SSID cloaking - safe or unsafe?

Many organizations use SSID cloaking as a mechanism to add security layer to WLAN. This technique requires all users to have knowledge of the SSID to connect to the wireless network.

Many organizations use SSID cloaking as a mechanism to add security layer to WLAN. This technique requires all users to have knowledge of the SSID to connect to the wireless network. Typically SSID is considered a mechanism to enhance WLAN security, and is the best practice recommended by PCI Data Security Standard. However, it also significantly reduces the security effectiveness of wireless LANs (WLANs).

Giving a false sense of security

Previous wireless networks deployed SSID cloaking as a means to prevent unidentified users from accessing the network. However, this technique has never been used as an authentication mechanism. Some organizations accept distribution of cryptic SSIDs in a shared secret style. Some tools such as ESSID-Jack or Kismel are responsible for monitoring and reporting the situation of SSIDs on legitimate stations, thus leaving traces to allow an attacker to see the origin of SSID and easily circling security mechanisms to penetrate the network.

Picture 1 of SSID cloaking - safe or unsafe?
Confusing users

When the network SSID is masked, users cannot refer to the list of suitable wireless networks for WLAN. From there make them choose and log in to another network and leave vulnerabilities on the client side. Some US states consider this as an illegal computer intrusion phenomenon.

Attempts to impersonate AP

Some attack tools like KARMA take advantage of advanced WLAN exploration techniques used by wireless clients. When a station probes for WLAN in the priority list (PNL), the station itself will trace the SSID to the listening attacker. KARMA-type attacks use the SSID detected to impersonate WLAN as bait to lure the operating station to the attacker. For Windows XP SP2 users who have updated the hotfixes on Microsoft's KB917021 page, Windows workstations change the operating method when exploring wireless networks. Users and administrators can mark the list on PNL as 'nonbroadcast' (without promotion). When the 'Connect even if this network not broadcasting' option is not selected, the workstation will not reveal SSID information despite network exploration, restricting the KARMAL attack type. However, for the workstation to identify the appropriate network, the AP must disable the SSID mask function. Otherwise, they will return to active network exploration, making SSID cloaking a less secure option.

Although SSID cloaking appears to be a very attractive mechanism to support WLAN security, it actually reduces the security of corporate wireless networks.

Update 13 December 2018
« PREV
NEXT »
Category

Technology

Life

Discover science

Medicine - Health

Event

Entertainment