• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

locking wifi down to only one SSID win 7

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
gangaskan

gangaskan

Member
Joined
Dec 18, 2003
Location
Lorain, ohio
is this possible?


i need to lock down the wireless as best as i can, but only allow one SSID to use. i dove into local GPO, but came up empty.
 
If I am understanding correctly, you want to limit the number of machines that can access your wireless to 1 machine?

If that's the case, enable MAC filtering and add only the machine you want to connect, then hide your SSID so no one can see it.
 
http://technet.microsoft.com/en-us/magazine/gg266419.aspx

It seems you have to extend the policies to do what you want to.

notarat said:
If I am understanding correctly, you want to limit the number of machines that can access your wireless to 1 machine?

If that's the case, enable MAC filtering and add only the machine you want to connect, then hide your SSID so no one can see it.
Click to expand...
Hidden SSID is easy to crack IIRC, and MAC filtering, aswell, you just need to be able to modify your MAC address and get a trusted client address.
 
best way is to disable it and run an ethernet cord but obviously if you have a phone or tablet that wont work.

isnt the SSID the "name" of the wifi signal? like "wagex's wifi" if so, i didnt know you could have more than one

best bet is to set your wireless to not broadcast the ssid and manually setup the information on your windows 7 pc. ontop of that use wpa keys
 
I think he is looking to only allow wireless devices to connect to one wireless SSID, as I read it. Since he was looking for an option in the GPO, I assume this is a company-wide domain and he is trying to secure it. Txus, that seems to be only to pre-setup wireless points, not restrict them.

Not to mention that MAC filtering and hiding your SSID is completely worthless.
 
thideras said:
I think he is looking to only allow wireless devices to connect to one wireless SSID, as I read it. Since he was looking for an option in the GPO, I assume this is a company-wide domain and he is trying to secure it. Txus, that seems to be only to pre-setup wireless points, not restrict them.

Not to mention that MAC filtering and hiding your SSID is completely worthless.
Click to expand...

ah that would make more sense just the way it was explained had me confused thought he wanted to secure it
this should help
netsh wlan add filter permission=denyall networktype=adhoc
netsh wlan add filter permission=denyall networktype=infrastructure
netsh wlan set blockednetworks display=hide
netsh wlan add filter permission=allow ssid=ssid1 networktype=infrastructure
Click to expand...
http://answers.microsoft.com/en-us/...-to-just/da39ebf3-c88e-4e8a-be23-7a2a5c1fd78e

im guessing ssid=ssid1 means ssid1 is your ssid you want
 
I know this is off topic, but wagex posted the step to resolve so I figured I would jump in and make a comment on the below (ITSec is my school of study :sn: )

txus.palacios said:
Hidden SSID is easy to crack IIRC, and MAC filtering, aswell, you just need to be able to modify your MAC address and get a trusted client address.
Click to expand...

Any one security measure is going to be easy to compromise. From hidden SSID to WPA2 password. The primary tactic in security is layering. For example; my network has a hidden SSID, a >25 character key, mac filtering, and a non-standard non-DHCP IP range. Given enough time, someone could get into my network. The amount of time they would spend parked outside my house though, they might as well kick the door in and take my stuff.

One principle of security that you should not rely on, but still consider, is that if the guy next to you looks easier to mug, he typically gets mugged. Do as much as you can, and the layers will typically deter all of the script kiddies. Real hackers... they're getting in if they really want to (on a home network for sure).

EDIT:
thideras said:
Not to mention that MAC filtering and hiding your SSID is completely worthless.
Click to expand...

How so? It is still a measure of security. If you were to rely on only one... I can see that. Each measure adds time that the intruder has to spend to overcome. The more layers, the more time they have to spend. Why not just find an easier target? Unless you made LulzSec angry, then most people won't get in.
 
Last edited:
Aspect404 said:
How so? It is still a measure of security. If you were to rely on only one... I can see that. Each measure adds time that the intruder has to spend to overcome. The more layers, the more time they have to spend. Why not just find an easier target? Unless you made LulzSec angry, then most people won't get in.
Click to expand...
It isn't security because it won't stop someone from breaking into your network. The SSID and MAC addresses are still transmitted plaintext when real clients are connected, so it is easy to discover both those pieces of information. From there, you'd break into the network like normal. A rogue system can issue a disconnect on behalf of an authenticated client, which will cause it to temporarily disconnect. So, if I knew the password to your network, I could easily get connected, even with a hidden SSID and filtering. If your "security measure" takes less than a fraction of a second to break, it isn't a security measure.

Doing a quick search online shows a ton of articles that explain this.
http://www.howtogeek.com/howto/2865...hiding-your-wireless-ssid-really-more-secure/
http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

There was a very well written article that went deep into the technical side, but I can't seem to locate it anymore. I should have bookmarked it. But, at this point, we are way off topic, so let's drop this subject.
 
sorry, i havent seen this yet.

basically, we have police cruisers that are going to use the onboard WifI to upload cruiser video. naturally, i want to secure this as much as possible, because these guy's will majorly screw the computers up first hand by connecting to any of the numerous open AP's around the city. secondly, it messes with the application they use.

i want to lock the pc down so only ONE ssid can be used to connect to.

these computers are NOT apart of the domain.


edit: oh, and i love you wagex :)
 
Last edited:
You must log in or register to reply here.

Similar threads

B
Ethernet Cables and Best Cat Rating. Some Thoughts
Replies
3
Views
197
Railgun
Railgun
B
Comcast CGM433 Modem & Bridge Mode - SOLVED
Replies
6
Views
399
Barryng
B
pinky33
Help pick out a laptop please
Replies
6
Views
232
Flamethrower1972
Flamethrower1972
A
Really need help - cannot boot from USB to reinstall windows + more
Replies
9
Views
430
magellan
magellan
Niku-Sama
Get incoming calls and texts on other devices on home wifi
Replies
2
Views
540
don256us
don256us
Back