dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8084
share rss forum feed


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

How often do you change your Wi-Fi SSID/Passphrase?

I'm curious as to how often people change their Wi-Fi SSID and/or WPA2 passphrase (I have to use WPA2-PSK since my wireless devices don't support WPA2-EAP).

I change both every 12 months or so. Yesterday I increased the length of my SSID and made sure I used upper/lowercase, numerals and special characters. I've always used a 63 character randomly generated passphrase (a number of websites will generate them for you).

I would've liked to have used a 32 character SSID (the max length) but one of my Wi-Fi devices (not a computer) had difficulty with that (not sure why). That device doesn't have a keyboard so entering a 63-character passphrase is very painful (and time consuming).

BTW my computers are now wired only and my LAN and Wi-Fi devices are in different subnets and firewalled from each other.
--
Don't feed trolls--it only makes them grow!



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit

I have never changed mine and I do not broadcast SSID. I am not really concerned about intrusion. Disabling SSID is not a lock. At best, it prevents people from accidentally connecting to your net, since they have to know your SSID in advance. There are several freeware packages that allow even novices with inexpensive off-the-shelf wifi cards to monitor and record every frame transmitted on a wifi network. The SSID is
transmitted unencrypted every time a client associates, so the SSID is still there for all to see.

The point is no matter how much one will say that Broadcasting your SSID is no big deal it will in fact when combined with WPA2-PSK Key help keep a wireless network more secure.

Let's say for a second that you live on the most hacker riddled street in the world. Then I would assume by now you have be thwarted many of times so it really should be of no concern.

If you like most of us live in a normal area then keeping the broadcasting off and WPA-PSK Key running to secure your wireless network then you should have no problem. (operative word "should" )

Extra layers of protection are never a dumb idea.

If you live in an area where there are many wifi out there very close to you (strong signal )..you might also want to find out what channels they use and change yours accordingly.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


slajoh01

join:2005-04-23

1 recommendation

The best security against Wireless is having no wireless at all.
Suppose you do banking online at home, I would switch off wireless and use LAN cabled network instead.

So in other words, if your doing soemthing really sensitive like online shopping, credit card transactions and such, please try and use a wired network instead of wireless to be extra carefully.

And disabling SSID broadcasting is a good idea.



darcilicious
Cyber Librarian
Premium
join:2001-01-02
Forest Grove, OR
kudos:4
Reviews:
·Frontier FiOS

2 recommendations

said by slajoh01:

And disabling SSID broadcasting is a good idea.

Actually it's a fairly pointless exercise (see above post).

I broadcast both my SSIDs, and haven't changed the password (they're both the same, eek!) in the 3+ years both WAPs have been in service. I live in a relatively low-density area so I tend not to worry about these things.

I also don't use MAC filtering or wear an tinfoil hat
--
♬ Music is life ♬


Eyeballs
Premium
join:2000-04-25
Worcester, MA

2 recommendations

reply to slajoh01

said by slajoh01:

The best security against Wireless is having no wireless at all.
Suppose you do banking online at home, I would switch off wireless and use LAN cabled network instead.

So in other words, if your doing soemthing really sensitive like online shopping, credit card transactions and such, please try and use a wired network instead of wireless to be extra carefully.

And disabling SSID broadcasting is a good idea.

Make sure you also lock all your doors and pull down all your shades. You know, in case someone looks in your windows and sees you typing your password in or breaks in and installs a keylogger on your computer when you aren't home, or installs hidden cameras to video all your computer activity, or ......

Need some tin foil??
--
Team Discovery--BBR Team Helix--Cuz I Care!!

Tig

join:2006-06-29
Carrying Place, ON

1 recommendation

reply to StuartMW

SSID changes when the router gets changed. Passphrase gets improved whenever I realize that it is insufficient.
I VLAN everything into logical groups. Wireless is for personal mobile devices and guests access to the net.


OZO
Premium
join:2003-01-17
kudos:2
reply to StuartMW

I don't change SSID. There is absolutely no reason why I'd want to. All my friends use my WiFi, when they come close to my house. And I don't see any problem with that too, BTW. Password is simple for them to enter...

Moreover, I'm looking for a solution (WiFi router), that will maintain an open WiFi spot for anyone who wants to use it. Requirements for the router are:
1. It logs bandwidth usage by those who get connection (to see manually if there is some abuse)
2. Keeps LAN for WiFi spot separated from my private LAN (simple security reasons)
3. Helps to automate the abuse protection (e.g. by limiting bandwidth used by connected devices)

There are WiFi routers on the market that offer maintaining "guest" WiFi spot. Or, in order to save money, I'll better use DD-WRT or Tomato firmware that will offer similar functionality. I've not decided on that yet, but I will. There are cases when I need to have WIFi connection for my smartphone and I appreciate when I get it at places where I am (I know many places where I can get it now). I feel the need to return the same favor to others too (even unknown)...
--
Keep it simple, it'll become complex by itself...



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit

1 recommendation

For that I give friends the SSID and the Passphrase..just because it is not transmitted..does not mean it is not there. I also have a program that alerts me if someone else tries to get on. If I don't like it..can then block them at the router.



KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to StuartMW

I use a 128 bit passphrase on my WPA2-PSK router. I haven't changed the passphrase in years and really see no reason to. Even if every machine on earth simultaneously tried to brute-force the passphrase, the Sun would go white dwarf before they succeeded. As long as the passphrase remains secret (i.e. not compromised or stolen) then there's no reason to ever change it. Since I am the only person with physical access to my router, I don't feel there is much of a chance of someone stealing the key.

Perhaps some cryptologist will someday find a flaw in WPA2 or AES (as they did in WEP). If that happens, we're all screwed no matter what our password policy is.

EAP offers no security benefit over PSK. EAP is only useful when you have to manage a large number of devices. Thus it's more for convenience (key management) than security.

Finally, hiding the SSID is futile as is MAC filtering. Both are easily circumvented by any script kiddie wardriver. The only thing you need to worry about as far as the SSID is concerned is making it unique. However, even that isn't really necessary if you use a long, complicated, high entropy passphrase.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit

And if that mac filtering does not stop them..time to get into their stuff and play their game. Looks like some posting live in some nasty area of the world where they leave their doors and windows open but worry about their internet. Traveled too much with internet aware devices to worry about that.
North Myrtle Beach is a tourist destination..our summer population explodes and we have all kinds of visitors..lots of script kiddies with lots of tricks..peace returns when they go back home..



vaxvms
ferroequine fan
Premium
join:2005-03-01
Wormtown
kudos:3
Reviews:
·Charter

1 recommendation

reply to StuartMW

Maybe I'm just dumb but
What would be the purpose of changing the password every xxx days other than to lock out someone who has already gotten access? And if someone has been connected why haven't you noticed it? It's not like the Wi-Fi is available to the bazillion people on the internet.
Why would a new password be more secure than an old one that hasn't been cracked? especially if it's a random 63 character one.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

I come from the same school of thought..but stuartmw might live in a tourist area also...hmmm..have to get a jeep and ask Bob how to track him down.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to Name Game

said by Name Game:

..peace returns when they go back home..

And they've mostly done that here I can actually

1) Find a parking place
2) Walk down the street without dodging people.
--
Don't feed trolls--it only makes them grow!


vaxvms
ferroequine fan
Premium
join:2005-03-01
Wormtown
kudos:3
reply to Name Game

99.999% of tourists are dumb .and. they're too busy being tourists to waste time trying to hack into a local, protected, wi-fi connection that's not near a tourist attrection.
jmo
--
It's not really power unless you abuse it.



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

1 recommendation

reply to StuartMW

To be honest, I never change my SSID unless I think of something truly funny. I also can't be bothered to hide my SSID, and I also allow my router to be pinged.

I do set a channel manually, though. I use channel 1 as it seems to get better coverage throughout the house, as it's a lower frequency.

As stated, WPA2 AES, and a good passphrase is the only sure-fire way to avoid getting hacked.

My tin foil hat hangs in the closet, ready for nuclear war.
--
I'm not anti-social, I just don't like stupid people.


Bob4
Account deleted

join:2012-07-22
New Jersey
reply to StuartMW

Never. Unchanged for 7 years, even with three different routers during that time period.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to vaxvms

said by vaxvms:

99.999% of tourists are dumb .and. they're too busy being tourists to waste time trying to hack into a local, protected, wi-fi connection that's not near a tourist attrection.
jmo

Yup..too many other targets of opportunity out there..at any one time I can see approx. 24 out there in various states of Security..from the &#*@ Yankee Inn a few miles away to the local Mickey D..then lots of residential stuff for those script kiddie tools..so no reason to even start looking for un-transmitted SSID that the owner does not want you to even give it a persistent try. They just lay on the beach and watch the sharks or pee on my cape myrtle by the 17th tee.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Boricua
Premium
join:2002-01-26
Sacramuerto
reply to StuartMW

Once I set mine I forget it. SSID and passphrase in the router has not been changed at all since installed. I have combo of letters, number and symbols for the passphrase. In my neighborhood, there are a few routers (especially named 2WIRE###) with the same channel so I used a different channel with my own SSID (instead of the default 2WIRE###).
--
Illegal aliens have always been a problem in the United States. Ask any Indian. Robert Orben



sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to StuartMW

When I got my first wireless router, I named my wlan after a virus, intending to change it to a different virus name every once in a while.

I changed it once or twice and haven't changed it since. Now I mainly don't want to change it because it'd mean plugging my wireless printer in on usb to change its settings. I know, lazy. All I have to do is move it about 10 feet.. or find me a really long usb extension...
--
Think Outside the Fox.



Boricua
Premium
join:2002-01-26
Sacramuerto

USB extension cable
--
Illegal aliens have always been a problem in the United States. Ask any Indian. Robert Orben


MIXZ1

join:2001-01-02
Mexico
reply to StuartMW

Change once per year. No DHCP. Static IP on all devices. 64 bit WPA-PSK passphrase.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

We have a winner! Here's your prize. Wear it with pride my friend



--
Don't feed trolls--it only makes them grow!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
reply to StuartMW

Which character(s) are not allowed in SSID's and WLAN passwords?

»forum.snom.com/index.php?showtopic=6785
If the link will not work for u..then

The following six characters are not allowed: ?, ", $, [, \, ],
and +. In addition, the following three characters cannot be the first
character: !, #, and ;.

»www.cisco.com/web/techdoc/wirele···ity.html



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

2 edits

said by Name Game:

The following six characters are not allowed: ?, ", $, [, \, ] and +.

Well I found out, the hard way, that one of my devices doesn't accept a \. It does accept all the other non-allowed characters though.

Oh wait that was in the passphrase not the SSID.
--
Don't feed trolls--it only makes them grow!


NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to StuartMW

The (non-broadcasting) SSID and the WPA passphrase for my production WiFi AP is etched in granite, and is unlikely to change unless I see some router/firewall log entries that indicate a problem (not likely to happen with the maximum length non-dictionary mixed alpha-numeric-special character passphrase I use). I turn on a special guest AP for visitors (which uses MAC filtering and no encryption), so I don't have a need to change anything on my normal WiFi since only permanently authorized devices are allowed access.

OTOH, I do occasionally change the SSID on my intermittently operated honeypot so that I can attract new victims visitors.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


Bob4
Account deleted

join:2012-07-22
New Jersey
Reviews:
·Optimum Online

I have a guest network which isolates each client, but no one uses it. My guests just connect to the unsecured 'linksys' access point next door.

That doesn't really bother me, and it means my guests don't suck-up my bandwidth.



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

Really? I have a guest net that has 60 gigs for usage by them. I wouldn't think of letting them leech/ steal from a neighbour.
--
I'm not anti-social, I just don't like stupid people.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
reply to StuartMW

I only change SSIDs and passphrases if I were to change my wireless APs/routers, redo firmwares, etc. I never use the same ones between them.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

reply to Name Game

said by Name Game:

The following six characters are not allowed: ?, ", $, [, \, ] and +.

I did some checking and apparently the IEEE 802.11 standard doesn't say anything about prohibited characters. Cisco doesn't allow the ones you quote but other vendors do

I also found that although SSID's can be 32 chars long some devices only allow 31 (31 plus nul terminator makes 32 total).

quote:
The nice thing about standards is that you have so many to choose from.

Andrew S. Tanenbaum, Computer Networks, 2nd ed., p. 254
--
Don't feed trolls--it only makes them grow!

Bob4
Account deleted

join:2012-07-22
New Jersey
Reviews:
·Optimum Online
reply to Juggernaut

said by Juggernaut:

Really? I have a guest net that has 60 gigs for usage by them. I wouldn't think of letting them leech/ steal from a neighbour.

No one here has any caps/quotas. This is America!!