New wireless security question

I've been advised that it is a good idea to disable SSID broadcast (I have a
desktop in the basement and a new wireless laptop upstairs. Linksys
Broadband router connected in basement). I've also read that this is a good
idea. Yet Linksys doesn't seem to particularly agree.

See transcript of my chat with them below, and please comment:


Hi, my name is Aileen (10918). How may I help you?
Melvin: Hi. I'm a novice. I recently installed your product to my
desktop so that I can access wireless via my new notebook. OK so far?
Aileen (10918): How can I help you?
Melvin: It's working fine, but I've been given some advice regarding
additional security.

do you recommend that I shut off SSID Broadcast and if so how do I do
this and would it hurt performance?
Aileen (10918): If you're going to set a security there's no need to
disable the ssid broadcast since it is already secured.
Melvin: Not sure I understand. I did change my set-up name and I've
filtered the MAC address of my notebook
Aileen (10918): Ok.
Melvin: I've read documents that advises disabling SSID broadcast. You
say not needed?
Aileen (10918): Not needed of you have a wireless security.
Melvin: What is a wireless security???
Melvin: Do you mean the 10-digit code I used to start the session the
first time?
Aileen (10918): Wireless security is the password for wireless
connection but since you enable the wireless mac address on the computer,
Melvin: can you finish the sentence
Aileen (10918): Sorry.
Melvin: Are you there?
Aileen (10918): Yes.
Melvin: Can you finish the sentence above. I'm not sure what you are
saying'
Aileen (10918): It only means that the wireless connection is already
secured.
Aileen (10918): Because of the wireless mac filtering you enable on
the router.
Melvin: OK, so I can forget about disabling SSID broadcast
Aileen (10918): Yes.
Aileen (10918): For as long as you have wireless security even if your
neighbor can see it and try to connect to it, they cannot connect to it
because it is secured.
Melvin: Yes, but how is it secured-- is it that 10-digit password I
started with?
Melvin: And I assume the MAC filtering
Aileen (10918): Yes. If WEP is enabled with 10 hexa keys or password.
Aileen (10918): And secured becuse only the mac address of your
wireless computer can access your internet connection and all those mac
address you entered under mac filtering.
Melvin: OK-- thank you
http://kb.linksys.com. Is there anything else I can help you with?
Aileen (10918): Thank you for giving us an opportunity to serve you
through Live Chat Support. For your records, a transcript of this chat
session will be e-mailed to you. Feel free to contact us if you require
further assistance. Thank you for choosing Linksys and have a great day!
Melvin: disconnected
Aileen (10918): disconnected






--------------------------------------------------------------------------------


No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database

MZB wrote:
I've been advised that it is a good idea to disable SSID broadcast (I have a
desktop in the basement and a new wireless laptop upstairs. Linksys
Broadband router connected in basement). I've also read that this is a good
idea. Yet Linksys doesn't seem to particularly agree.

See transcript of my chat with them below, and please comment:


Hi, my name is Aileen (10918). How may I help you?
Melvin: Hi. I'm a novice. I recently installed your product to my
desktop so that I can access wireless via my new notebook. OK so far?
Aileen (10918): How can I help you?
Melvin: It's working fine, but I've been given some advice regarding
additional security.

do you recommend that I shut off SSID Broadcast and if so how do I do
this and would it hurt performance?
Aileen (10918): If you're going to set a security there's no need to
disable the ssid broadcast since it is already secured.
Melvin: Not sure I understand. I did change my set-up name and I've
filtered the MAC address of my notebook
Aileen (10918): Ok.
Melvin: I've read documents that advises disabling SSID broadcast. You
say not needed?
Aileen (10918): Not needed of you have a wireless security.
Melvin: What is a wireless security???
Melvin: Do you mean the 10-digit code I used to start the session the
first time?
Aileen (10918): Wireless security is the password for wireless
connection but since you enable the wireless mac address on the computer,
Melvin: can you finish the sentence
Aileen (10918): Sorry.
Melvin: Are you there?
Aileen (10918): Yes.
Melvin: Can you finish the sentence above. I'm not sure what you are
saying'
Aileen (10918): It only means that the wireless connection is already
secured.
Aileen (10918): Because of the wireless mac filtering you enable on
the router.
Melvin: OK, so I can forget about disabling SSID broadcast
Aileen (10918): Yes.
Aileen (10918): For as long as you have wireless security even if your
neighbor can see it and try to connect to it, they cannot connect to it
because it is secured.
Melvin: Yes, but how is it secured-- is it that 10-digit password I
started with?
Melvin: And I assume the MAC filtering
Aileen (10918): Yes. If WEP is enabled with 10 hexa keys or password.
Aileen (10918): And secured becuse only the mac address of your
wireless computer can access your internet connection and all those mac
address you entered under mac filtering.
Melvin: OK-- thank you
http://kb.linksys.com. Is there anything else I can help you with?
Aileen (10918): Thank you for giving us an opportunity to serve you
through Live Chat Support. For your records, a transcript of this chat
session will be e-mailed to you. Feel free to contact us if you require
further assistance. Thank you for choosing Linksys and have a great day!
Melvin: disconnected
Aileen (10918): disconnected






--------------------------------------------------------------------------------


No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database


As far as wireless security goes, there are usually 3 things that most
people do. Although none are required, the more of these that you use
the better off you will be.

1. set up some type of encryption. Either WEP, WPA, WPA2, etc.
2. set up mac address filtering
3. disable your SSID broadcast.

As long as you have done #1 and #2, you are pretty darn secure. They
would have to come up with your WEP, WPA or WPA2 key in order to get
in....as well as spoof a MAC address that you allow.

Disabling the SSID only makes it more difficult to get in. This really
is an optional thing.....and you are still secure without it. You just
add an extra level by disabling the SSID.

So, whichever you choose will be fine. Personally, I have disabled my
SSID as I don't see any reason to broadcast it. I changed it from
default and I know what it is, so I am set.

In article ,
says...

I've been advised that it is a good idea to disable SSID broadcast (I have a
desktop in the basement and a new wireless laptop upstairs. Linksys
Broadband router connected in basement). I've also read that this is a good
idea. Yet Linksys doesn't seem to particularly agree.

snippety

Disabling SSID will only have the effect of cloaking the access
point's assigned name. It'll probably deter a casual WiFi mooch, looking
for a free/open access point, but if a skilled cracker is determined to
break in the lack of SSID won't even make them flinch. It can be sniffed
easily enough, using any number of free tools.

Now, on the subject of MAC filtering: That's actually a pretty
effective security measure. It can be circumvented, but doing so takes a
fair degree of networking knowledge, and a wireless adapter that can be
set to 'spoof' a specific MAC address.

On encryption: Don't use WEP. If your access point supports WPA,
with a pre-shared key (PSK), use it, and pick a complex key with a mix
of letters, numbers, and special characters that's at least 22
characters long. This should have the effect of making your access point
proof against all but the most determined crackers (and they've probably
got better targets to expend their energy against).

If you have no choice other than WEP, use the biggest key length
your equipment allows, and a randomly-generated key.

Ideally, if you're truly paranoid, you should:

(1) Turn off your SSID, and set it to something that's hard to
guess.

(2) Use MAC filtering and WPA-PSK modes in combination.

Happy tweaking.


--
Dr. Anton T. Squeegee, Director, Dutch Surrealist Plumbing Institute.
(Known to some as Bruce Lane, ARS KC7GR,
kyrrin (a/t) bluefeathertech[d=o=t]calm -- www.bluefeathertech.com
"If Salvador Dali had owned a computer, would it have been equipped
with surreal ports?"

what the hell, I did disable SSID.

Mel

"Patrick L. Parks" wrote in message
...
MZB wrote:
I've been advised that it is a good idea to disable SSID broadcast (I
have a desktop in the basement and a new wireless laptop upstairs.
Linksys Broadband router connected in basement). I've also read that this
is a good idea. Yet Linksys doesn't seem to particularly agree.

See transcript of my chat with them below, and please comment:


Hi, my name is Aileen (10918). How may I help you?
Melvin: Hi. I'm a novice. I recently installed your product to my
desktop so that I can access wireless via my new notebook. OK so far?
Aileen (10918): How can I help you?
Melvin: It's working fine, but I've been given some advice
regarding additional security.

do you recommend that I shut off SSID Broadcast and if so how do I
do this and would it hurt performance?
Aileen (10918): If you're going to set a security there's no need
to disable the ssid broadcast since it is already secured.
Melvin: Not sure I understand. I did change my set-up name and I've
filtered the MAC address of my notebook
Aileen (10918): Ok.
Melvin: I've read documents that advises disabling SSID broadcast.
You say not needed?
Aileen (10918): Not needed of you have a wireless security.
Melvin: What is a wireless security???
Melvin: Do you mean the 10-digit code I used to start the session
the first time?
Aileen (10918): Wireless security is the password for wireless
connection but since you enable the wireless mac address on the computer,
Melvin: can you finish the sentence
Aileen (10918): Sorry.
Melvin: Are you there?
Aileen (10918): Yes.
Melvin: Can you finish the sentence above. I'm not sure what you
are saying'
Aileen (10918): It only means that the wireless connection is
already secured.
Aileen (10918): Because of the wireless mac filtering you enable on
the router.
Melvin: OK, so I can forget about disabling SSID broadcast
Aileen (10918): Yes.
Aileen (10918): For as long as you have wireless security even if
your neighbor can see it and try to connect to it, they cannot connect to
it because it is secured.
Melvin: Yes, but how is it secured-- is it that 10-digit password I
started with?
Melvin: And I assume the MAC filtering
Aileen (10918): Yes. If WEP is enabled with 10 hexa keys or
password.
Aileen (10918): And secured becuse only the mac address of your
wireless computer can access your internet connection and all those mac
address you entered under mac filtering.
Melvin: OK-- thank you
http://kb.linksys.com. Is there anything else I can help you with?
Aileen (10918): Thank you for giving us an opportunity to serve you
through Live Chat Support. For your records, a transcript of this chat
session will be e-mailed to you. Feel free to contact us if you require
further assistance. Thank you for choosing Linksys and have a great day!
Melvin: disconnected
Aileen (10918): disconnected






--------------------------------------------------------------------------------


No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database
As far as wireless security goes, there are usually 3 things that most
people do. Although none are required, the more of these that you use the
better off you will be.

1. set up some type of encryption. Either WEP, WPA, WPA2, etc.
2. set up mac address filtering
3. disable your SSID broadcast.

As long as you have done #1 and #2, you are pretty darn secure. They
would have to come up with your WEP, WPA or WPA2 key in order to get
in....as well as spoof a MAC address that you allow.

Disabling the SSID only makes it more difficult to get in. This really is
an optional thing.....and you are still secure without it. You just add
an extra level by disabling the SSID.

So, whichever you choose will be fine. Personally, I have disabled my
SSID as I don't see any reason to broadcast it. I changed it from default
and I know what it is, so I am set.

"MZB" wrote in message
...
| I've been advised that it is a good idea to disable SSID broadcast (I have
a
| desktop in the basement and a new wireless laptop upstairs. Linksys
| Broadband router connected in basement). I've also read that this is a
good
| idea. Yet Linksys doesn't seem to particularly agree.
|

MAC address filtering and "SSID Hiding" do little for wireless security.

Nefarious types can determine the presence of your network without even
turning on a computer.

Once discovered, a sniffer (airsnort or the like) can determine your MAC
address in about 2 seconds, spoof you cards MAC and pretend to be you.

Turning off SSID broadcast at your access point does no more for wireless
security than taking your name off the door does to prevent burglary. There
are still several other mechanisms broadcasting your SSID clearly visible to
readily available tools.

The "prevents casual users" argument is, in my opinion, not a valid
argument. It's not casual users you need to worry about but "the other"
kind. A casual user might discover my network and see if he/she can log
in or whatever. A thief will stick around long enough to determine if there
is anything there they can steal.

The best (though not foolproof) available method to reasonably secure a
wireless home network is through the use of WPA-PSK encryption.

If you are sending truly sensitive data (government, corporate inside
information etc..) don't use home wireless. It's better than it used to be
but it's still not secure.

--
Doug

I'm not an MVP a VIP nor do I have ESP.
I was just trying to help.
Please use your own best judgment before implementing any suggestions or
advice herein.
No warranty is expressed or implied.
Your mileage may vary.
See store for details.

Remove shoes to E-mail.

Thanks for all your comments. I really am not too paranoid about all of
this, but I want to be sensible.

My needs are rather simple!

Mel
"HillBillyBuddhist" wrote in message
. ..
"MZB" wrote in message
...
| I've been advised that it is a good idea to disable SSID broadcast (I
have
a
| desktop in the basement and a new wireless laptop upstairs. Linksys
| Broadband router connected in basement). I've also read that this is a
good
| idea. Yet Linksys doesn't seem to particularly agree.
|

MAC address filtering and "SSID Hiding" do little for wireless security.

Nefarious types can determine the presence of your network without even
turning on a computer.

Once discovered, a sniffer (airsnort or the like) can determine your MAC
address in about 2 seconds, spoof you cards MAC and pretend to be you.

Turning off SSID broadcast at your access point does no more for wireless
security than taking your name off the door does to prevent burglary.
There
are still several other mechanisms broadcasting your SSID clearly visible
to
readily available tools.

The "prevents casual users" argument is, in my opinion, not a valid
argument. It's not casual users you need to worry about but "the other"
kind. A casual user might discover my network and see if he/she can log
in or whatever. A thief will stick around long enough to determine if
there
is anything there they can steal.

The best (though not foolproof) available method to reasonably secure a
wireless home network is through the use of WPA-PSK encryption.

If you are sending truly sensitive data (government, corporate inside
information etc..) don't use home wireless. It's better than it used to be
but it's still not secure.

--
Doug

I'm not an MVP a VIP nor do I have ESP.
I was just trying to help.
Please use your own best judgment before implementing any suggestions or
advice herein.
No warranty is expressed or implied.
Your mileage may vary.
See store for details.

Remove shoes to E-mail.

IMHO, disabling the SSID broadcast will slow down a hacker but the best
thing to do is use WPA because WEP is easily compromised. WPA with other
authentication methods makes it very difficult for someone to hack your
system (but not impossible). MAC addresses can be spoofed, also.
Discussion of all the security methods would take too long to explain. For
most people, WPA-PSK and MAC filtering is enough. Enterprise networks
require additional measures.

On Sun, 18 Sep 2005 22:53:52 -0400, MZB wrote:

I've been advised that it is a good idea to disable SSID broadcast (I
have a desktop in the basement and a new wireless laptop upstairs.
Linksys Broadband router connected in basement). I've also read that
this is a good idea. Yet Linksys doesn't seem to particularly agree.

See transcript of my chat with them below, and please comment:


Hi, my name is Aileen (10918). How may I help you? Melvin: Hi. I'm
a novice. I recently installed your product to my
desktop so that I can access wireless via my new notebook. OK so far?
Aileen (10918): How can I help you?
Melvin: It's working fine, but I've been given some advice
regarding
additional security.

do you recommend that I shut off SSID Broadcast and if so how do
I do
this and would it hurt performance?
Aileen (10918): If you're going to set a security there's no need
to
disable the ssid broadcast since it is already secured.
Melvin: Not sure I understand. I did change my set-up name and
I've
filtered the MAC address of my notebook
Aileen (10918): Ok.
Melvin: I've read documents that advises disabling SSID broadcast.
You
say not needed?
Aileen (10918): Not needed of you have a wireless security.
Melvin: What is a wireless security??? Melvin: Do you mean the
10-digit code I used to start the session the
first time?
Aileen (10918): Wireless security is the password for wireless
connection but since you enable the wireless mac address on the
computer,
Melvin: can you finish the sentence
Aileen (10918): Sorry.
Melvin: Are you there?
Aileen (10918): Yes.
Melvin: Can you finish the sentence above. I'm not sure what you
are
saying'
Aileen (10918): It only means that the wireless connection is
already
secured.
Aileen (10918): Because of the wireless mac filtering you enable
on
the router.
Melvin: OK, so I can forget about disabling SSID broadcast Aileen
(10918): Yes.
Aileen (10918): For as long as you have wireless security even if
your
neighbor can see it and try to connect to it, they cannot connect to it
because it is secured.
Melvin: Yes, but how is it secured-- is it that 10-digit password
I
started with?
Melvin: And I assume the MAC filtering Aileen (10918): Yes. If WEP
is enabled with 10 hexa keys or password. Aileen (10918): And
secured becuse only the mac address of your
wireless computer can access your internet connection and all those mac
address you entered under mac filtering.
Melvin: OK-- thank you
http://kb.linksys.com. Is there anything else I can help you with?
Aileen (10918): Thank you for giving us an opportunity to serve
you
through Live Chat Support. For your records, a transcript of this chat
session will be e-mailed to you. Feel free to contact us if you require
further assistance. Thank you for choosing Linksys and have a great day!
Melvin: disconnected
Aileen (10918): disconnected






--------------------------------------------------------------------------------


No virus found in this incoming message. Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database