On Tuesday 17 May 2011 18:11:03 James McKenzie wrote:
On Tue, May 17, 2011 at 9:36 AM, Frank Murphy
<frankly3d(a)gmail.com> wrote:
> On 17/05/11 14:30, Misha Shnurapet wrote:
>> Which WLAN protection method would you recommend?
>> * Shared key
>> * WPA-Personal
>> * WPA2-Personal
>
> Also if it's your home wLan, hide it, don't broadcast the ssid.
> So those in your neighbourhood won't even know you have a wireless.
Yes, they will. However, not broadcasting the SSID is a good step,
but not necessarily all you should do. When a client connects to the
network, it inquiries if the network is available. A patient
wardriver will pick this up. However, they will not be able to get
easily and will move on in most cases if they see WPA2.
The next step is MAC restricting and a lot more. However, just
employing security and hidden SSID is a great start. Most people do
not do this.
Hiding the SSID will stop only a casual bystander getting on to your network
by accident. Those who actually want to crack into a wireless network would
use some tool like airodump-ng (yum install aircrack-ng) to list any and all
wireless networks within reach, hidden or otherwise, and then pick which one
to crack.
In other words, hiding SSID can be compared to a person putting an "I am
invisible" sticker on their forehead, and hoping that others would read it and
ignore him.
Hiding SSID is a matter of convenience, not security. Things like removing the
clutter from user's list of available networks, avoiding accidental
connections by mobile devices, etc.
For security you need to implement some WPA-related stuff and a strong firewall,
possibly with MAC-filtering etc. And for sure don't even try to use WEP
"security". It's commonly compared to a paper wall, and I've seen it
being
cracked within 10 minutes using aircrack suite above. I even did it myself
once on my own router, just to see how difficult/easy it was. Reading relevant
man pages was the hardest part, it took me 20 minutes. Cracking the WEP
passphrase took 5 more. I can even sketch you the steps if you like. ;-)
In a nutshell, hiding SSID is a "please don't connect to my network"
security.
WEP is "the door is closed but not locked" security, while WPA is "guess my
passphrase" security. Therefore, WPA is the only one that provides the
potential cracker some reasonable headache.
HTH, :-)
Marko