When it comes to wireless it seems that everyone and their dog (literally their dog) has a wireless network connection. This particular post comes into play at the basic levels of wireless security for keeping out the next door neighbor kid. Its a good starting point for consumer grade gear but do not be fooled. Anyone with even a little bit of skill can blow your SSID disabling and MAC filtering totally out of the water.
Lets start out with what it is. SSID disabling is exactly as it sounds like where the access point is not broadcasting the SSID used to make a connection. This doesn’t mean that it doesn’t exist. Just that it is not being advertised. This can be a great deterrent for anyone driving by your access point and seeing if anything is available. For anyone that drives by and is able to pick up on your wireless network but notices that its hidden, they will probably move on to an easier target. But wait, didn’t I just say that it is disabled and not broadcasting? Yes I did. Even though you are not broadcasting your SSID the SSID is still in use for your network devices to talk to the access point. Anyone with a little bit of time is able to sniff some wireless packets and determine the access point SSID even though it is not broadcasting.
The process of gathering SSID information is with a simple wireless network sniffer. There are a lot of tools available from the linux savvy to the windows savvy. These are not your simple network protocol analyzers such as wireshark or tcpdump. One of those tools will analyze packs on the wire (or wireless) after a network connection is made. Yes yes they could be used before that but for the sake of this post, lets not get too deep. What happens is that your computer sends out network packets that get tagged for the specific SSID you are communicating with. Many access points are able to utilize the same network frequency so the SSID is in use for the access point to determine if the packet is destined for them or not. Just because you are connected to an access point doesn’t mean that everyone else isn’t getting those same packets.
Ok so now lets take it a step further by just saying that only specific computers are allowed onto your network. This is where the MAC address filtering comes into play. Pretty much every access point you can buy comes with this feature which is great for keeping the kids from connecting to your access point when they discover your password on the sticky note under your keyboard. Basically the access point looks to an authorized (or unauthorized) list for if it will allow a node to authenticate with the access point. Simple enough right? Sure for some basic SOHO security. If your password is discovered but you are allowing only specific MAC addresses, the attacker simply has to change their MAC address on their network adapter. If you were paying attention in your CompTIA A+ class then you may be scratching your head at this point as MAC address should not be able to be changed. Well, programmers can be some tricky people which makes it so that software can fool the hardware side of things and send out a fake MAC address.
The network side of things gets a little tricky at this point if there are two computers with the same MAC addresses. An attacker trying to utilize an authenticated MAC address as their own will usually wait until that machine goes offline which will then clear up the network connection (think shutting the lid on your laptop or leaving the house with your phone). Any way you dice the situation, these are great security measures for the cheap to help with security in layers. Layer the security deep and make your wireless network a harder target so the attacker will move on to something easier.
No comments:
Post a Comment