- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I like to just start hiding my Fios router's name, so I turned to diabling the SSID in the Advanced Setting of the router. But right after doing that, my mobile devices can't connect to it anymore. I thought disabling the SSID just hides the router from other people but not from known devices. What other options do I have to prevent others from trying to get onto my network (I've already set up the router to use the 128 bit security level in Basic Setting)?
Thanks very much in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to go to each device and make sure there is a wireless profile configured for the SSID, and then save it as the default wireless connection. This may be easier if you configure each device prior do disabling the SSID.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Increasingly, devices which are mobile (laptops, iPads, etc.) will scan for available wireless networks in order to attempt a connection. If you hide the SSID, it won't pick it up during this scan and depending on how the wireless endpoint is configured, the default action may be to attempt to connect to an available network vs trying to find the hidden one (my Mac demonstrates this behavior all the time).
One solution can be to disable this "searching" behavior (turn off look for available networks, attempt to join networks, etc.) and just specify the wireless network you want the device to bind to. This can work in a home scenario with devices that don't travel outside the home (such as home entertainment equipment and desktop PC's), but is not a good solution for mobile devices which aren't always on the home network (such as when you travel to the work or the starbucks, etc.).
In reality, hiding the SSID really does little in the realm of risk reduction just as MAC address restriction does little. Any basic wi-fi hacking tool will easily find "hidden" networks and sniff out the MAC addresses in use for purposes of attempting to impersonate a client system and access a wireless network. While it certainly keeps the next door neighbor from possibly getting curious or bugging you to let them use your wireless because they are too cheap to pay for service themselves, it also actually can have a negative impact by not letting others know about your network and the frequency it is using so that they might think about selecting a different frequency for their own wifi to avid interference. The only time I use a hidden SSID is when I'm setting up a wireless bridge between buildings and want these two devices to just speak with one another.
By far, the best bet is to use a good wireless encryption algorithm (WPA2) with a long complex key that you change on a regular basis. Don't bother hiding it or even using MAC restrictions -- they just make your life harder and provide little in the way of risk reduction.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Off-topic a bit: Doesn't the wireless key get renegotiated using WPA2?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@weedeater wrote:Off-topic a bit: Doesn't the wireless key get renegotiated using WPA2?
The routers wireless key or passphrase. No. If it did a device would never be able to connect. The PTK is calculated (renegotiated if you want) when a device connects, but is rather fixed from certain info about each device. I.e. you need to protect you Passphrase or key, and consider changing it on a regular basis. Thats why for real security a PSK is not used, even though it is adequate for home use.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I meant the key used during the session. I thought it was renegotiated as the session went along. That way it becomes near impossible to decrypt the (private) key since it keeps changing. I agree the original keyphrase does not change since that is what gets the session started.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@weedeater wrote:I meant the key used during the session. I thought it was renegotiated as the session went along. That way it becomes near impossible to decrypt the (private) key since it keeps changing. I agree the original keyphrase does not change since that is what gets the session started.
That's the deal with WPA and WPA2. Your Passphrase allows the device to associate with the access point to communicate with the Wireless network. This passphrase, when presented allows basic decryption so that the access point and client device can exchange a shared group key. This shared group key is what actually is your "key" that decrypts the data.
In any half decent router, there is a Group Key rotation setting that can be specified. The ActionTecs and Westells have this option. By default most routers use 3600 second keys which are rotated/generated by the access point when the key expires seemlessly and shared with each client presenting the proper passphrase, provided the client device is still associated. You can make this interval longer or shorter based on your network needs (to reduce overhead, or to increase the amount of time your key can be cracked via broadcasting in exchange for performance. In the ActionTecs I believe you can also stop the key from being rotated for troubleshooting purposes. Not that you'd want to do it though without running, say a RADIUS server, but yeah.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSID Hiding Is Futile (So Is MAC Address Filtering)
its not a very affective security measure, wpa2 will be sufficient. I am not sure why the firmware limits ten, but you shouldn't really bother with it anyway