Samsung S3653 mobile phone 
RRP: $179.00
RRP: $179.00
Stop Internet poachers from stealing your Wi-Fi
Everyone has a different system for keeping their home networks secure. And by "secure" I mean "safe from cheapskate neighbours looking to poach some free Internet."
Everyone has a different system for keeping their home networks secure. And by "secure" I mean "safe from cheapskate neighbors looking to poach some free Internet."
Some users rely on their router's WPA encryption capabilities, while others employ MAC address filtering. Some do both. I'm not wild about either approach, as they involve a lot of hoop-jumping when I need to add new PCs and devices to the network.
Instead, I'm a fan of invisibility. I've taken the simple step of turning off my router's SSID broadcasting, effectively making my network invisible to the neighbors. Hey, they can't steal what they don't know is there, right?
If you've ever detected an unfamiliar network in your own home or, say, the local coffee shop, you know what I mean. Stray Wi-Fi router signals are bouncing all over the place. But a PC can see these networks only because of SSID broadcasting. Turn it off, and it's like the router isn't even there.
Of course, it's there for your PCs and Internet-connected devices. So how do you connect them to an invisible network? Just enter the network name manually. In Vista, for example, head to the Network and Sharing Center, click Set up a connection or network, and then choose Manually connect to a wireless network. Enter your network's name (as designated in the router) and you're good to go. You should also check Start this connection automatically so you don't have to repeat this process, and Connect even if the network is not broadcasting to overcome Vista's natural resistance to invisible networks.
If you don't know how to turn off your router's SSID broadcasting, check the manual. In my D-Link router, the setting is actually called Visibility Status; your mileage may vary.
This is by no means a bulletproof security solution. I'm sure many users will call me foolish, reckless, and other choice words. But because I have suburbia-oriented security needs, I don't feel the need for encryption, filtering, and other heavy-handed measures.
18%
9%
Comments
Why would you ever advise someone to do this?
SSIDs are not revealed in only the Beacon frame of the AP, but any probe request your laptop is sending out. By setting your AP to be unsecured and hidden, you are telling your laptop to announce to the world what your SSID is via the probe request. Any 14 year old kid with Netstumbler will have your SSID in less than a minute! Further more, Vista will see your network whether its hidden or not and display an "unknown network" in the Available Networks list.
Since you have now told the laptop that your SSID is hidden, your laptop tells the world the name of your SSID wherever it goes. So when you are sitting at the airport, you are letting everyone know that your computer wants to connect to "Broida's Home Network". Any rouge AP can answer this request and now you are connected to my nefarious network and I have access to your machine!
This is terrible advice all around.
This is incorrect advice.
An SSID is intended to be a network name, not a password. So treating it like a secret actually means that you won't get the security you think you will.
Even if an access point isn't broadcasting its SSID, you can still easily find out what the SSID is. Just install a wireless sniffer on your computer and wait until someone associates with this "hidden" network. You will see an unencrypted association frame, which contains the AP's SSID. Once you have this, you can then attach to the network.
This person is also leaving himself vulnerable to other eavesdropping attacks. Anything sent in clear text can be intercepted -- email messages, web traffic, newsgroup postings...I shudder to imagine what his neighbors might be learning about him.
WPA and WPA2 are actually pretty simple to set up. Most comsumer access points actually set this as their default now -- all you need to do is supply the pre-shared authentication key: a sentence is best. Windows will detect that your AP is using a secure protocol and ask you only once to supply the PSK, and then you're finished. It's actually less work than going through the steps to make Windows work in the environment he describes.
Please check my article here for more information about wireless security: http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wir...
Horrible Advice
Absolutely horrible advice. Turning off SSID broadcasts do NOT make the access point invisible. Anyone with any packet sniffer will see the SSID. Worse yet, without encryption, the packet sniffer will happily show the contents of all the traffic.
WPA is not "heavy handed." In fact, it's easier to add a new device with WPA than turning off SSID broadcasts. One simply has to connect (and don't need to memorize the SSID, either) and enter the pre-shared key. What the heck is so hard about that?
Post new comment