Tweet
When a wireless network has been established, the next step is to get clients connected to it in order to access the resources the network provides. This is done using the Service Set Identifier (SSID) which is both used as the name of the wireless connection and as a salt combined with an IV to generate a nonce for use with WEP. Even though this feature may be disabled the AP will usually broadcast an SSID, which will be used by the clients to identify and attach to the network. The SSID is typically viewed as the text string that the end users see when they are searching for wireless networks in the vicinity. The SSID can be made up of most combinations of characters, but it has a maximum length of 32 bytes.
It is possible to disable the feature that makes the access point broadcast the SSID it is responsible for but this will not increase security more than a fraction. Doing this, makes the SSID hidden or cloaked. It is no big deal, even for a script-kiddie, to find it and a hidden SSID is sometimes referred to as a Shared Secret. However, changing the SSID from the default to something else is important because a SSID may reveal the vendor of the product, such as Linksys or DLink,. This is important because an attacker can use this information to find the default or build-in username and if the default password has not been changed, the attacker may also be able to guess the password. Needless to say, the default password should always be changed to a well constructed password. If the default SSID has been left to the default value an attacker may investigate if other more critical settings has also been left in place.
The SSID comes in two flavors, the Basic Service Set Identifier (BSSID) which is usually just the MAC address of the AP, and the Extended Service Set Identifier (ESSID) which is just the network name. In an ad-hoc network with no access points, the BSSID is used. In an Infrastructure Network that includes an access point, the ESSID is used, but may still be referred to as the SSID.
When a client is authenticating to an access point, two processes are widely available. One is called open system authentication and is used when an access point is made available to a wide range of clients. This type of authentication occurs when an authentication frame is sent from a client to an access point, the access point verifies the SSID and if the SSID is correct a verification frame is sent back to the client, allowing the connection to be established. The other way of authenticating is known as shared key authentication. In this process, each client receives the pre-shared key in advance.
The authentication uses below steps
It is possible to disable the feature that makes the access point broadcast the SSID it is responsible for but this will not increase security more than a fraction. Doing this, makes the SSID hidden or cloaked. It is no big deal, even for a script-kiddie, to find it and a hidden SSID is sometimes referred to as a Shared Secret. However, changing the SSID from the default to something else is important because a SSID may reveal the vendor of the product, such as Linksys or DLink,. This is important because an attacker can use this information to find the default or build-in username and if the default password has not been changed, the attacker may also be able to guess the password. Needless to say, the default password should always be changed to a well constructed password. If the default SSID has been left to the default value an attacker may investigate if other more critical settings has also been left in place.
The SSID comes in two flavors, the Basic Service Set Identifier (BSSID) which is usually just the MAC address of the AP, and the Extended Service Set Identifier (ESSID) which is just the network name. In an ad-hoc network with no access points, the BSSID is used. In an Infrastructure Network that includes an access point, the ESSID is used, but may still be referred to as the SSID.
When a client is authenticating to an access point, two processes are widely available. One is called open system authentication and is used when an access point is made available to a wide range of clients. This type of authentication occurs when an authentication frame is sent from a client to an access point, the access point verifies the SSID and if the SSID is correct a verification frame is sent back to the client, allowing the connection to be established. The other way of authenticating is known as shared key authentication. In this process, each client receives the pre-shared key in advance.
The authentication uses below steps
- The client sends an authentication request to the access point
- The access point returns a challenge to the client
- The client encrypts the challenge using the shared key
- The access point uses the shared key to decrypt the challenge.
- If the challenge the access point sent to the client matches the decrypted challenge the client sent, the client is validated and granted access.