- Worst of the lot: PCConnection and PCMall
- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Cisco loses $2 million order to Nortel
- Enterasys, Extreme hooking up?
Rss FeedQ&A: Firetide CEO Bo Larsson. Listen now!
Wireless mesh standard gets boost; New BlackBerry debuts. Listen now!
The movement towards laptop computers has fueled an unprecedented number of data breaches. For IT and Information Security, encryption and training has proven ineffective against careless users and insider threats. This paper discusses these limitations and explains how endpoint security allows remote deletion of sensitive data, tracking of computers outside the network and the physical recovery of missing computers. Learn how you can ensure mobile data protection regardless of end-user interference.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
Didn't you do any research about the indictment? She's being tried for violating the Myspace terms of...- Anonymous
Are there any pitfalls to using SSID cloaking?
Many organizations use SSID cloaking as a mechanism to add a layer of security to the WLAN. This technique requires that all users have knowledge of the SSID to connect to the wireless network. While this is commonly viewed as a mechanism to improve the security of the WLAN and is a recommended best-practice by the PCI Data Security Standard, it can reduce the effective security of the WLAN.
Early wireless network deployments relied on SSID cloaking as a mechanism to prevent unauthorized users from accessing the wireless network. Even though this was never intended to be used as an authentication mechanism, some organizations have adopted cryptic SSID's that are distributed as shared secrets. Tools such as ESSID-Jack and Kismet observe and report the SSID from legitimate stations, allowing attackers to deduce the SSID and easily bypass the intended security mechanism.
When the network SSID is cloaked, users will be unable to consult the list of available wireless networks for the WLAN. This could prompt users to select other networks which could expose vulnerable clients, or even be construed as computer trespass in some US states.
Attack tools such as KARMA take advantage of the WLAN probing techniques used by wireless clients. When a station probes for a WLAN in their preferred network list (PNL), the station discloses the SSID to a listening attacker. The KARMA attack uses the disclosed SSID to impersonate a legitimate WLAN, luring the station to the attacker.
With the Windows XP SP2 wireless client update hotfix described in KB917021, Windows workstations change the behavior of how they probe for wireless networks. Users and administrators can now mark an entry in the PNL as "nonbroadcast". When the "Connect even if this network is not broadcasting" option is not selected, the station will not disclose the SSID information when probing for a network, mitigating the KARMA attack. In order for the station to identify the availability of the network however, the AP must have the SSID cloaking feature disabled. If the AP does cloak the SSID, the station must revert to the active network probing mechanism, making SSID cloaking the less-secure option.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
SSID cloaking doesn't add really add securityBy katebush on March 16, 2007, 9:29 amEven when the AP/Wireless Router doesn't specify the SSID in its beacon packets, the SSID is published in Probe Request/Response exchange, so anyone with a wireless...
Reply | Read entire comment
SSID questionsBy Anonymous on March 6, 2007, 2:51 amA couple of questions: 1) Correct me if I'm wrong here, but isn't the SSID, when not cloaked, picked up anyways? What's to stop an exploit from picking up the...
Reply | Read entire comment
View all comments