When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication “open”, but sets the SSID to a 32-character string of random letters and numbers. What is an accurate assessment of this scenario from a security perspective?
Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging “security through obscurity”.
Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.
Javik’s router is still vulnerable to wireless hacking attempts, because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.
It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association
Welcome to our CRAW Security. We are glad to have you around
Email : [email protected]
1st Floor, Plot no. 4, Lane no. 2, Kehar Singh Estate
Westend Marg, Behind Saket Metro Station
New Delhi – 110030