tools, aka script-kiddies) will
not even notice that your SSID is hidden, because the tools just don't make
the difference between hidden and public.
Anyway, I believe both Tim and I have made our point for the readers of this
thread who wish to hear and understand. If you still think it's a good idea,
go ahead. Everyone is allowed to dream as they like, there's no point in
repeating "it's not real, it's not real" to a determined dreamer... ;-)
Best, :-)
Marko
More information about the users
mailing list