mailing list archives
Re: Re: SSID cloaking reducing WLAN security
From: levinson_k () securityadmin info
Date: 7 Mar 2007 23:24:52 -0000
Beware of any security statements that use the word "always" or "never." Security countermeasures are usually not
always good or always bad for all environments, e.g. home users, corporations, governments, etc.
Hiding your SSID could in theory pique the interest of some attackers (if a skilled wireless hacker just happens to be
a few dozen feet from your house, for example), but that isn't the same thing as saying it REDUCES your security.
Either your wireless is secure, or it isn't. A determined attacker is going to get into an insecure wireless setup
whether or not SSID is broadcast.
Using a firewall could also arguably show you have something worth protecting. Nowadays, so many people with no data
of value use firewalls and disable SSID broadcast, and so many people with something of great value do not, that trying
to deduce the value of the data from SSID broadcasts is not very useful, and is not really something attackers do.
Broadcasting your SSID could also increase some kinds of risks, by attracting the interest of casual attackers. Since
broadcasting and not broadcasting SSID can both increase and decrease different kinds of risks, which one decreases
your total risk more? That really depends on the individual situation.
The same arguments have been made as to why disabling software banners like FTP banners, and "security through
obscurity," are both supposedly worse than useless. Neither of these is universally true. These countermeasures do
little to deter a determined attacker or automated scans that attack without checking first for vulnerabilities, but
that doesn't make them useless. These things do help to prevent some casual attackers looking for low-hanging fruit,
and with so many casual attackers out there, this is usually a useful benefit. Most home users can remain secure
enough simply by making sure they aren't the low hanging fruit, that their systems are more secure than those of their
RE: the statement about manipulating radio waves, it is commonly accepted that compromising the confidentiality or
integrity of wireless connections using IPSec VPN and/or WPA2 is non-trivial. At which point, enabling SSID broadcast
doesn't really improve your security, and disabling it certainly does not weaken it. (Of course, none of these do much
to protect the availability of wireless against DoS attacks.)