If that weren’t bad enough, many “so called” security experts propagated these myths through speaking engagements and publications and many continue to this day. Many wireless LAN equipment makers continue to recommend many of these schemes to this day. One would think that the fact that none of these schemes made it in to the official IEEE 802.11i security standard would give a clue to their effectiveness, but time and time again that theory is proven wrong. To help you avoid the these schemes, the writer has created the following list of the six dumbest ways to secure your wireless LAN.
MAC filtering: This is like handing a security guard a pad of paper with a list of names. Then when someone comes up to the door and wants entry, the security guard looks at the person’s name tag and compares it to his list of names and determines whether to open the door or not. All someone needs to do is watch an authorized person go in and forge a name tag with that person’s name. The comparison to a wireless LAN here is that the name tag is the MAC address. The MAC address is just a 12 digit long HEX number that can be viewed in clear text with a sniffer. A sniffer to a hacker is like a hammer to a carpenter except the sniffer is free. Once the MAC address is seen in the clear, it takes about 10 seconds to cut-paste a legitimate MAC address in to the wireless Ethernet adapter settings and the whole scheme is defeated. MAC filtering is absolutely worthless since it is one of the easiest schemes to attack. The shocking thing is that so many large organizations still waste the time to implement these things. The bottom line is, MAC filtering takes the most effort to manage with zero ROI (return on investment) in terms of security gain.
SSID hiding: There is no such thing as “SSID hiding”. You’re only hiding SSID beckoning on the Access Point. There are 4 other mechanisms that also broadcast the SSID over the 2.4 or 5 GHz spectrum. The 4 mechanisms are; probe requests, probe responses, association requests, and re-association requests. Essentially, you re talking about hiding 1 of 5 SSID broadcast mechanisms. Nothing is hidden and all you ve achieved is cause problems for Wi-Fi roaming when a client jumps from AP to AP. Hidden SSIDs also makes wireless LANs less user friendly. You don t need to take my word for it. Just ask Robert Moskowitz who is the Senior Technical Director of ICSA Labs in his white paper Debunking the myth of SSID hiding.
LEAP authentication: The use of Cisco LEAP authentication continues to be the single biggest mistake that corporations make with their wireless LAN because they leave themselves wide open to attack. Cisco still tells their customers that LEAP is fine so long as strong passwords are used. The problem is that strong passwords are an impossibility for humans to deal with. If you doubt this, try a password audit of all the users in your organization and see how long it takes to crack 99% of all passwords. 99% of organizations will flunk any password audit for most of their users within hours. Since Joshua Wright released a tool that can crack LEAP with lighting speed, Cisco was forced to come out with a better alternative to LEAP and they came up with an upgrade to LEAP called EAP-FAST.
Disable DHCP: This is much more of waste of time than it is a security break. It would take a hacker about 10 seconds to figure out the IP scheme of any network and simply assign their own IP address.
Antenna placement: I’ve heard the craziest thing from so called security experts that actually tell people to only put their Access Points in the center of their building and put them at minimal power.
Just use 802.11a or Bluetooth: Fortunately, I haven’t heard this one for a while.
In light of recent developments within the last 6 months, it takes only a few minutes to break a WEP based network which makes WEP completely ineffective and a good potential future candidate for the wireless LAN security hall of shame. Where it currently fails to be in the hall of shame is that it still holds up for a few minutes, requires a little skill to launch the packet injection attacks, and isn’t propagated as an urban legend for a secure wireless LAN.
This blog wasn’t just meant to be funny, it’s serious business that so many organizations waste their time and money on worthless security schemes that give them a dangerous false sense of security.
http://blogs.zdnet.com/Ou/index.php?p=43