1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Issues with SSID cloaking

Discussion in 'News' started by tripwire45, Mar 19, 2007.

Click here to banish ads and support Certforums by becoming a Premium Member
  1. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster


    Issues with SSID cloaking

    Many organizations use SSID cloaking as a mechanism to add a layer of security to the WLAN. This technique requires that all users have knowledge of the SSID to connect to the wireless network. While this is commonly viewed as a mechanism to improve the security of the WLAN and is a recommended best-practice by the PCI Data Security Standard, it can reduce the effective security of the WLAN...Early wireless network deployments relied on SSID cloaking as a mechanism to prevent unauthorized users from accessing the wireless network. Even though this was never intended to be used as an authentication mechanism, some organizations have adopted cryptic SSID's that are distributed as shared secrets. Tools such as ESSID-Jack and Kismet observe and report the SSID from legitimate stations, allowing attackers to deduce the SSID and easily bypass the intended security mechanism.

    Read the rest at NetworkWorld.com.
    Certifications: A+ and Network+


    1. hbroomhall
      I have always said that SSID 'cloaking' or withholding was a waste of time. Anybody with the right software can discover the correct SSID fairly easily.

    2. BosonMichael
      Agreed... but at least it keeps those casual users who don't have the right software from knowing your wireless network exists... and considering it just takes a click to configure SSID cloaking, it's no bother to implement.

    Share This Page