Newbie question regarding SSID

This a snippet of text I pcked up regarding SSID

1. SSID Broadcast: DISABLE SSID (Service Set Identification) is a wireless broadcast network name, akin to a porch light. It allows your (and others) to home in on your specific address and start receiving data. SSID broadcast has some demonstrated vulnerabilities, and it is an increasingly secure option to disable it.

Tip: for best results configure your router to broadcast the SSID, configure your wireless computers to authenticate themselves to the network for the first time; then disable SSID broadcast.

1. SSID Name: change from default Most routers ship with a default SSID name, usually the highly imaginative 'default'. Change away from it, and use something that is unique. It prevents other users on other networks from erroneously trying to connect to your network (even if they are unsuccessful you still shouldn't have to be bothered with the incessant knocking on your router).

HTH

Harry

The author was surely writting about hidden SSIDs. Normally the SSID is transmitted by the AP about 10 times a second adn everyone can read it. With the hidden SSID feature on the boadcasted pakets do not contain the SSID. A client need to know the SSID to connect to the AP. But don't think it's secure: the SSID is transmited when you connect to the AP and can be read by everyone.

Thomas

Thanks for taking the time to reply everyone. I will be back soon with other questions I'm sure!.

Regards, Roy

I very new to networking and I am having trouble getting my two computers to work together. My first question relates to SSID. I saw this information on a web site. (Apologies to the author as I can't remember the address). Quote:

"To improve the security of your home wireless network pick an SSID that contains both letters and numbers.

Do choose a name as long or nearly as long as the maximum length allowed"

My question is why all the secrecy. My other computer sees the SSID and displays it. If my computer can do this I assume others can too. Unless of course I have missed the point!. Any help would be appreciated.

Regards,

Roy.

The advice you quoted applies to WEP keys, not to SSIDs. You should give your wireless network a unique SSID that distinguishes it from other networks in the area, but there is *no* security advantage to a long or complicated SSID. An SSID -- long or short, hidden or open -- can quickly be seen by anybody with a wireless networking card and easily available software.

The only real security for wireless networks is encryption -- WEP, WPA, VPN, etc. All the other things -- MAC filtering, SSID hiding, etc -- are placebos.

How is MAC Filtering a placebo? I though it allows you to prevent other devices from connecting to your router? That seems pretty secure to me.

Or is their a way to spoof a MAC address? It that what makes it a placebo?

Id be interested to learn more....

cheers

Harry

Taking a moment's reflection, Harry mused: | | This a snippet of text I pcked up regarding SSID | | 1. SSID Broadcast: DISABLE | SSID (Service Set Identification) is a wireless broadcast network | name, akin to a porch light. It allows your (and others) to home in on | your specific address and start receiving data. SSID broadcast has | some demonstrated vulnerabilities, and it is an increasingly secure | option to disable it.

This is a false sense of security. Disabling it only serves to put your WLAN outside of 802.11x spec. The SSID, like the MAC Address, is sent with every wireless packet and is not encrypted. So, anyone with the ability to hack your network can sniff the packets originating from your network, and detect your SSID whether broadcast or not. SSID Broadcast disabling adds nothing to security.

Taking a moment's reflection, Harry mused: | | How is MAC Filtering a placebo? I though it allows you to prevent | other devices from connecting to your router? That seems pretty secure | to me.

It will keep the casual attempt from connecting ... but so will WEP and WPA. However, the MAC Address of the AP and the client WLAN cards are contained, unencrypted, in every packet sent, so they can be easily sniffed.

| Or is their a way to spoof a MAC address? It that what makes it a | placebo?

With some cards, the drivers allow you to change the MAC Address. Once the person with this setup detects your WLAN card's MAC Address, they simply set their card to match, and then wait for you to disconnect.

Yes and yes.

None of these answers sound to good. My confidence in wireless technology was short from the beginning and this thread didn't help. So what is the best way to secure a wireless network if blocking the SSID, MAC filtering, and encryption doesn't do the trick?

The best way to secure a wireless network is with encryption. It isn't perfect; nothing is. But MAC filtering and SSID hiding don't do much of anything.

Consider me more educated. Thanks for the info.

cheers

Harry

Well that depends on what you mean by "do the trick". You can always run an encrypted tunnel across your wireless link, then it can be as secure as you want.

Taking a moment's reflection, news mused: | | None of these answers sound to good. My confidence in wireless technology | was short from the beginning and this thread didn't help. So what is the | best way to secure a wireless network if blocking the SSID, MAC filtering, | and encryption doesn't do the trick?

Simple, buy equipment that supports, at least, WPA-PSK and use a very strong Passphrase.

Use 128b wep, enable mac filters, and don't broadcast SSID. Set the router admin password to something that is hard to guess. If you are buying new equipment, use WPA in place of WEP.

Dan