SSID without dictionary words
Summary
The name of the wireless SSID must not contain dictionary words.
Description
If an organization is using common dictionary words in the SSID makes it easier for attackers to predict and potentially guess the name of the wireless network. Attackers use automated tools that can systematically try common words to discover the network name. Avoiding dictionary words in the SSID contributes to enhance network anonymity.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- CAPEC™-613. WiFi SSID tracking
- PA-DSS-6_1. The wireless technology must be implemented securely
- ISA/IEC 62443-UC-2_2. Wireless use control
- OSSTMM3-9_5_3. Evaluate configuration, authentication and encryption of wireless networks
- ISSAF-L_4_3. Network security - WLAN security (audit and review)
- PTES-6_7_6_2. Exploitation - Proximity access (attacking the user)
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.