Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: SSID cloaking reducing WLAN security

From: levinson_k () securityadmin info
Date: 7 Mar 2007 23:24:52 -0000
Beware of any security statements that use the word "always" or "never."  Security countermeasures are usually not 
always good or always bad for all environments, e.g. home users, corporations, governments, etc.

Hiding your SSID could in theory pique the interest of some attackers (if a skilled wireless hacker just happens to be 
a few dozen feet from your house, for example), but that isn't the same thing as saying it REDUCES your security.  
Either your wireless is secure, or it isn't.  A determined attacker is going to get into an insecure wireless setup 
whether or not SSID is broadcast.

Using a firewall could also arguably show you have something worth protecting.  Nowadays, so many people with no data 
of value use firewalls and disable SSID broadcast, and so many people with something of great value do not, that trying 
to deduce the value of the data from SSID broadcasts is not very useful, and is not really something attackers do.

Broadcasting your SSID could also increase some kinds of risks, by attracting the interest of casual attackers.  Since 
broadcasting and not broadcasting SSID can both increase and decrease different kinds of risks, which one decreases 
your total risk more?  That really depends on the individual situation.

The same arguments have been made as to why disabling software banners like FTP banners, and "security through 
obscurity," are both supposedly worse than useless.  Neither of these is universally true.  These countermeasures do 
little to deter a determined attacker or automated scans that attack without checking first for vulnerabilities, but 
that doesn't make them useless.  These things do help to prevent some casual attackers looking for low-hanging fruit, 
and with so many casual attackers out there, this is usually a useful benefit.  Most home users can remain secure 
enough simply by making sure they aren't the low hanging fruit, that their systems are more secure than those of their 
neighbors.

RE: the statement about manipulating radio waves, it is commonly accepted that compromising the confidentiality or 
integrity of wireless connections using IPSec VPN and/or WPA2 is non-trivial.  At which point, enabling SSID broadcast 
doesn't really improve your security, and disabling it certainly does not weaken it.  (Of course, none of these do much 
to protect the availability of wireless against DoS attacks.)

kind regards,
Karl Levinson
http://securityadmin.info
Previous By Date Next
Previous By Thread Next

Current thread: