Reply to Message
Can you provide some points regarding SSID broadcast?
Routers
The DSL modem is where I???ve been stung once and done some learning. The local line owner provides DSL highspeed along with there own client side router/modem. Updating the firmware trashed the modem configuration and dropped it back to default modem/router so it took the external IP and gave the internal network a 192.168.* IP. This does not work well when you have an internal router supporting a webserver while protecting the rest of the internal nodes. With the useless customer support phone jockey, I instead found the solution by internet search and started the ritual and prayers in the order that worked for others. I swear, one of the steps requires sacrificing a goat before that crap modem flips back into a blind pass-through bridge so the internal router can take the external IP.
I???m finding Linksys + ddWRT a great combination for providing more than factory default functions at less than enterprise commodity prices. The ability to configure the ???easy setup??? physical button as a Wifi radio toggle instead is fantastic; no guests in the office needing a wifi connection, great, turn it off easily. But that leads into your next point???
Wireless
???Yes, we can activate the wireless radio for when I???m here working (two wifi nodes) or when you???re using the mobile (owner???s monster of a personal/business notebook). We???re going to disable administration through wireless and from wired outside of the network though. We???re going to use MAC filtering to reduce the noise the router listens too. We???re going to set a good strong WPA2 key different from the router admin key; both will change regularity based on how long it takes to crack them. Lastly, here are all the visible and hidden Wifi in the area; that one is open, that one is open, that one would take an hour to make ???open???, that one is solid and here is yours also nice and solid.???
That was a fun meeting and setup. His router at home suddenly became more secure also after it.
This is an area of interest though so I have questions your article did not present answers to. Change the SSID is an obvious one. Router???s should ship with an empty SSID and ask ???what name should your wireless connection use (min 5 char), what passphrase will it be using (min 8 char).???
Here???s the question though. What is the advantage in not broadcasting SSID besides giving a false sense of security to the AP owner?
- SSID are as easily discovered regardless of if it???s broadcast or not. Casual users are going to see the SSID and, knowing it???s not there own, give up when it asks for a passphrase. Anyone who is going to do more than read it out of the ???available networks??? list is not even going to notice that it???s not broadcast.
- Clients connecting to an AP with a broadcast SSID know it???s supposed to broadcast so they listen for it rather than ask if it???s available. Clients connecting to an AP not broadcasting it???s SSID know it is ???hidden??? so they follow the protocol and constantly call out for it; ???Are you there? are you there now? Now? How about now????. Instead of the client node listening for the AP to come in range, it travels around town announcing ???hey, I connect to a network named ???blah??? which may or may not be in range but know you have a fish so go get your sonar and start looking.???
- The extra pulse of power the AP uses to broadcast the SSID (if any) is not going to be noticeable enough to effect office expenses.
It???s a business so the big sign out front is a bit of a give-away; they know your there and they can detect the wireless usually getting the SSID in the same frame. Is there a real security or operational advantage to not broadcasting the SSID?
AV software
Malware, Viruses and other things malicious developers should have there fingers broken and eyes gouged for allowing on public networks.
Your promotion of Norton and McAfee is a little suspect since a small business is probably not buying the enterprise versions (I hear they are actually well developed but I can???t confirm personally). AV is a must if you???re using any win32/win64 platforms though. I even included on other platforms just to spot anything which may get transferred to a Windows machine.
AV, Firewall, Malware active and manual scanners are all requirements of a modern OS. Most OS include a firewall of some sort though some need a third party product to do it right. All platforms have rootkits so Malware scanners are required and every platform needs to help Windows protect itself from malicious code.
Malware
Why distinguish. Malware is simply the next evolution of the Virus and Trogan classifications of the previous technological generation. If someone runs any code on my system beyond asking if the port is open; it???s malware which I will hunt down. If I could hunt down the developer and the shmuck that used it against my machine without authorization; I would with the technological equivalent of ???extreme prejudice???.
Anyhow, I???m curious to hear about SSID broadcast as the evidence I???ve found so far shows it to be a myth of safer security by obscurity rather than a true security mechanism.
The DSL modem is where I???ve been stung once and done some learning. The local line owner provides DSL highspeed along with there own client side router/modem. Updating the firmware trashed the modem configuration and dropped it back to default modem/router so it took the external IP and gave the internal network a 192.168.* IP. This does not work well when you have an internal router supporting a webserver while protecting the rest of the internal nodes. With the useless customer support phone jockey, I instead found the solution by internet search and started the ritual and prayers in the order that worked for others. I swear, one of the steps requires sacrificing a goat before that crap modem flips back into a blind pass-through bridge so the internal router can take the external IP.
I???m finding Linksys + ddWRT a great combination for providing more than factory default functions at less than enterprise commodity prices. The ability to configure the ???easy setup??? physical button as a Wifi radio toggle instead is fantastic; no guests in the office needing a wifi connection, great, turn it off easily. But that leads into your next point???
Wireless
???Yes, we can activate the wireless radio for when I???m here working (two wifi nodes) or when you???re using the mobile (owner???s monster of a personal/business notebook). We???re going to disable administration through wireless and from wired outside of the network though. We???re going to use MAC filtering to reduce the noise the router listens too. We???re going to set a good strong WPA2 key different from the router admin key; both will change regularity based on how long it takes to crack them. Lastly, here are all the visible and hidden Wifi in the area; that one is open, that one is open, that one would take an hour to make ???open???, that one is solid and here is yours also nice and solid.???
That was a fun meeting and setup. His router at home suddenly became more secure also after it.
This is an area of interest though so I have questions your article did not present answers to. Change the SSID is an obvious one. Router???s should ship with an empty SSID and ask ???what name should your wireless connection use (min 5 char), what passphrase will it be using (min 8 char).???
Here???s the question though. What is the advantage in not broadcasting SSID besides giving a false sense of security to the AP owner?
- SSID are as easily discovered regardless of if it???s broadcast or not. Casual users are going to see the SSID and, knowing it???s not there own, give up when it asks for a passphrase. Anyone who is going to do more than read it out of the ???available networks??? list is not even going to notice that it???s not broadcast.
- Clients connecting to an AP with a broadcast SSID know it???s supposed to broadcast so they listen for it rather than ask if it???s available. Clients connecting to an AP not broadcasting it???s SSID know it is ???hidden??? so they follow the protocol and constantly call out for it; ???Are you there? are you there now? Now? How about now????. Instead of the client node listening for the AP to come in range, it travels around town announcing ???hey, I connect to a network named ???blah??? which may or may not be in range but know you have a fish so go get your sonar and start looking.???
- The extra pulse of power the AP uses to broadcast the SSID (if any) is not going to be noticeable enough to effect office expenses.
It???s a business so the big sign out front is a bit of a give-away; they know your there and they can detect the wireless usually getting the SSID in the same frame. Is there a real security or operational advantage to not broadcasting the SSID?
AV software
Malware, Viruses and other things malicious developers should have there fingers broken and eyes gouged for allowing on public networks.
Your promotion of Norton and McAfee is a little suspect since a small business is probably not buying the enterprise versions (I hear they are actually well developed but I can???t confirm personally). AV is a must if you???re using any win32/win64 platforms though. I even included on other platforms just to spot anything which may get transferred to a Windows machine.
AV, Firewall, Malware active and manual scanners are all requirements of a modern OS. Most OS include a firewall of some sort though some need a third party product to do it right. All platforms have rootkits so Malware scanners are required and every platform needs to help Windows protect itself from malicious code.
Malware
Why distinguish. Malware is simply the next evolution of the Virus and Trogan classifications of the previous technological generation. If someone runs any code on my system beyond asking if the port is open; it???s malware which I will hunt down. If I could hunt down the developer and the shmuck that used it against my machine without authorization; I would with the technological equivalent of ???extreme prejudice???.
Anyhow, I???m curious to hear about SSID broadcast as the evidence I???ve found so far shows it to be a myth of safer security by obscurity rather than a true security mechanism.
Posted by Neon Samurai
7th Jul 2008
