- by Chad, "The Dream", Weaver
Wireless networks: we all have them and they are becoming more and more common. As more of us start using wireless at home and work, the importance of protecting your network is, or should be, more and more of a concern. There are good ways and there are really, really, bad ways. For instance if you can for any reason use WPA2 please do - at the very least WPA if you keep you key complex and secure your network should be nice and safe from all but the very best most determined hacker. Those two are very strong encryption standards, but they are only as strong their key so if you use 12345678 it could still be compromised. A bad example is WEP; don’t use this if you can avoid it for any reason.
This brings me to one of the worst ways to protect your network. Hiding your SSID, your SSID is how your network is identified to the world and is broadcast out. For some reason it has been considered a good way to prevent people from connecting to your network. This is one of the worst myths; it honestly doesn’t stop anyone who is looking from finding your network. Number one this is not a password, it does nothing except help clients locate their access point that they can associate with. By hiding it, you make it harder for your clients to find their network. I think the best example of this would be a dark room and the access point is yelling out its name, over and over again. So if someone were to walk in the room they would know the “access point” was there and the general location of that access point. Now to use the example of hiding your SSID would be to take that same access point and silence it, it can only respond if you know its name. Send a person in and they wouldn’t know it was there and accepting associations at all, they may know it is there by perhaps bumping in to it, but without a name it is useless. Tell that same person its name and they have to shout it out in an attempt to find it. By yelling the name out the client discloses the network it is looking for anyway, so anyone in earshot would than know that access points name. This is exactly what happens when clients look for a network that is hidden they shout it out over and over again looking for it no matter where they are.
The second reason this is bad is because some people use this, and I dare say businesses, to hide a network with perhaps no encryption at all. Any devious person with a few minutes and easy to find tools can then discover that network, and since there was no encryption at all, any corporate or private data transmitted using that network is easy to capture and read using tools such as Wireshark. Also another example of the dangers of this is say you take a mobile device outside your network. If it is set to automatically connect to your hidden network it continually yells out the name of the network/networks that it is looking for. Anyone listening can see that information so not only is it making it harder to connect it is spreading the name of your network everywhere you go.
Lastly it is against the 802.11 standards for wireless to hide your SSID; the SSID was never meant to be hidden at all. It's a violation of the 802.11 specifications to keep your SSID hidden; the 802.11i specification even states that a computer can refuse to communicate with an access point that doesn't broadcast its SSID. Even Microsoft gets in on this debate with this TechNet post so please stop hiding your networks SSID. You are not only making it harder on yourself you aren’t doing anything to protect your network at all. Another piece of information is if you are using this in conjunction with MAC filtering anyone who took the time to find your network has a MAC address of a client. Changing your devices MAC address is beyond a trivial matter, a couple seconds and they can connect to your network if it is not protected by a WPA or WPA2 key. And if you are using a strong pre-shared key and are keeping it secure there is absolutely no reason at all to make it harder for yourself to find your own network. We at Trigon do our best to make it secure for our clients, and wireless networking is no different.