2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet444/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   440   441   442   443   444   445   446   447   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Securing the SSID
Wireless networks are assigned a service set identifier (SSID) (either BSSID or ESSID) to 
differentiate one wireless network from another. If multiple base stations or wireless access 
points are involved in the same wireless network, an extended station set identifier (ESSID) 
is defined. The SSID is similar to the name of a workgroup. If a wireless client knows the 
SSID, they can configure their wireless NIC to communicate with the associated WAP. 
Knowledge of the SSID does not always grant entry, though, because the WAP can use 
numerous security features to block unwanted access. SSIDs are defined by default by ven-
dors, and since these default SSIDs are well known, standard security practice dictates that 
the SSID should be changed to something unique before deployment.
The SSID is broadcast by the WAP via a special transmission called a 
beacon frame

This allows any wireless NIC within range to see the wireless network and make connect-
ing as simple as possible. However, this default broadcasting of the SSID should be disabled 
to keep the wireless network secret. Even so, attackers can still discover the SSID with a 
wireless sniffer since the SSID must still be used in transmissions between wireless clients 
and the WAP. Thus, disabling SSID broadcasting is not a true mechanism of security. 
Instead, use WPA2 as a reliable authentication and encryption solution rather than trying 
to hide the existence of the wireless network.

476
Chapter 11 

Secure Network Architecture and Securing Network Components
disable SSId broadcast
Wireless networks traditionally announce their SSID on a regular basis within a special 
packet known as the beacon frame. When the SSID is broadcast, any device with an auto-
matic detect and connect feature not only is able to see the network but can also initiate a 
connection with the network. Network administrators may choose to disable SSID broad-
cast to hide their network from unauthorized personnel. However, the SSID is still needed 
to direct packets to and from the base station, so it is still a discoverable value to anyone 
with a wireless packet sniffer. Thus, the SSID should be disabled if the network is not for 
public use, but realize that hiding the SSID is not true security because any hacker with 
basic wireless knowledge can easily discover the SSID.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   440   441   442   443   444   445   446   447   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish