Security Basics mailing list archives
RE: Dumb question abt. Wireless WEP security
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Mon, 26 Jan 2004 13:50:45 -0800
<SNIP>
customer (SMB/SOHO) locations we used normal WiFi gear. We used MAC control, disabled the broadcasting of the SSID and enabled WEP and
that
was a good 'secure by default' solution. The attacker would need to guess the SSID,
<SNIP>
This is not the best way to go, as for the SSID hiding. Someone posted
a
paper on this fact at the following link that resumes well why it is
not a
good thing to disable it. In short, disabling the broadcast just ends
up
adding the SSID to more packets "in transit".
In our cases we were not worried about the 'limited' increase in traffic and slight performance degradation, i.e. 5 people using the network for web and email. The attack used to gain the SSID is more sophisticated then most other wireless attacks, and as of yet I haven't seen software that can do it for you seaming it requires an active session to spoof/fake. Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- RE: Dumb question abt. Wireless WEP security, (continued)
- RE: Dumb question abt. Wireless WEP security Michael P. Kassner (Jan 22)
- Re: Dumb question abt. Wireless WEP security Greg Tracy (Jan 22)
- Re: Dumb question abt. Wireless WEP security Steve Frank (Jan 20)
- RE: Dumb question abt. Wireless WEP security Sarbjit Singh Gill (Jan 21)
- RE: Dumb question abt. Wireless WEP security jburzenski (Jan 20)
- RE: Dumb question abt. Wireless WEP security Rosenhan, David (Jan 20)
- RE: Dumb question abt. Wireless WEP security Giraldo Alonso Suárez (Jan 22)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 22)
- Re: Dumb question abt. Wireless WEP security crtech (Jan 26)
- RE: Dumb question abt. Wireless WEP security Bruyere, Michel (Jan 26)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 26)