When I get a new client without a secured WiFi network and ask about it I always get the same answer "I have nothing on my computer that anyone would want." At that point is when I have to explain to them it's not what's on your computer they want, but the Internet connection itself. I always say do you really want to go through the hassle of having to explain to the FBI how all of that illegal activity wasn't done by you?
If you still think wireless security is useless because you have nothing to hide ...
- Thread starter electron
- Start date
apostolakisl
Senior Member
If, as is typically the case, they just want to get on the internet or infect your computer with some spamming software, they will pick the easiest one. So just don't be the easiest one.
It's like the joke where two guys are in the woods and a bear stares them down, the one guy goes to tie his shoes and the other guy says, "what are you doing? You can't outrun that bear", and the first guy replies, "I don't need to outrun the bear, I only have to outrun you"
It's like the joke where two guys are in the woods and a bear stares them down, the one guy goes to tie his shoes and the other guy says, "what are you doing? You can't outrun that bear", and the first guy replies, "I don't need to outrun the bear, I only have to outrun you"
But disabling ssid broadcast is not a layer of security. It really does nothing more than break the spec. Just because the router is not set to broadcast it's ssid does not mean the ssid is hidden from anyone who wants to find it. If you have just one client connected to that router and it is doing zero data transfer the ssid is easily found in the clear because the router and client are always communicating back and forth to keep the connection alive and the ssid part of the communication can NOT be hidden or encrypted regardless of what you do. There are many free very easy to use applications that will let you see any ssid in your area regardless of the ssid broadcast being disabled. For awhile windows had a bug that caused it to not work properly if the ssid was disabled. However many non-pc devices will either not function or be difficult to function if it is disabled.
drvnbysound
Senior Member
While I agree, that selecting to not broadcast your SSID may be very easy to hack with these free applications (Ive personally never looked or tried), I cant tell you how many people have either come to my house or I have gone to theirs and asked about SSID and they have NO IDEA what I am talking about. Knowing that the 8-12 WiFi signals that I pickup from my living room are all open, non-encrypted and the SSID is broadcast it's probably about 99% likely that they dont know what an SSID is either... and if they dont know what it is, they probably arent going to be able to hack mine.
So by hiding my SSID, I am already outrunning those 8-12 people
So by hiding my SSID, I am already outrunning those 8-12 people
That is just poor logic. Run wpa and those same people will not be able to hack it even with ssid broadcast. Disabling ssid broadcast buys you absolutely nothing security wise. It is not even hiding your network which you do not seem to understand.While I agree, that selecting to not broadcast your SSID may be very easy to hack with these free applications (Ive personally never looked or tried), I cant tell you how many people have either come to my house or I have gone to theirs and asked about SSID and they have NO IDEA what I am talking about. Knowing that the 8-12 WiFi signals that I pickup from my living room are all open, non-encrypted and the SSID is broadcast it's probably about 99% likely that they dont know what an SSID is either... and if they dont know what it is, they probably arent going to be able to hack mine.
So by hiding my SSID, I am already outrunning those 8-12 people
mwheeler42
New Member
MAC filtering doesn’t do much, nor does not broadcasting the SSID for reasons already mentioned. If someone has the tools to crack wifi, they have have a network monitoring and capture tool that will see your network.
The best thing you can do is use WPA2 with a strong passphrase and change you SSID. There are pre-computed tables for the 1000 most common SSIDs that can be used with Aircrack and coWPAtty to discover your passphrase in seconds. If your SSID is still "linksys" or "NETGEAR", you are an easy target.
The best thing you can do is use WPA2 with a strong passphrase and change you SSID. There are pre-computed tables for the 1000 most common SSIDs that can be used with Aircrack and coWPAtty to discover your passphrase in seconds. If your SSID is still "linksys" or "NETGEAR", you are an easy target.
tmbrown97
Senior Member
This is just a topic where someone armed with a little bit of knowledge and a whole bunch of myth is clearly way worse off than someone who either knows very little or knows a lot. If you go through the setup wizard and select WPA2 with a stong password, you're about as safe as a normal residential user will get. If you really have the knowledge and associated paranoia, then further levels of isolation apply (VLAN's, VPN into your network, network level authentication, etc). All I'm saying is that MAC filtering and SSID Broadcast Disable do far less than even a simple WEP password, and with WEP or stronger, they're absolutely pointless - they offer no additional security over the authentication method. The only thing they bring is headaches and hassles with every new legitimate client you try to connect. But if you're a hacker, bypassing those controls is part of the normal hacking process anyways - doesn't even slow them down one bit.
drvnbysound
Senior Member
I agree, it isn't hiding it to someone who knows how to find it.... What I said was, is that if you dont know how to manually enter one to get onto a hidden SSID network (and I know MANY people who do not), they probably arent going to know how to 'hack' in either. Knowing that I can find 8+ networks from inside my home that are wide-open, it's unlikely that any of my neighbors know how to locate my SSID. I do have additional layers, so I am not saying that is the only thing that has to be found.
I can see more networks if I step outside, but I wanted to show this.... I turned off my router, and did a scan from my living room using my laptop... I found 1 secured network, you can see that the rest are non-encrypted and wide open for me or anyone else to use:
I work on wireless networks most every day. I have seen a bridge-to-bridge (not an access point) wireless network, using directional antennas mounted 30+ ft above the ground, using MAC filtering, and AES 256-bit encryption get hacked in 2 days. Regardless of what precautions you take, if you are the target of a hacker your network will be compromised, it's only a matter of time.
As most now know, Sony's PSN was recently hacked. I would love to know what precautions Sony had in place and how my consumer grade wifi router can be more secure than their network was.
This can go on forever, but what needs to be understood is that nobody who wants to get into your network is going to use Windows wireless connections to do it. What they use will show ALL SSIDs in range, whether broadcasting or not, and easily pick out MAC addresses as well.
So, again, you are NOT buying yourself anything but possible connection issues.
Nobody is telling you this to pick at you, but to inform you that you have a false sense of security if you rely on SSID and MACs for security. Instead you should be using WPA minimum with a random and long password.
Since I'm using DD-WRT I have 2 SSIDs on my router. The first is extremely secure with the maximum number of characters for the passphrase and the other is extremely simple to type in for guests and only gets turned on while they visit. I also have the guest SSID on a separate VLAN giving them Internet access only.
drozwood90
Senior Member
Sure, if they are TARGETING my system, it does nothing. But, adding that to my existing setup is one layer harder than the 20-30 networks around my house. That was my point. NOT from a technical standpoint...if someone wants in, there is nothing you can do except turn off the router. I'm lucky in that there are at least 20-30 networks around my house, I'd say at least 3-4 are unsecured. I'm just "harder" to get into than the next guy.
I suppose I should have made it more clear, I'm NOT saying it is better, but if someone is trying to get a connection to SOME network in the area, there are 20 other networks that are easier to get into. THAT was my point.
As for "one client", true, but that client is only connected 1-2 hours a week. I am a BIG fan of hardwired. Wireless is just not as reliable, fast, etc. as a wired Gigabit connection. I love getting 105meg/sec.+.
I agree, about the other devices not working well. I'm not a proponent of disabling SSID as a end-all-solution. I only mean that in my situation, I have ONE laptop, that I'm on, maybe 1-2 hours a week, and so for ME, with that being the ONLY device, and being a neighborhood that has 20+ networks, some of which are unsecured...I have 2 layers of protection. Again, I understand if someone were to TARGET me, there's not much I can do about it. I used to use MAC filtering, it was a pain. So, I think if not broadcasting the SSID became that hard, I'd probably disable that as well (let's say instead of using one of the 32 GIGABIT drops in my house, I wanted to use wireless for some POPCORN-like box...well, it might not support hidden SSID).
I used to have 2 routers setup. The DC-DC power supply went in the second one. Apparently it did not like being hard turned ON / OFF with an appliance module. So, that's why I mentioned, when I get the second one up, I'll use some sort of VPN/SSH tunnel from one router to the other. OR, if I can figure out how to make Homeseer talk to the CGI webpages that control my router, instead of powering a second one on / off, I'll just enable / disable the wifi part of the router.
I hope that clears it up.
--Dan
drozwood90
Senior Member
I disagree with this. By your logic, a long random password only makes it harder for the users to get on the network.
You can use a long password, and just make a sentence / passphrase which means something to you, then substitute some letters with the "super" characters (#$^&%&), upper case and numbers. Essentially, you don't need random, you need to include as much of the different types of possible characters as possible to make the "rainbow" tables as large as possible that it makes it so that only BRUTE force can crack it.
Wireless is just NOT secure with consumer stuff. The only sure way is to turn the darned thing off and NOT use it. If you do not, there is ALWAYS a possibility someone who wants to CAN get in. The trick is just to make yourself less appealing to anyone else in the area.
If you want to get a warm fuzzy use this:
http://en.wikipedia.org/wiki/Type_1_encryption
or use:
AES-2048 or better
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Then you will need one of these:
http://en.wikipedia.org/wiki/Fill_device
To give the keys to all your users. No matter what you do, you will get hacked given a hacker who wants in. You just have to get yourself in a position of being less of a target, or don't use it.
--Dan
Anyone have any links to documentation on how to use some of the more advanced techniques mentioned here, e.g., VLANs, VPN, etc. in a pure Windows environment using off-the-shelf LAN hardware?
My wife often works from home. She has a wireless adapter in her Windows laptop (provided by her employer), so she gets on our home LAN via the wireless, then VPN's into her work network. Since other people at her company have access to her laptop, I'm not sure what the most secure setup for my home network is that will still allow her to connect wirelessly so she can VPN to her office. It's got to be relatively simple to use once everything is set up. Any ideas?
And I understand that nothing is 100% secure, but I still lock the doors on my home when I leave.
My wife often works from home. She has a wireless adapter in her Windows laptop (provided by her employer), so she gets on our home LAN via the wireless, then VPN's into her work network. Since other people at her company have access to her laptop, I'm not sure what the most secure setup for my home network is that will still allow her to connect wirelessly so she can VPN to her office. It's got to be relatively simple to use once everything is set up. Any ideas?
And I understand that nothing is 100% secure, but I still lock the doors on my home when I leave.
You're kidding me, right? I have a minimum amount of wireless devices on my network and once they're setup, they're done. I've also stated I have a 2nd SSID for visitors that makes it easy for them to get Internet access only. And do you really think using $ for S or ! for I is fooling anyone's tables???
