Educause Security Discussion mailing list archives
Re: Wireless SSIDs (was Re: WEP)
From: Information Security <infosecurity () UTPA EDU>
Date: Wed, 13 Jul 2005 10:04:23 -0500
Jeff Kell wrote:
Christopher E. Cramer wrote:Regarding access control, it seemed to us that a "shared secret" between the 30,000+ people at the institution, wasn't much of a secret and so the access control capability wasn't too useful.On a more fundamental level, how do you have SSIDs setup? * Do you have separate SSIDs for "public", "student", "fac/staff", etc? * Do you broadcast all of them, or just certain ones. * How do you disseminate information about non-broadcast SSIDs to users? * Do you periodically change SSIDs of non-broadcast domains? We are currently debating this issue, haven't gotten around to encryption yet, but it is obviously on the table. Granted that a "shared secret" or a "private SSID" between numerous users is hardly a secret, but if you broadcast, isn't that somewhat akin to an open door?
Only if you treat SSID as an authentication mechanism, which it isn't. You need one of the auth mechanisms already discussed in this thread (or a captive portal, which no-one has mentioned yet). SSIDs will leak. Even hidden ones. They have no value whatsoever, except perhaps for user-level selection of the desired service group when you don't have the facilities to allocate them to one automatically. My preference is for captive portal and application-level encryption (https, ssh etc), although we are implementing a wireless infrastructure right now and it will also support WPA (I hope v2, I'm still waiting to hear from the vendor) and 802.11x G
Current thread:
- Re: Wireless SSIDs (was Re: WEP) Jeff Kell (Jul 13)
- <Possible follow-ups>
- Re: Wireless SSIDs (was Re: WEP) Willis Marti (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Information Security (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Information Security (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Willis Marti (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Christopher E. Cramer (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Dean De Beer (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Koerber, Jeff (Jul 15)
- Re: Wireless SSIDs (was Re: WEP) Mark S. Bruhn (Jul 15)
- Re: Wireless SSIDs (was Re: WEP) Dean De Beer (Jul 15)
- Re: Wireless SSIDs (was Re: WEP) Jeff Kell (Jul 15)
- Re: Wireless SSIDs (was Re: WEP) Koerber, Jeff (Jul 18)