Quote:
Originally Posted by DaKahuna
We have had the discussion on broadcasting or not to broadcast the SSID at work a number of times. I know I am going out on a limb with this gang here but I really does not think it matters. If someone is looking for wireless access points and they are in range, then they will find it whether it is being broadcasted or not. Not broadcasting the SSID protects you only from the clueless and those are the one that you can defeat with most simple security solutions. The true wireless hacker is going to find your AP whether you broadcast the SSID or not so why not make it easier for your clueless employee's and go ahead and broadcast the SSID?
|
I agree with your statement, I would like to add that SSID broadcast does not make a whole lot of difference if a
TRUE WIRELESS HACKER wants on your network.. he/she will have the linux gear, scanners, custom antenna's etc to do so. In other words they are determined to do evil.
I am talking about the windows users.... Nix users (the serious ones) can forge mac address's and hide better so most the time you do not even know they have been there.
The example I give might make my point...... you have a building that has 4 companies in it.. one is a coffee house with an open wifi (free to use, and they hope you buy coffee from them) the other 3 companies use desktops/laptops etc..
They all have a policy about personal PC's and for the most part they do not mind if you bring your personal laptop inside to keep it from being stolen from your car, you just cannot connect it to the network (wired or otherwise) There is however a man page as to how to connect a company laptop to the company wifi (they do not use MAC filtering) and this man page provides the security settings. (I have seen this at places before)
1) what is to stop a person from using their company wifi on their laptop?
2) what would stop them from using the coffee house wifi to do whatever they want (IM's Myspace, Pron, etc) and with thumb drives being like they are, they COULD sneakernet company data over to the personal laptop, then upload it someplace.
Or.... if they can use another company wifi (one next door) then any detection and trace will end up next door. Like stealing your next door neighbor's wifi, its illegal but when the cops pull up in his front driveway for distributing kiddie pron, you know you need to shut down and hide the evidence.
So broadcasting the SSID may not keep out the serious hacker, but not broadcasting it will pretty much prevent the mass majority of people out there from playing on your network.