[Updated to reference Microsoft article on non-broadcast wireless networking]
I read an article the other day in Information Week, by Preston Galla. The name rang a bell, and I remembered that he used to review shareware for ZDNet. The fact that I remember his name suggests that I disagreed strongly with what he wrote about my software :-)
The article basically says that you can secure wireless networks by a few simple steps:
Let’s contrast that with a ZDNet blog article by George Ou on “The Six Dumbest Ways to secure a Wireless LAN“, along with a quick parenthetical summarisation of what I believe George is saying:
Dishonourable mention: WEP encryption – “it takes only a few minutes to break a WEP based network which makes WEP completely ineffective”.
I make that three out of six of Preston’s recommendations on how to secure wireless networks line up in George Ou’s “dumbest six ways”. I have to agree with George.
The DHCP one is a classic – to try and limit the hackers, you make it easier for them to engage in a denial of service attack on you?
Even Microsoft, a company known for allowing people to make decisions that don’t exactly help security (hello, account lockout?) without comment, has documentation on disabling SSID broadcast as being a bad idea – note the tone of the article says “we’re trying to make it easier to do this, but really, it’s a bad idea to begin with”.