dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
6
Tig
join:2006-06-29
Carrying Place, ON

Tig to twixt

Member

to twixt

Re: People's names in SSIDs.

said by twixt:

... If you know the physical location of a WAP/Router - then you can figure out who uses that WAP/Router. Thus, you know who to target for social-engineering-type attacks.

Hi Twixt. Thanks for the explanation but I still don't see the concern.
If you are vulnerable to a social-engineering-type attack, your problem is not your SSID.
As for WEP, it's simply not secure regardless of who set up the router.
twixt
join:2004-06-27
North Vancouver, BC

twixt

Member

said by Tig:

said by twixt:

... If you know the physical location of a WAP/Router - then you can figure out who uses that WAP/Router. Thus, you know who to target for social-engineering-type attacks.

Hi Twixt. Thanks for the explanation but I still don't see the concern.
If you are vulnerable to a social-engineering-type attack, your problem is not your SSID.
As for WEP, it's simply not secure regardless of who set up the router.

-

Hi, Tig. You are missing the difference between theory and reality.

In the real world, users are not perfect. We/They simply don't respond uniformly and predictably and reliably to threat environments.

Thus, the idea is to make identifying users of a particular WAP/Router more difficult - so that specifically targeted social-engineering-type attacks are made more difficult.

-

Important things to understand about real-world security:

Security is not about making things absolutely foolproof. This is impossible, because fools are so ingenious as to wreck even the most-carefully-constructed security environments.

Furthermore, even the most conscientious of users make mistakes. Humans are not inherently reliable. Even those with delusions of perfection - yes, insert incredulous remark here - have been known to do something as stupid as click on a confirmation they should have avoided... Such is life.

Thus, Security is about making things more-difficult in your particular situation - such that the intruder finds it easier to simply move on to an easier target.

-

Note: The issue of WEP is a red herring. IMO, users of anything other than WPA2-AES are simply asking for trouble.

However, again, we are dealing with real-world-users who are not perfect. Either through ignorance or sloth or cheapthink, users in these categories are not paying attention to valid security concerns.

I consider the vast majority of the above users to be categorically "incorrigible" - and nothing I can do or say will convince them of the usefulness of research, planning or forethought. Thus, I won't bother.

However, IMO anything I can do to mitigate their idiocy is to be applauded - and implemented.