way of approach to tricky questions

goktangoktan Registered Users Posts: 4 ■□□□□□□□□□
Hi,

I've a question about how to think for such a question in the exam. as you most know, this comes from ISC official guide 3rd edition. (hope it is not a problem to write this here since this part already published in google books)

-> Which of the following configurations of a WLAN’s SSID offers adequate security protection?
A. Using an obscure SSID to confuse and distract an attacker
B. Not using any SSID at all to prevent an attacker from connecting ”
C. Not broadcasting an SSID to make it harder to detect the WLAN -> this is how I would think
D. An SSID does not provide protection -> this is the claimed answer

and the answer says; “Correct answer is D. SSIDs are not for authentication.”

OK, I agree that the idea of SSID is not security nor authentication. But still it is obvious that broadcasting is a bad practice since it simply says "I'm here". (and I'm aware not saying I'm here can be considered security through obscurity, which is not good) Consider the scenario; a script kiddie who has necessary tools, is walking around to attack wlans just to gain free internet access. if there are 10 WPA2 enabled networks around where 8 of them does broadcasting, most likely he'll start from them to try his tools. This if of course not a rule or must, I know. Anyhow, I think not broadcasting the SSID will bring a "very slight increase" to security but better than nothing. And since we all know CISSP is finding out the "best" answer out of 4, I am really confused when we need to think the slight variances, when not! Again in the same book there is a section like following which backs up my idea although the answer says different.

“Service Set Identifier (SSID) Broadcasting”
......



“ The downside of beaconing is that you also make your wireless network a target for attackers and freeloaders looking for a free connection.
Disabling beaconing is useful, if rudimentary, safeguard for wireless LANs, but a patient attacker can still observe the SSID as soon as another client who knows the SSID comes into range and probes the wireless network.”


Please don't consider the question here is "why this is not C instead of D", instead the question niggling my mind is how to approach this kind of tricky questions in exam, do you have any rule of thumbs?

thanks for the answers in advance,

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    The first step should be figuring out what they are asking. There are usually keywords that will point you in the right direction. In this case those words are "adequate". D is the only option as you can easily eliminate all others as they provide NO security.
  • 5502george5502george Member Posts: 264
    Not brodcasting your SSID is actually a very bad idea and provides no security features whatsoever. When you hide your wireless SSID on the router side of things, what actually happens behind the scenes is that your laptop or mobile device is going to start pinging over the air to try and find your router—no matter where you are. So you’re sitting there at the neighborhood coffee shop, and your laptop or iPhone is telling anybody with a network scanner that you’ve got a hidden network at your house or job.

    Debunking Myths: Is Hiding Your Wireless SSID Really More Secure?

    You have to figure the most obvious awnser in any question on the CISSP is the right one. SSID does not provide security, it may provide obscurity, but not security.
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    This is an example of a badly worded exam item. The stem asks which answer option, "...offers adequate security protection?" The "correct" answer doesn't correctly answer this question. A better wording for the stem would be, "Which one of the following opinions about WLAN SSID configurations is the best security practice?"
  • techfiendtechfiend Member Posts: 1,481 ■■■■□□□□□□
    That's interesting that storing a hidden ssid leaks when not connected. Is it actually riskier to hide the ssid then to not if you use a lot of public wlans?
    2018 AWS Solutions Architect - Associate (Apr) 2017 VCAP6-DCV Deploy (Oct) 2016 Storage+ (Jan)
    2015 Start WGU (Feb) Net+ (Feb) Sec+ (Mar) Project+ (Apr) Other WGU (Jun) CCENT (Jul) CCNA (Aug) CCNA Security (Aug) MCP 2012 (Sep) MCSA 2012 (Oct) Linux+ (Nov) Capstone/BS (Nov) VCP6-DCV (Dec) ITILF (Dec)
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    The SSID is always present in the 802.11 probe and association frames, so the SSID of an 802.11 wireless network is always easily discoverable by active scanning. Hiding or "cloaking" the SSID by omitting it from only the 802.11 network's beacon frames is security though obscurity, which is not a best practice. Best to allow the network to be easily visible to all, but protected with encryption and a strong pass phrase.
  • techfiendtechfiend Member Posts: 1,481 ■■■■□□□□□□
    I wasn't precise enough with my question above. It seems if you store a hidden network on an end device, the device continues to ping the ssid even if out of range, this could be seen as a slight risk of hiding ssid if stored broadcasted networks aren't pinged from the device when out of range. Do you know if they if devices ping in both situations?

    I always thought the AP sent availability but according to the HTG article the device requests it instead by pinging for ssid. The AP availability would make a lot more sense and could be more secure.

    Currently I'm not broadcasting ssid among the dozens in range so people don't hammer connecting but maybe there's no use for it. Comptia seems to define hiding ssid's as good practice, even on the tests.

    I do agree that answer D in the OP is correct even if it's a near trick question. It's not security and could be compared to hiding a file, except extreme cases of linux dot paths where people may just give up.
    2018 AWS Solutions Architect - Associate (Apr) 2017 VCAP6-DCV Deploy (Oct) 2016 Storage+ (Jan)
    2015 Start WGU (Feb) Net+ (Feb) Sec+ (Mar) Project+ (Apr) Other WGU (Jun) CCENT (Jul) CCNA (Aug) CCNA Security (Aug) MCP 2012 (Sep) MCSA 2012 (Oct) Linux+ (Nov) Capstone/BS (Nov) VCP6-DCV (Dec) ITILF (Dec)
  • BalantineBalantine Member Posts: 77 ■■□□□□□□□□
    The important thing is to know better than the exam writers.
    dulce bellum inexpertis
Sign In or Register to comment.