Learn how to a build a cloud-first strategyRegister Now


Wireless: Is WPA necessary if SSID broadcast is disabled and router log-on changed?

Posted on 2004-11-28
Medium Priority
Last Modified: 2007-02-13
If SSID broadcast is diabled and SSID and router log-on are changed from the factory defaults, is WPA necessary for home wireless network security?
Question by:whousto
LVL 49

Expert Comment

ID: 12691489
Some of the suggestions for wireless security are

a) Disable SSID broadcast
b) Enable Encryption WEP
c) Enable MAC address filtering ( http://compnetworking.about.com/cs/wirelessproducts/qt/macaddress.htm)
d) Upgrade the firmware of your router

Keep in mind to check the log of your router every so often. Some unusual activity of someone using your wireless network can be detected.

Read articles : http://www.drizzle.com/~aboba/IEEE/



Author Comment

ID: 12692082

Thanks for the list and the links.  However, hasn't WPA replaced WEP?

I know that enabling WPA is the best option, but if you have SSID broadcast disabled, and you've changed the factory router logon and password, why should a home network need to enable encryption or MAC address filtering?

Bill H.

LVL 49

Expert Comment

ID: 12692099

Those for extra protection for your wireless network. that is all

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.


Assisted Solution

syn_ack_fin earned 200 total points
ID: 12692840
To answer your questions:
1) Yes, you should enable WPA even if you disable SSID broadcast and router logon. The SSID is only used for association with a specific access point and not broadcasting it would not prevent someone from sniffing the SSID off the air from another connection. SSID is not a security measure. In addition, WPA encrypts all data traveling the air preventing disclosure of information.

2) WPA is replacing WEP. It can utilize two encryption schemes, TKIP or AES, both which are much more secure than WEP.

---Good Luck

Author Comment

ID: 12696021
Thanks syn,

In the neighborhood full of geriatrics I live in I don't need to worry too much about war drivers in Cadillacs and Crown Victorias, so I may not bother with encryption until I move.

However, your reply leads to a request for some additional explanation.  How do wireless snoopers go about "sniffing the SSID off the air"?

Bill H.
LVL 79

Expert Comment

ID: 12696460
Easy enough. Take a look at the tools
Add Ethereal to that, and you have a wireless sniffer

More tools

Accepted Solution

Focusyn earned 500 total points
ID: 12698165
The broadcast SSID setting only prevents your Access Point from sending beacon packets advertising its existence.  Short answer to your question is this:

802.11a/b/g packets have unencrypted headers.  Regardless of whether or not your access point is broadcasting beacon packets with the SSID, all data to and from clients contain the SSID in the header, so a wardriver need only wait for a client to send or request a packet and the SSID is sent, unencrypted, over the air.  Use the WPA feature at all times, and change all default settings to something custom.

Expert Comment

ID: 12707570
Does WPA have as much 'overhead' as WEP appeared to have? Everything seemed slower with WEP enabled...


Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question