As far as minimizing SSID broadcast, I'm concerned that you would say
it does 'not' have any security merit.
You are crorrect in that. Trying to hide behind your SSID is like
using WEP and saying its secure. Anybody with a wireless sniffer can
pull the SSID out EVEN IF ITS NOT BROADCASTED. If you have wireless
traffic sniffing software finding the SSID is like stealing candy from
a kid.
On 4/13/06, Alexander Bolante <alexander.bolante@gmail.com> wrote:
Thanks for the clarification. That was a typo on my part. My brain was
thinking WEP encryption, therefore I meant frequency of changing WEP
key, policies for establishing that WEP key, etc. In that regard, my
questions do have security merit, unless you wanna challenge that as
well :-)
As far as minimizing SSID broadcast, I'm concerned that you would say
it does 'not' have any security merit. You are correct in saying
'there are several wireless devices that will not work properly unless
you broadcast the SSID' however my statement was abstract for that
very reason. My purpose was to get Edmund to think about it as a
possibility if technically feasible, then he can determine whether or
not that's how we wants to setup his wireless devices.
Thanks!
On 4/13/06, Phunkodelic <phunkodelic@gmail.com> wrote:
Frequency of changing SSID?
Policies for establishing that SSID?
Minimizing SSID broadcast?
I don't think the above 3 items have any security merit, as trying to
"hide" your SSID is not a security measure at all. Anybody who can
sniff wireless traffic can grab the SSID very easily broadcast or
non-broadcast. There are seveal wireless devices that will not work
properly unless you broadcast the SSID.
On 4/12/06, Alexander Bolante <alexander.bolante@gmail.com> wrote:
From a design perspective, I think it would also be good for you to
have a security checklist:
WLAN Security:
Frequency of changing SSID?
Policies for establishing that SSID?
Minimizing SSID broadcast?
Access point location to reduce eavesdropping?
Locking management interfaces?
Use static IPs vs. DHCP?
MAC-based access restrictions?
Network Security:
Placement in a DMZ?
Use a firewall and setup ACLs/rules that enable access only for known
MAC/IP addresses?
Consider using an IDS if you plan on maintaining the solution?
That's a start. Hopefully then your solution's risk will really just
boil down to physical security.
Good luck, but have fun!
Thanks!
Alexander
On 4/9/06, Edmond Chow <echow@videotron.ca> wrote:
Hello List,
I am looking to put together a home network for a high-end client of
mine
and would like your opinion on what type of equipment to use.
Here's an overview of his requirement:
- Two MACs (for his kids) on a wireless network
- Two PCs on a wired network - these two PCs have sensitive information
on
them. These computers would not be used for remote access but only for
internet and email access. I am thinking of adding hard drive
encryption to
these two computers.
I'm thinking of three approaches and would like your thoughts:
#1 - Use a cable modem with non-wireless router for his two PCs and use
a
separate DSL modem with wireless router for his two MACs. Double the
monthly
cost for internet access but there is no chance that hackers entering
through the MACs will be able to access his PCs.
#2 - Use a router (I was thinking of something like an Astaro router or
Cisco router) for the PCs and then connect a Linksys wireless router
with
WPA security to the first router. The wireless router would be used
for the
two MACs.
#3 - Use a wireless router with WPA security for the wireless MACs and
then
hard wire the two PCs to the non wireless router ports on the back of
the
wireless router.
Any thoughts you would have would be greatly appreciated. Any
manufacturers
and or models you could suggest would also be much appreciated.
Thanks.
Regards,
Edmond
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
--
Alexander Bolante | Alexander.Bolante@gmail.com
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
--
Alexander Bolante | Alexander.Bolante@gmail.com
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
