This is the place to be following Part III of this webcast series that took place at 1:00 PM EST on Tuesday March 24, 2009:


EH-Net members are invited to keep the conversation going with Kevin Johnson, Josh Wright and Ed Skoudis from InGuardians. These 3 security experts will be with us for about a week (depending on their time constraints) after each webcast to answer your questions. We will also post the links to webcasts as they become available.

Please become an EH-Net Member, to post questions.

Feel free to ask away...

Many thanks to SANS and Core Security for making this possible,
Don
EH-Net
Editor-in-Chief

Hey All,

Hope you enjoyed the webcast. Feel free to ask questions here that may not have been answered due to time constraints of the live venue. Also, if you want others to benefit from your live question or have Ed, Kevin or Josh expand further, asking the same question is also allowed. 

Thanks for visiting EH-Net,
Don

I guess this question is not particularly related to this WebCast, but maybe Kevin or Ed point me to some decent documentation for BeEF. Just looking for background info, setup and workings.

Thanks

VJ

X2

Hi-

Yes, my understanding is that the recording is now available.

Kevin

Thanks Kevin,

Sounds like a little research project

VJ

The problem with SSID cloaking is that you force your client systems to constantly ask every AP they see "Are you my mother?" (queue the Dr. Seuss book ... SNORT!)  If you cloak the SSID of your work AP and the user is stuck in Terminal C of O'Hare Airport*, they are constantly sending out probe requests with the cloaked SSID.

A friend made the analogy to a military officer.  The officer is lost, and he is looking for his military base.  He asks everyplace he sees "Are you my military base?", "Are you?"  Eventually, someone will say "yes", which we otherwise would call Karmetasploit (http://trac.metasploit.com/wiki/Karmetasploit).

Other reasons SSID cloaking doesn't make sense:

1. It provides no security.  As any Kismet user will tell you, watching a legitimate user login to the AP discloses the SSID.
2. It leads to user confusion.  Users who can't find their wireless network are 18 times as prone to click on "Free Public WiFi" or any other nonsense SSID they come across (I read that statistic in the Journal of Clinical Neuroscience).
3. Users call your helpdesk more.  If they need special shared information about the SSID, they are going to call your helpdesk all that much more.  I found it was better to make friends with the helpdesk people than ... enemies.

I wrote a short article about this topic a few years ago for Network World which states similar points with more penache than I can muster at the moment:

http://www.networkworld.com/columnists/2007/030507-wireless-security.html

Thanks to all who attended the webcast!

-Josh

* The best place to eat in O'Hare Airport is a take-out place in the K concourse called "Burrito Beach".  You'll thank me for it.  If you know of a place in the C concourse where there are more than a handful of working electrical outlets for public use, please let me know and I think kindly of you often!