how-to block ads
|
| | | | FAQ Revisions | Editors: No_Strings  , adsldude , DrTCP , mjf
Last modified on 2009-11-19 01:51:57
| |
|
|
40.0 Security·What happens when I disable SSID Broadcast? Am I more secure?
·How Can I Tell If Someone Is Using My Connection?
·What Is 802.1x , How Can I Use It?
·Where can I find more information about wireless security?
·Is There An Overview of Enterprise Security Options?
·How can I avoid trouble when I change the wireless security settings?
| | | (Thanks to DSLrgm for this info.)
You really CAN NOT turn off the SSID field in the beacon. The SSID is a mandatory to send field in the BEACON and PROBE RESPONSE. So for systems that did not have the concept of an SSID, they allowed for a NULL SSID, i.e. x00 in all 32 bytes of the SSID field.
Also, you cannot turn off the beacon. You can vary its periodicity, but not eliminate it. The beacon provides the timings and other parameters need to run a BSS.
The NULL SSID option was included in the original spec for some vendors products that did not even have the concept of SSIDs. This allowed for reasonable migration to everyone using SSIDs.
Of course this "feature" was never taken out, and then, I think it was ORiNOCO or Enterasys came up with the idea that they can make their customers think they are better off by using NULL instead of the real SSID.
Then ISS jumped up and claimed that the SSID was a password sent in the clear, and the rest is history.
More technical detail:
First, an AP MUST send a BEACON frame. Per clause 7.2.3.1 a BEACON MUST contain the following fields:
Timestamp
Beacon interval
Capability information
SSID
Supported rates
FH Parameter Set \
DS Parameter Set > Just one of these
CF Parameter Set /
IBSS Parameter Set - for stations in AdHoc (yes they send BEACONs too)
TIM - for APs
The BEACON is sent every Interval. It annouces the BSS and defines how stations are to operate in the BSS.
There are two "types" of SSIDs: A string up to 32 characters or NULL.
Now, on to the operation so stations in a BSS.
Stations may scan for APs passively, or actively. That is they can either just listen for BEACONs, or send a PROBE REQUEST. Passive scanning only works if the BEACON contains the SSID, and not NULL.
If the station does not detect a BEACON with an SSID, or the desired SSID, it SHOULD send a PROBE REQUEST. This frame also has the SSID field in it. The station MAY either put NULL or the SSID in the REQUEST. If NULL is used an AP MAY respond with a PROBE RESPONSE with its SSID, or it MAY ignore this REQUEST. If the REQUEST contains the SSID of the AP, the AP MUST send a RESPONSE with its SSID.
Now let's look at this operationally. An AP is set to operate on a specific channel. It is sending its BEACONs out on the channel. If a station passively scans, it receives on each channel in turn for long enough to receive a BEACON. If the station actively scans, it sends a REQUEST on each channel in turn. Passive scanning can be done 'in background'. Active scanning interupts other activity to work.
Microsoft has defaulted XP to only actively scan. SOME vendor drivers will passively scan (like Symbol's, who knows better than Microsoft). All wireless phones passively scan first. Why is this?
Active scanning MAY take upwards to 2 sec. Passive scanning MAY build up the AP neighbor table with NO interruption to usage. So roaming can be VERY time intensive with Active scanning, but frequently 'painless' with passive scanning.
So in response to your point at the beginning of this missive.
It is probably the case that your system is always actively PROBING for APs with your SSID. In so doing, it is announcing your SSID. Now it only does this when it needs to find an AP to ASSOCIATE with. Once ASSOCIATEd, it is just fat and happy. But if it looses signal, it PROBEs again, sending out your SSID.
Thus you really cannot hide your SSID, even if you set your AP to send a NULL in the SSID field of the BEACON.
IF there is no activity on your network, you are "hidden," but if ONE station is ASSOCIATEd and transmitting, the attacker forges a DISASSOCIATE from the AP to your station. Your station then promptly starts PROBING and exposes your SSID.
 feedback form
 feedback form
by No_Strings edited by DrTCP
last modified: 2007-06-20 00:20:43 | | | The most commonly suggested tool is AirSnare. It works by reporting the existence of non-approved devices as identified by MAC address.
»home.comcast.net/~jay.deboer/airsnare/
Another option is Look@LAN. From the author: "The program can monitor the nodes and alert you of any changes (new nodes, offline nodes etc.). The main window lists all available nodes and detailed statistics and scan results are available for each individual machine, including a real-time traceroute report, ping results, active services (open ports) and more." Note that our readers discovered that systems not reponding to ICMP pings will be stealthed. The thread is here: »Very cool LAN tool
»www.lookatlan.com/home.html
feedback form
feedback form
by No_Strings
last modified: 2006-01-02 10:21:47 | | | This HOWTO provides an excellent explanation of 802.1x as well as how to set up port-based authentication using FreeRADIUS and XSupplicant.
»tldp.org/HOWTO/8021X-HOWTO/index.html
feedback form
feedback form
by No_Strings
last modified: 2004-10-19 15:29:29 | | | The Unofficial 802.11 Security Web Page - »www.drizzle.com/~aboba/IEEE/ - has a wealth of information and links related to wireless security.
Authentication, encryption, performance, vulnerabilities and more are linked on this page.
Also don't forget to visit the Wireless Security Forum here at BBR:
»Wireless Security
feedback form
feedback form
by No_Strings edited by adsldude
last modified: 2005-02-19 12:21:22 | | | This article from Microsoft provides a nice overview for anyone wanting to use PEAP and passwords to secure a wireless LAN. Since a RADIUS server is involved, the target audience is likely to be businesses or very advanced home users.
»www.microsoft.com/technet/securi···p_0.mspx
The introduction is particularly informative, spelling out many of the terms you'll need to understand in order to secure a wireless setup. Threats, benefits and alternatives are discussed.
»www.microsoft.com/technet/securi···int.mspx
Thanks to BeesTea for finding the article.
feedback form
feedback form
by No_Strings | | | For the best chance of success, do these steps in this order:
1. On your wireless router or access point (AP), change your SSID to something that you have never used before.
2. On your wireless AP, configure the security that you want.
3. Unplug power to your AP.
4. Remove all saved profiles for that AP from your wireless computers.
5. Reboot your wireless computers.
6. Restore power to your AP.
7. Using your wireless computers, associate with the new SSID and input the new security information.
Why these steps help: The wireless parameters of a network are stored by SSID and ESSID (MAC Address). Choosing a new SSID, deleting the previous profiles, and rebooting help erase any previous memory of the wireless network and allows your software to create a single wireless profile with the correct connection and security parameters.
feedback form
feedback form
by funchords edited by No_Strings
last modified: 2006-08-06 23:34:12 |
|
