7. April 2007, 18:07 | by WD Milner | Full Article |

Service Set Identification (SSID) cloaking has been frequently used as a method to add another layer of security to wireless LANs. While commonly considered a means to improve security, and indeed a recommended best-practice, it can in many cases actually reduce the effective security of the network.

SSID cloaking requires that all users have knowledge of the SSID for the network before they can connect, thus preventing, at least theoretically, unauthorized users from accessing the network. While never intended as an authentication system, some organisations utilize cryptic SSIDs and distribute them as a "shared secret", similar to a master-secondary dual password system.

Unfortuantely there are numerous network tools, such as Kismet, that can monitor and report the SSID from legitimate nodes, permitting a potential attacker to deduce the SSID from the data and thus bypass security.

Additionally, tools such as KARMA rely on the fact that the wireless client probes for the network and then captures the SSID and impersonates a valid network access point. While clients can be set to connect even when the network is not broadcasting, if the network access point is cloaking the SSID, then the client must revert to probing the network to connect, once again bypassing security.

When SSID cloaking is used, network users are unable to consult a list of available access points for the wireless LAN. This may lead some users to inadvertently connect to other networks exposing vulnerable clients and thus compromising security. In some jurisdictions such intrusion might even be viewed as electronic trespass.

While SSID seeems like an attractive method to aid in bolstering the security of wirelss network access, it can be seen that it can also significantly reduce the overall security of the network potentially more than permitting SSID broadcasts.

- 30 -

Categories: ,
Keywords: WLAN,SSID,wireless,WAP,LAN,security,cloaking



Textile help
* Indicates a required field.

As a SPAM prevention measure, comments are moderated and will be posted once vetted.


Article & Comments

Comments are not enabled for all articles or documents.

Article Navigation


Internet and WWW
Music and Audio
Society and Culture
Stage and Screen
Tips and Tricks
Web Design
Web Site

The Birches - Milner.ca Support Child Safety Online


 Help to FIGHT spam!