Hardware Reference
In-Depth Information
lookfornetworks,theywon'timmediately seetheSSID),whichhasbeenthoughttoprovide
a minor security benefit. However, Microsoft has determined that a non-broadcast SSID is
actually a greater security risk than a broadcast SSID, especially with Windows XP and
Windows Server 2003. For details, see “Non-broadcast Wireless Networks with Microsoft
Windows” at
http://technet.microsoft.com/en-us/library/bb726942.aspx
.
In fact, many freely
available (andquitepowerful)toolsexistthatallowsnoopingindividuals toquicklydiscover
your SSID even if it's not being broadcast, thus allowing them to connect to your unsecured
wireless network.
The only way that the SSID can provide a small measure of security for your wireless net-
work is if you change the default SSID provided by the wireless access point or router
vendor. The default SSID typically identifies the manufacturer of the device (and sometimes
even its model number). A hacker armed with this information can look up the default pass-
wordandusernamefortherouteroraccesspointaswellasthedefaultnetworkaddressrange
by downloading the documentation from the vendor's website. Using this information, the
hacker could compromise your network if you do not use other security measures, such as
WPA/WPA2 encryption. By using a nonstandard SSID and changing the password used by
yourrouter'sweb-basedconfigurationprogram,youmakeitalittlemoredifficultforhackers
to attack your network. Follow up these changes by enabling the strongest form of encryp-
tion that your wireless network supports.
AllWi-Fiproductssupportatleast40-bitencryptionthroughthewiredequivalentprivacy
(WEP) specification, but the minimum standard on recent products is 64-bit WEP en-
cryption. Many vendors offer 128-bit or 256-bit encryption on their products. However,
the 128-bit and stronger encryption feature is more common among enterprise products
than SOHO-oriented products. Unfortunately, the WEP specification at any encryption
strength has been shown to be notoriously insecure against determined hacking. Enabling
WEP keeps a casual snooper at bay, but someone who wants to get into your wireless
network won't have much trouble breaking WEP. For that reason, all wireless network
products introduced after 2003 incorporate a different security standard known as Wi-
Fi Protected Access (WPA). WPA is derived from the developing IEEE 802.11i security
standard. WPA-enabled hardware works with existing WEP-compliant devices, and soft-
ware upgrades are often available for existing devices to make them WPA capable. The
latest 802.11g and 802.11n devices also support WPA2, an updated version of WPA that
uses a stronger encryption method. (WPA uses TKIP or AES; WPA2 uses AES.)
Note
Unfortunately, most 802.11b wireless network hardware supports only WEP encryption.
The lack of support for more powerful encryption standards is a good reason to retire your
802.11b hardware in favor of 802.11g or 802.11n hardware, all of which support WPA or
WPA2 encryption.
