Six WiFi Security Myths

Martin Brinkmann
Jun 17, 2006
Updated • May 6, 2013
Security
|
4

There have been lots of articles lately that explain how to secure a wireless network. Most of those articles offer at least some tips that do not have any implications on a wireless network's security. While I would not call them snake oil, they certainly do not have the desired effect that the authors of the guides think they do have.

It does not mean that the changes discussed below have a negative effect on a system's security, but most do not have any effect at all, or only a minor effect.Let us take a look at the six dumbest ways to secure a Wireless Lan.

1. Mac Filtering

Mac Filtering does not protect against the forgery of a mac address, which is terribly easy using a network sniffer. It still could be a valuable line of defense against neighbors and kids who are only able to push buttons and don't understand the concept. Attackers who know what they are doing won't be thwarted off by Mac filtering.

2. SSID Hiding

This is hiding SSID beaconing on the access point while four other mechanisms are still broadcasting your router's SSID in the open. Even worse, since the ID is hidden your laptop or mobile device probes all networks it comes into contact with for the SSID which leaks it to those networks.

3. LEAP Authentication

It relies on its users and their passwords. LEAP requires strong passwords to be relatively secure and we all know about the passwords of normal day users.

4. Disable DHCP

DHCP allows the automatic assignment of IP addresses. If you disable it you have to assign all IPs manually. Attackers have various tools available that they can use to detect the local IP range of a network, and then it is only a matter of setting the attacking device's IP address to one within range.

5. Antenna Placement

This is pretty useless as well, telling everyone to move their antenna to the middle of the room or running the antenna with low power. The antenna of the access point is not the only factor that determines if it can be reached, the antenna of the client is also a factor. What if the hacker has a bigger antenna that still reaches your access point ?

6. Just use 802.11a or Bluetooth

This has nothing to do with security, those are just different standards.

The author of the original article has published a follow-up which you should read as well. You can access it here.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Alaskan Assassin said on June 23, 2006 at 8:22 am
    Reply

    I live in a small town in Alaska that is just on the outskirts of Anchorage. None of the permenant residents have the vaguest idea of how to even use a computer, so I turn on MAC filtering and check the logs every once in a while to make sure that there is nothing funky. If I lived in a big city, I would be using very different tactics.

  2. Jason said on June 19, 2006 at 10:33 pm
    Reply

    Even though no single technique will keep anyone out, I try to use 5 or 6 at a time so that, although still possible to break, it will deter the majority of “War Drivers” who can easily hop on to my next door neighbor’s network with little to no work at all. belive me ;)

  3. doris said on June 18, 2006 at 1:08 pm
    Reply

    Mac filtering is just a waste of time as is SSID hiding and disbling DHCP.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.