http://www.techrepublic.com/blog/wireless/wi-fi-security-is-always-one-step-behind/205
Is this correct? I don’t really understand the rationale given, but I’ve read a few other guides to securing networks, and they’ve said the opposite.
I’d say it doesn’t make a difference. Though I don’t follow the rationale of the cites you’ve given either, turning of SSID broadcast isn’t a real security feature, rather security by obscurity. Bad guys with the right sniffer software will see your access point anyway, no matter what your settings for SSID broadcast are. Turn on WPA2, choose a secure and long enough password, and you’ll be as safe as possible for a home user.
Concur. Disabling the SSID broadcast and setting up connection only to known MAC Addresses are two things people often recommend as security precautions, but neither of them are effective, because SSIDs and MAC addresses can be sniffed and MAC addresses can be spoofed.
The only thing these supposed precautions actually achieve is greater inconvenience for you, the legitimate user/administrator of the system. Experienced hackers will not be even slightly perturbed, and casual intruders should be shut out by strong encryption.
I don’t understand the rationale for the first quote either, but the second one seems straightforward enough. If you’re, say, a branch of Chase bank, and you hide your SSID, then someone malicious could set up another network called “ChaseWireless” nearby. Your customers might then assume that this was a secure connection, connect to it, and do their banking while connected. Except they’re not connecting to the official Chase website when they do so, but a phishing site instead. Hilarity ensues.
This isn’t really a concern for the average home user, though. It also wouldn’t be a concern if your users were smart about connecting to unknown wireless networks, but relying on people to make smart decisions is not a valid security strategy.
The first quote is just explaining the general futility of hiding the SSID (basically, you can’t, because although you may hide it on the router, the client computer still broadcasts “Hey! [your SSID]! Are you there?” - and a would-be intruder can just pick it up from that.
ETA: Ref Mangetout: I need to type faster or say less …
The point of this is NOT that disabling your home network SSID broadcast makes your home network less secure.
The point is that disabling your home network SSID broadcast makes your home *laptop *less secure when you take it out in public and try to connect to *other *networks.
In essence, your laptop keeps waving its keys around saying “Hey! Anybody here got a lock to fit this key?” And a bad guy can easily fashion such a lock in seconds and your laptop will glom onto it eagerly. Bad outcomes ensue.
By setting your home network to broadcast SSID, you also indirectly unset the client laptop(s) from broadcasting the key they think of as home. And that’s where the security gain comes from.
If you think about it, most of us are at far greater risk from hooking our laptop to an evil network in public than we are from having an evil laptop drive by our residence & hook to our network. Apartment or dorm dwellers might have nearly equal concerns in both directions.
If the only PCs you have never leave your house, then broadcasting or not of SSID is immaterial.
As others have said clearly above, lack of an SSID is about as effective at stopping drive-by hackers as removing the house numbers from your mailbox or front door is at stopping identity theft or burglary. Once the bad guys are parked outside, they already know where you live; the *name *of where you live isn’t necessary for them to do evil.
You’re saying it still broadcasts “are you still there.” The first quote in the OP says “you are implicitly forcing your computer to shout out your SSID anywhere you are”, inferring that that is the danger of hiding your SSID.
The first quote used the second as a reference (click the little number 3 I included), so my guess is the author also didn’t understand what message was supposed to be conveyed and explained it wrong.
The first quote was from an article about securing home networks. Maybe the author didn’t understand the point that was being made in his referenced quote and thought it was pertinent to securing a home network?
Does it not do that regardless? (i.e. even if it’s looking for a connection which normally broadcasts the SSID?)
It’s futile from a “protect me from hackers” standpoint, however, it makes sense from a home security standpoint if you ever have to turn off your password temporarily and don’t want your neighbor using your internet.
??? I understand the OP’s two links but it seems to me that if you are going to the trouble to hide your router’s SSID you would also block your laptop’s ability to remember and auto-connect to the hidden SSID.
If my laptop does not remember my SSID, I have to type it in - and why would I do that in an airport or coffee shop?
I’m not a networking engineer so what am I missing?
It should be possible to configure a wireless adaptor to connect, as long as the name is known (you should only have to type it in the once, when you set up the connection)
Not necessarily. In the guides for securing a wireless network that I’ve read so far, many have mentioned it’s a good idea to disable the broadcast of the SSID but haven’t mentioned making sure your wireless devices such as notebooks shouldn’t be set to remember to auto-connect to the hidden SSID. I had no idea that would be a risk, but I don’t connect to anything wirelessly outside of the home.
jasg realizes that, hes’ asking why one wouldn’t go through the trouble to make sure it doesn’t auto connect when one has gone through the trouble to hide their SSID on their home network. I think he’s assuming one would necessarily realize it’s a security risk.
So it really doesn’t matter anyway. The whole spoof the SSID would still work even if you weren’t hiding it, right? Either your PC is shouting it, or your router is. Once someone knows it they could, conceivably spoof it, and have your PC log into their network, instead of yours, right? Regardless of whether you’re broadcasting it, or your PC is because your SSID is hidden, correct?
Not necessarily. As I understand from what’s been stated above, if your router broadcasts the SSID, a hacker would still need to figure out the password to get in. If your laptop is configured to auto-conneect, it is brodcasting the SSID and the password every time it tries to connect. Is this correct?
Ah, Thank you - I see it now. Yes - most people who hide their SSID probably do not know it’s unsafe to let their client machines remember it.
I found the following which is basically a re-wording of the explanation given by LSLGuy:
It seems to that hiding your SSID would give you more protection from war driving, assuming anyone still does that.
The strategy I use now is leaving my Wi-Fi turned off and just using hard wired connections. I had my house wired for Ethernet when it was built.
Hiding your SSID doesn’t protect you from war driving if the bad guy is remotely competent. They’d be using tools like NetStumbler or Kismet that couldn’t care less if your SSID is broadcasting or not.
I don’t know how common war driving is these days, but it’s certainly something companies care about and try to guard against, if my last two employers are typical.
I don’t think so, because as Crusoe says, anyone out to do that will probably know what they’re doing. It’s not really protection, because that should be taken care of by other measures - specifically strong encryption.
Hiding the SSID might stop your neighbours seeing your connection and casually trying to connect, but that’s irrelevant because again, the right and proper (and only truly reliable) way to shut them out is to employ strong encryption.
The thing that confuses me is that I don’t change any settings on my laptop when I hide the SSID of a connection that’s already been established. So doesn’t that mean it’s broadcasting the same thing whether the SSID is on or off?
Of course I use all the other security options, but I don’t see why hiding the SSID hurts anything.