In an attempt to enhance the wireless security environment, especially in light of problems with Wireless Encryption Protection, SSID Cloaking and MAC Address Filtering were quickly implemented.
The Service Set Identifier (SSID) Cloaking feature is a very simple configuration change to the Access Points. Typically, a checkbox in the administration software allows the device to broadcast the SSID or not broadcast the SSID. The idea is that a casual observer of the wireless networks in range does not see the SSID, they will have no idea it exists, and not attempt to associate with any of its Access Points. As you can probably detect already, this is a vey weak security configuration, in fact, some would argue it is no security at all. Again, just protecting the network from a casual observer. You should also notice the overhead it adds to administration. Each legitimate client must be provided the SSID for input into the client system that needs to connect.
The main problem with SSID Cloaking as a security mechanism was how easily it could be foiled by a hacker. The 802.11 standard allows a wireless client to send a NULL string as a SSID to the Access Point. When the Access Point receives the NULL string, it responds with the SSID configured for cloaking (oops!).
MAC Address Filtering was another approach to wireless security in the first generation. The idea here is that you collect the MAC addresses of the systems that you want to legitimately access the network. You then have the Access Points limit activity to only those addresses. Once again, we immediately see a glaring administrative overhead problem when it comes to maintaining tables of legitimate MAC addresses. The main problem with this approach, however, lies in the fact that a MAC address is very, very easily spoofed (falsified). Therefore, once legitimate devices have their MAC addresses compromised, hackers can easily join the network using a spoofed address.
Leave a Reply