Comments on: How to Secure your Wireless Network

By: Grey's Anatomy

Grey's Anatomy — Tue, 26 May 2009 18:04:28 +0000

It’s always good to find like-minded people. Thanx and I’m going to add you to my RSS feed.

By: gunshotglitter

gunshotglitter — Sun, 14 Dec 2008 23:06:40 +0000

im struggling to secure my network and i am looking for help? anyone think they might be able to?

By: pinanti is pinanti » Blog Archive » links for 2005-12-16

pinanti is pinanti » Blog Archive » links for 2005-12-16 — Fri, 03 Feb 2006 17:20:52 +0000

[...] gHacks » How to Secure your Wireless Network (tags: wireless sysadmin security howto wifi network) [...]

By: otro blog m�s » Unos cuantos de seguridad

otro blog m�s » Unos cuantos de seguridad — Sun, 22 Jan 2006 14:49:52 +0000

[...] Sobre todo, la cosa va de WiFi, con un ‘proof of concept’ de cracking WPA, este Essential Wireless Hacking Tools, una gu�a para asegurar una red inal�mbrica y el art�culo Cracking WPA (y su segunda parte). [...]

By: teknokool.net » links for 2005-12-15

teknokool.net » links for 2005-12-15 — Thu, 15 Dec 2005 20:20:01 +0000

[...] gHacks » How to Secure your Wireless Network (tags: wireless networking wifi security) [...]

By: Creation Robot » How to Secure your Wireless Network

Creation Robot » How to Secure your Wireless Network — Thu, 15 Dec 2005 11:42:22 +0000

[...] How to Secure your Wireless Network [...]

By: Otto

Otto — Wed, 14 Dec 2005 17:17:45 +0000

Few things:

>It does not make sense to change the name but leave broadcasting on.

Yes, it does. The SSID identifies the network, and leaving broadcasting on lets it show up on a list of networks, like in the XP wireless network list. This makes it easy for people to connect to your network. Since you’re using WEP/WPA, they still need the password.

>Note its still possible to sniff the SSID, its still send in clear text when a client associates with the router / access point.

The SSID is not sent in just the association packets. The SSID is sent in the clear in *ALL* packets. So it’s not just possible to sniff the SSID, it’s trivial.

Disabling SSID broadcast adds no security to your network. None. Zero. At best, it will keep the little old lady next door from seeing it in the list of networks on her computer.

>Its possible to sniff your mac addresses and fake them, don´t rely on this alone.

It’s not just possible, it’s trivial. It’s *one command* on a Linux box. A slight bit trickier on a Windows box, I grant you. MAC filtering adds no real security either.

And the worst thing about both of these is that they make your wireless network *much* harder to administer, for no real security benefit. With SSID Broadcast on and MAC filtering off, you can walk up and hand somebody the password for the network, and they’ll be able to connect. No issues. You don’t have to touch a computer. But if you enable both of these, then suddenly you have to log into the router from another machine and get the guy’s MAC address and add it and tell him the SSID as well as the password.. It’s a lot more complex.

Simplify. All you need for wireless security is encryption turned on. WPA is enough. If you’re using encryption, then they have to break it to get into the network. That takes real time. Bypassing SSID and MAC Filtering takes mere seconds, and makes the network more difficult to work with. In other words, don’t bother disabling SSID braodcast, don’t bother with MAC Filtering. These are *not* security measures and should not be treated as such.

By: brad.clarkston

brad.clarkston — Wed, 14 Dec 2005 15:14:56 +0000

Nice post.

I work at a small rural ISP that provides wireless broadband coverage using AirSpan WiMax and 99% of those customers have installed a Linksys WiFi router (that’s what we push) as well so I know the pain of having 200+ unsecured wireless customers in a 50 miles radius.

At least I always have a connection around my area .