PITFALLS TO SSID CLOAKING

7. April 2007, 18:07 | by WD Milner | Full Article |

Service Set Identification (SSID) cloaking has been frequently used as a method to add another layer of security to wireless LANs. While commonly considered a means to improve security, and indeed a recommended best-practice, it can in many cases actually reduce the effective security of the network.

SSID cloaking requires that all users have knowledge of the SSID for the network before they can connect, thus preventing, at least theoretically, unauthorized users from accessing the network. While never intended as an authentication system, some organisations utilize cryptic SSIDs and distribute them as a "shared secret", similar to a master-secondary dual password system.

Unfortuantely there are numerous network tools, such as Kismet, that can monitor and report the SSID from legitimate nodes, permitting a potential attacker to deduce the SSID from the data and thus bypass security.

Additionally, tools such as KARMA rely on the fact that the wireless client probes for the network and then captures the SSID and impersonates a valid network access point. While clients can be set to connect even when the network is not broadcasting, if the network access point is cloaking the SSID, then the client must revert to probing the network to connect, once again bypassing security.

When SSID cloaking is used, network users are unable to consult a list of available access points for the wireless LAN. This may lead some users to inadvertently connect to other networks exposing vulnerable clients and thus compromising security. In some jurisdictions such intrusion might even be viewed as electronic trespass.

While SSID seeems like an attractive method to aid in bolstering the security of wirelss network access, it can be seen that it can also significantly reduce the overall security of the network potentially more than permitting SSID broadcasts.

- 30 -

Categories: ,
Keywords: WLAN,SSID,wireless,WAP,LAN,security,cloaking

Comments


 



Textile help
 
* Indicates a required field.

As a SPAM prevention measure, comments are moderated and will be posted once vetted.

 

Article & Comments


Comments are not enabled for all articles or documents.

Article Navigation
|

Categories

Business
Communications
Electronics
Entertainment
Environment
Government
Internet and WWW
Miscellany
Music and Audio
News
Photography
Privacy
Psychology
Security
Society and Culture
Stage and Screen
Technology
Theology
Tips and Tricks
Web Design
Web Site


The Birches - Milner.ca Support Child Safety Online

 

 
 
 Help to FIGHT spam!
 • 
  •
•••