“Network cloaking”的意思、由来-开放百科全书

Network cloaking is an attempt to provide wireless security by hiding the network name (service set identifier) from being broadcast publicly. Many routers come with this option as a standard feature in the setup menu accessed via a web browser.

Although network cloaking may stop some inexperienced users from gaining access to your AP, for this class of users, network cloaking is less effective than using static WEP (which itself is vulnerable, see Wired Equivalent Privacy).

If the goal is to secure the wireless network, it is recommended to use WPA or preferably WPA2.^[1]. WEP, WPA, WPA2, and other encryption technologies can be used in conjunction with hiding the SSID if so desired.

Advantages

Sense of security

Hiding the network name may prevent less technically inclined people from connecting to the network, but will not deter a determined adversary. Use of WPA or WPA2 is recommended instead. Hiding the SSID removes it from beacon frames, but this is only one of several ways an SSID can be discovered.^[1] When one chooses to hide the network name from the router's setup page, that only sets the SSID in the beacon frame to null, but there remain four other ways that the SSID is transmitted. In fact, hiding broadcast of the SSID on the router may cause the Network interface controller (NIC) to constantly disclose the SSID, even when out of range.^[2]

Disadvantages

False sense of security

Although network cloaking may add a small sense of security, it is common for people not to realize just how easy it is to discover hidden networks. Because of the various ways an SSID is broadcast, network cloaking is not considered a security measure. Using encryption, preferably WPA (Wi-Fi Protected Access) or WPA2, is more secure. Even WEP (Wired Equivalent Privacy), while weak and vulnerable, provides more security than hiding the SSID. There are many programs that are able to scan for wireless networks, including hidden ones, and display their information such as IP addresses, SSIDs, and encryption types. These programs are capable of "sniffing" out any wireless networks in range by essentially eavesdropping and analyzing network traffic and packets to gather information about those specific networks.^[3]^[4] The reason these programs can sniff out the hidden networks is because when the SSID is transmitted in the various frames, it is displayed in cleartext (unencrypted format), and therefore able to be read by anyone who has found it. An eavesdropper can passively sniff the wireless traffic on that network undetected (with software like Kismet), and wait for someone to connect, revealing the SSID. Alternatively, there are faster (albeit detectable) methods where a cracker spoofs a "disassociate frame" as if it came from the wireless bridge, and sends it to one of the clients connected; the client immediately re-connects, revealing the SSID.^[5]^[6] Some examples of these sniffing programs include the following:

The downside of passive scanning is that in order to gather any information, a client already connected to that specific network needs to be generating and therefore providing network traffic to be analyzed.^[7] These programs are then able to discover the cloaked networks and their SSIDs through picking through frames of information such as:^[8]

Because of these multiple ways the network name is still being broadcast while the network is "cloaked," it is not completely hidden from persistent hackers.

Worse still, because a station must probe for a hidden SSID, a fake access point can offer a connection.^[10]

Programs that act as fake access points are freely available; e.g. airbase-ng^[11] and Karma.^[12]

References

1. ^¹{{cite web|last=Riley|first=Steve|title=Myth vs. reality: Wireless SSIDs|url=http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx|accessdate=27 January 2012}}
2. ^{{cite web|last=Davies|first=Joe|title=Non-broadcast Wireless Networks with Microsoft Windows|url=https://technet.microsoft.com/en-us/library/bb726942.aspx#EDAA|publisher=Microsoft Tech Net|accessdate=5 February 2012}}
3. ^{{cite journal|last=Ritchey|first=Ronald |author2=Brian O’Berry |author3=Steven Noel|title=Representing TCP/IP Connectivity For Topological Analysis of Network Security|year=2002|pages=3, 4|url=http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1176275|accessdate=2 February 2012}}
4. ^ {{cite web | title=Debunking the Myth of SSID Hiding | author=Robert Moskowitz | date=2003-12-01 | url=http://www.library.cornell.edu/dlit/ds/links/cit/redrover/ssid/wp_ssid_hiding.pdf | publisher=International Computer Security Association | quote = [...] the SSID is nothing more than a wireless-space group label. It cannot be successfully hidden. Attempts to hide it will not only fail, but will negatively impact WLAN performance, and may result in additional exposure of the SSID [...] | accessdate=2011-07-10 }}
5. ^ {{cite book | author=Joshua Bardwell |author2=Devin Akin | publisher=McGraw-Hill | title=CWNA Official Study Guide | page=334 | year=2005 | edition=Third | isbn=978-0-07-225538-6 }}
6. ^ {{cite web | url = http://vimeo.com/22697124 | title = WLAN Security Megaprimer Part 6: Pwning hidden SSIDs | author = Vivek Ramachandran | publisher = SecurityTube | date = 2011-04-21 | accessdate=2011-07-10 }} Video demo of active and passive SSID uncloaking.
7. ^{{cite web|last=Mateti|first=Prabhaker|title=Hacking Techniques in Wireless Networks|url=http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm#_Toc77524652|publisher=Department of Computer Science and Engineering: Wright State University|accessdate=13 February 2012}}
8. ^{{cite web|last=Ou|first=George|title=The six dumbest ways to secure a wireless LAN|url=http://www.zdnet.com/blog/ou/the-six-dumbest-ways-to-secure-a-wireless-lan/43|accessdate=28 January 2012}}
9. ^{{cite web|last=Geier|first=Jim|title=Understanding 802.11 Frame Types|url=http://www.wi-fiplanet.com/tutorials/article.php/1447501/Understanding-80211-Frame-Types.htm|accessdate=2 February 2012}}
10. ^ {{cite web | url = https://technet.microsoft.com/en-us/library/bb726942.aspx#EDAA | title = Non-broadcast Network Behavior with Windows XP and Windows Server 2003 | publisher = Microsoft Corporation | date = 2007-04-19 | quote = it is highly recommended that you do not use non-broadcast wireless networks. | accessdate=2011-07-10 }} Note: Here the term "non-broadcast" means a network that does not broadcast its SSID or broadcasts a null-SSID instead of the actual SSID.
11. ^ {{cite web | url = http://vimeo.com/22832760 | title = WLAN Security Megaprimer 10: Hacking isolated clients | author = Vivek Ramachandran | publisher = SecurityTube | date = 2011-04-25 | accessdate=2011-07-10 }} Demonstrates the use of "airbase-ng" to respond to any probe request beacons.
12. ^ {{cite web | url = http://www.securitytube.net/video/383 | title = Karmetasploit ( Karma And Metasploit 3) | author = Dookie2000ca | date = 2009-06-13 | accessdate=2011-07-10 }} Demonstrates the use of "Karma" to respond to any probe request beacons.