Text 3444, 109 rader
Skriven 2005-04-07 19:30:28 av Mike '/m' (1:379/45)
   Kommentar till text 3443 av Gary Britt (1:379/45)
Ärende: Re: Wireless Network Security Questions
===============================================
From: Mike '/m' <mike@barkto.com>


To be honest, I didn't realize that either until yesterday.  One of the
Software Engineers who works for me had to do a paper for his grad course, and
he choose wireless security as the topic.  He dug up a lot of good stuff.

The link I posted was one of his references.  :-)

 /m

On Thu, 7 Apr 2005 18:58:57 -0400, "Gary Britt" <zotu@nospamforme.com> wrote:

>Yes that's a good point I didn't know before this thread.  I do believe
>however that not broadcasting the SSID is a form of light security against
>people not intent on really working at riding someone's network connection.
>For example, I'm more savy than the average user, and in a pinch I have
>ridden on someone else's wireless connection to get internet access.  I did
>it because my regular software that came with my wireless adapter would
>clearly show me the connection and would connect to it by pressing a button.
>If I had to get special programs and do packet sniffing, etc., it was both
>more work and more knowledge than I cared to know.  So it is secuirty in the
>sense it will keep the basically harmless guy off your internet connection,
>but its not security in terms of keeping a determined hacker out.
>
>Gary
>
>"Mike '/m'" <mike@barkto.com> wrote in message
>news:9j7b51pvj31g8sl543p0hd8rdolfc2pfdr@4ax.com...
>> On Wed, 6 Apr 2005 15:29:49 -0400, "Gary Britt" <zotu@nospamforme.com>
>wrote:
>>
>> >I have done two security things.  I disabled broadcast of the SSID,
>>
>> http://www.symbol.com/products/wireless/broadcasting_ssid_.html
>>
>> ===
>> Why 'Not Broadcasting the SSID' is not a Form of Security
>>
>>
>> Summary
>>
>> This paper discusses an aspect of the 802.11 protocols that some
>manufacturers
>> have altered and marketed as a security feature. The feature is the
>removal of
>> the SSID (also known as the NetID and ESSID) in a particular frame type
>called
>> a beacon. It is this that is being marketed as a security feature. This
>paper
>> explains the technical detail of the beacon and why in reality there is no
>> gain in security. There is no gain since there are other frames that
>require
>> the SSID to be present in clear plain text.
>>
>>
>> ...The beacon frame (shown in the next diagram) is transmitted
>periodically to
>> allow stations to locate and identify a BSS. The information in a beacon
>frame
>> allows a mobile unit to locate the BSS at any time in the future. The
>beacon
>> frame also conveys information to mobile units about frames that may be
>> buffered during times of low power operation. The beacon frame includes
>fixed
>> fields such as timestamp, beacon interval, and capability information. The
>> timestamp is a 64 bit field that contains the value of the station's
>> synchronization timer at the time that the frame was transmitted. The
>beacon
>> interval is the period, measured in 'time units' of 1024 microseconds, of
>> beacon transmissions. The beacon interval is a 16 bit field. The
>capability
>> information field is a 16 bit field that identifies the capabilities of
>the
>> station.
>>
>> The information elements in a beacon frame are the SSID, supported rates,
>PHY
>> parameter sets (FH and DS), optional CF (Contention Free) parameter set,
>> optional IBSS parameter set, and an optional TIM (Traffic Indication Map)
>>
>> The probe request frame is transmitted by a mobile station attempting to
>> quickly locate an IEEE 802.11 WLAN. It may be used to locate a WLAN with a
>> particular SSID or to locate any WLAN. The probe request contains two
>> information elements, the SSID and the supported rates. The effect of
>> receiving a probe request is to cause a station to respond with a probe
>> response, if the receiver was the last station in the BSS to transmit a
>beacon
>> frame. In an infrastructure BSS, the AP will always respond to the probe
>> requests. In an IBSS, the mobile unit that sent the latest beacon will
>> respond.
>>
>> The probe response frame contains nearly all the same information as a
>beacon
>> frame. The probe response includes the timestamp, beacon interval, and
>> capability information fixed fields. It also includes the SSID, supported
>> rates, one or more PHY parameter sets (FH and DS), the optional CF
>parameter
>> set, and the optional IBSS parameter set. This is all in clear text
>whatever
>> the encryption method being used....
>> ===
>>
>>   /m
>>
>

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)