Re: Protected WLAN (802.11 and hidden SSID)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Monday 23 May 2011 18:08:15 Genes MailLists wrote:
> On 05/23/2011 12:18 PM, Tim Smith wrote:
> > When it talks about SSID IEs, however, it isn't mentioning Probe Response
> > or Beacon explicity, but uses the weasel phrase "or that do not
> > advertise an authorised SSID" without specifying *HOW* that SSID is to
> > be advertised :-) Also note the "an authorised SSID" in the sense of "at
> > least one".
> > 
> > I can "advertise an authorised SSID" in selected Probe Responses only
> > when the Probe Request contained that SSID and satisfy that
> > requirement[1].
> 
>   I bow to your obvious expertise in this .. but it sure seems like it
> violates the intent of the spec  ... nitpicking the doc aside :-)
> 
>   And I'll stick with my suggestion for people to stop recommending
> hiding SSID as a security measure - it still sounds like bad advice to
> me - unless an expert (Tim?) tells me otherwise .. :-)

Oh you're absolutely correct on that. It has zero effect on security, and 
anything which makes you think you have security when you don't really is a 
bad idea. Also there *is* quite a bit of kit out there which will not cope 
with it, but it doesn't violate the spec and there is a *lot* of enterprise 
kit out there which does this trick as a matter of course; when a big office 
wants to provide separate "guest" and "corporate" WiFi access they don't go 
installing two sets of APs all over...

In fact, if you see the "WiFi certified" logo on a piece of kit it is supposed 
to deal with "hidden" SSID properly[1], though it's a full end-user device 
stack that gets tested, not a particular network card, so once you're using it 
with Linux/wpa_supplicant/iw tools you're on your ownsome there as it will 
have been the Windows drivers wot got the certification.

In fact, I suspect a default install of wpa_supplicant would *not* pass the 
test suite. Not that that's a bad thing particularly as wpa_supplicant gives 
you something you don't often get as an end-user: a manual page to use to 
tweak the settings.

[1] I think that check has been in the test suite for long enough now that 
this is a safe statement.

-- 
Tim Smith <tim@xxxxxxxxxxxxxxxxxxx>
Spin-Sealed Tibanna Gas is an aphrodisiac.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux