Well, sure it fails to value it - it is completely against it. As are many of us who have dealt with issues related to this over the years. We arent just following the band wagon here... many of us are in the band, and find no value in it.
The Art of War, etc, comparisons dont fly in my book. When someone is snooping Wi-Fi, they are still going to see your traffic regardless if it doesnt have an SSID. I have an app on my iPhone that will show this. If I am looking to break in to your network, I'm still going to hack your packets - SSID or not. SSID's just make it easier for the end-user to identify which network they might want to join. The SSID hiding isnt going to add any value to the security of your network. Its only going to make it combersome for your users to use it. Obscurity of such information only elevates your level of *perceived* security. You are not more secure by hiding something. Obscurity does not elevate your level of security in any way shape or form. I'd further suggest that promoting obscurity as an increase in security is a disservice to any client or customer. They days of security by obscurity are passed. You should never have any faith in obscurity as a level of security. Microsoft was a laughing stock with obscurity in the 90's. Many company's have been caught with their pants down in recent years over security failures that involved obscurity. Security is an aspect of protection. Obscurity offers no protection whatsoever. Its not tangible. Its not manageable. Its not real. My opinion. YMMV. -- ME2 On Thu, Feb 19, 2009 at 4:04 PM, Jonathan Link <[email protected]> wrote: > I really hate this trite expression. It's filled with condecension and a my > way is the only right way point of view. It fails to value the role of > obscurity in security. > > If obscurity had no value, honeypots would be useless. > > If obscurity had no value, Sun-Tzu wouldn't have said " if you are formless, > the most penetrating spies will not be able to discern you, or the wisest > counsels will not be able to do calculations against you." > > Obcurity is part of security, security is a process, and just like any > process, a missing piece is a missing piece and leave you more vulnerable. > Arguments for security should not begin with security through obscurity is > false security, but should begin with security through obscurity is not > enough security. > > > On Thu, Feb 19, 2009 at 3:54 PM, Sean Rector <[email protected]> > wrote: >> >> He's right on the money. Security through obscurity is a false security. >> >> >> >> Sean Rector, MCSE >> >> >> >> From: Carl Houseman [mailto:[email protected]] >> Sent: Thursday, February 19, 2009 3:47 PM >> >> To: NT System Admin Issues >> Subject: RE: SECURING WIFI ROUTER >> >> >> >> No no no. Those recommendations should be dismissed, they are so >> "yesterday's idea of security". For anyone who really wants to get in, >> working around MAC filtering and non-broadcast SID's is a piece of cake. >> Secure the router or access point with WPA2 and a strong PSK if you can't do >> 802.1x authentication. When properly secured, it doesn't matter if you're >> visible or whether your MAC is allowed or not. >> >> >> >> Further reading: >> >> http://blogs.zdnet.com/Ou/index.php?p=43 >> >> http://blogs.zdnet.com/Ou/?p=454 >> >> http://www.icsalabs.com/icsa/docs/html/communities/WLAN/wp_ssid_hiding.pdf >> >> >> >> Carl >> >> >> >> From: Lee Douglas [mailto:[email protected]] >> Sent: Thursday, February 19, 2009 3:14 PM >> To: NT System Admin Issues >> Subject: Re: SECURING WIFI ROUTER >> >> >> >> In terms of securing, I've seen recommendations to NOT have the router >> broadcast its SID as well as using MAC filtering. I'm sure all can likely be >> circumvented, but they just add extra layers and make your neighbors that >> much more attractive.. >> >> On Thu, Feb 19, 2009 at 3:02 PM, Webb, Brian (Corp) >> <[email protected]> wrote: >> >> I've seen the same message as well with an HP laptop going to a D-Link >> WIFI using WPA. The message seems to indicate that you are connected to >> unsecured network, but I've always been connected to my secured network when >> I've checked. >> >> -Brian >> >> -----Original Message----- >> From: Andy Ognenoff [mailto:[email protected]] >> Sent: Thursday, February 19, 2009 1:57 PM >> To: NT System Admin Issues >> Subject: RE: SECURING WIFI ROUTER >> >> I've seen that happen too, with the plain old Windows wireless client. >> WPA2 in my instance, as well. I never did figure out what the problem was >> but I stopped using WIFI a year ago and just wired my house with CAT5e. At >> the time it was a Linksys WRT54GL with DD-WRT and an Intel integrated wlan >> card in a ThinkPad T60. >> >> - Andy O. >> ________________________________________ >> >> From: Sam Cayze [mailto:[email protected]] >> Sent: Thursday, February 19, 2009 1:40 PM >> To: NT System Admin Issues >> Subject: RE: SECURING WIFI ROUTER >> >> Mmm... this doesn't sound like a popup that I am familiar with Windows >> being capable of generating. It won't even pop up that message with a Wide >> Open wireless connection (No password needed). >> >> Could it be the security center letting you know that the firewall is off, >> windows update is off, or that virus defs are old? >> >> If not that, I suspect it's your AV telling you something, or spyware. >> >> ________________________________________ >> From: Murray Freeman [mailto:[email protected]] >> Sent: Thursday, February 19, 2009 1:33 PM >> To: NT System Admin Issues >> Subject: SECURING WIFI ROUTER >> I hope this is on topic. I have a Dell 700m laptop and a Netgear rangemax >> mimo "G" router. I'm using WPA2, but from time to time, a baloon pops up >> from the icon in the systray stating that my connection is unsecure. If I >> right click and select "view wireless networks" it indicates that my network >> is in fact secured with WPA2. Any ideas why I get the baloon, and is there >> another way to insure that I am WPA2 secured in fact? I've noticed this for >> months now. >> >> Murray >> >> >> >> >> >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> >> >> >> >> >> >> >> >> >> >> >> Information Technology Manager >> Virginia Opera Association >> >> E-Mail: [email protected] >> Phone: (757) 213-4548 (direct line) >> {+} >> >> > 2008-2009 Season: Tosca | The Barber of Seville >> > Recently Announced: Virginia Opera's 35th Anniversary Season 2009-2010 >> Visit us online at www.vaopera.org or call 1-866-OPERA-VA >> ________________________________ >> This e-mail and any attached files are confidential and intended solely >> for the intended recipient(s). Unless otherwise specified, persons unnamed >> as recipients may not read, distribute, copy or alter this e-mail. Any views >> or opinions expressed in this e-mail belong to the author and may not >> necessarily represent those of Virginia Opera. Although precautions have >> been taken to ensure no viruses are present, Virginia Opera cannot accept >> responsibility for any loss or damage that may arise from the use of this >> e-mail or attachments. >> >> {*} >> >> >> >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
