Issues with SSID cloaking - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Wireless & Mobile

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Q&A: Firetide CEO Bo Larsson. Listen now!

Network World Panorama

Wireless mesh standard gets boost; New BlackBerry debuts. Listen now!

Network World 360

Additional Resources

RSS

FEATURED WHITEPAPERS

Endpoint Security: Data Protection for IT, Freedom for Laptop Users Absolute Software

The movement towards laptop computers has fueled an unprecedented number of data breaches. For IT and Information Security, encryption and training has proven ineffective against careless users and insider threats. This paper discusses these limitations and explains how endpoint security allows remote deletion of sensitive data, tracking of computers outside the network and the physical recovery of missing computers. Learn how you can ensure mobile data protection regardless of end-user interference.

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Learn how to Create a More Efficient Virtualized Data Center Novell

Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

Didn't you do any research about the indictment? She's being tried for violating the Myspace terms of...- Anonymous

Join the Discussion

Issues with SSID cloaking

Wireless Security By Joshua Wright , Network World , 03/05/2007
  • Social Web 
  • Email 
  • Feedback 
  • Close

Are there any pitfalls to using SSID cloaking?

Many organizations use SSID cloaking as a mechanism to add a layer of security to the WLAN. This technique requires that all users have knowledge of the SSID to connect to the wireless network. While this is commonly viewed as a mechanism to improve the security of the WLAN and is a recommended best-practice by the PCI Data Security Standard, it can reduce the effective security of the WLAN.

False Sense of Security

Early wireless network deployments relied on SSID cloaking as a mechanism to prevent unauthorized users from accessing the wireless network. Even though this was never intended to be used as an authentication mechanism, some organizations have adopted cryptic SSID's that are distributed as shared secrets. Tools such as ESSID-Jack and Kismet observe and report the SSID from legitimate stations, allowing attackers to deduce the SSID and easily bypass the intended security mechanism.

Confused Users

When the network SSID is cloaked, users will be unable to consult the list of available wireless networks for the WLAN. This could prompt users to select other networks which could expose vulnerable clients, or even be construed as computer trespass in some US states.

Exposure to AP Impersonation Attacks

Attack tools such as KARMA take advantage of the WLAN probing techniques used by wireless clients. When a station probes for a WLAN in their preferred network list (PNL), the station discloses the SSID to a listening attacker. The KARMA attack uses the disclosed SSID to impersonate a legitimate WLAN, luring the station to the attacker.

With the Windows XP SP2 wireless client update hotfix described in KB917021, Windows workstations change the behavior of how they probe for wireless networks. Users and administrators can now mark an entry in the PNL as "nonbroadcast". When the "Connect even if this network is not broadcasting" option is not selected, the station will not disclose the SSID information when probing for a network, mitigating the KARMA attack. In order for the station to identify the availability of the network however, the AP must have the SSID cloaking feature disabled. If the AP does cloak the SSID, the station must revert to the active network probing mechanism, making SSID cloaking the less-secure option.

1 | 2 |  Next >
Comments (2)
Login
Forgot your account info?

SSID cloaking doesn't add really add securityBy katebush on March 16, 2007, 9:29 amEven when the AP/Wireless Router doesn't specify the SSID in its beacon packets, the SSID is published in Probe Request/Response exchange, so anyone with a wireless...

Reply | Read entire comment

SSID questionsBy Anonymous on March 6, 2007, 2:51 amA couple of questions: 1) Correct me if I'm wrong here, but isn't the SSID, when not cloaked, picked up anyways? What's to stop an exploit from picking up the...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code