Thread: EW-7206APg Wireless LAN Access Point
View Single Post
  #4 (permalink)  
Old 05-01-2007, 02:56 PM
John Navas
Guest
  
Posts: n/a
Default Re: EW-7206APg Wireless LAN Access Point
On 1 May 2007 07:45:41 -0700, yousaf.hassan@gmail.com wrote in
<1178030741.228389.72340@q75g2000hsh.googlegroups. com>:

>Could you please explain why disabling ESSID broadcast would add
>nothing to security? The manual says:
>
>"If you enable "Broadcast ESSID", every wireless station located
>within the coverage of this access point can discover this access
>point easily. If you are building a public wireless network, enabling
>this feature is recommended. Disabling "Broadcast ESSID" can provide
>better security."

That's just plain wrong, written by someone with no real knowledge of
security. See

* "The six dumbest ways to secure a wireless LAN
(Wireless LAN security hall of shame)"
<http://blogs.zdnet.com/Ou/index.php?p=43>

* "Debunking the Myth of SSID Hiding" at

<http://www.trusecure.com/cgi-bin/download.cgi?ESCD=W0149&file=wp_ssid_hiding.pdf>.

>My network is a private home network, so I want to disable it.

All SSID hiding really accomplishes is making it harder for your
legitimate neighbors to see your network, and thus more likely to jump
on the same channel you're using, degrading your network with
interference. It can also cause problems with some wireless adapters.

>As for IAPP, this is what the manual says:
>
>"If you enable "IAPP", the access point will automatically broadcast
>information of associated wireless stations to its neighbors. This
>will help wireless station roaming smoothly between access points. If
>you have more than one access points in your wireless LAN and wireless
>stations have roaming requirements, enabling this feature is
>recommended. Disabling "IAPP" can provide better security."

Again, that's just plain wrong.

>I have only one access point, and my wireless stations do not have any
>roaming requirements. That's why I turned it off.
>
>As for encryption and security, both WPA (with a strong passphrase)
>and MAC access control are enabled.

MAC access control is likewise a bad idea. See first citation above.

The _only_ thing that really works, and thus the _only_ thing you really
need, is WPA with a strong passphrase.

>Could you also explain what Fast Roaming Threshold is? What value is
>recommended for this option? There is no mention in the manual for
>this!

Don't mess with defaults of advanced settings -- you'll only make things
worse.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

Reply With Quote