Securing a wireless home network- Don't disable the 'SSID Broadcast'

The analogy is that none of that information is encrypted, but is available to anyone who has the card. The SSID is equivalent to all information that is available unencrypted. Oddly enough, none of your credit card information is encrypted or even hidden since you keep it on a card that you give to people in order to make a purchase. Tha’s the equivalent of broadcasting all that information to that person.

The PIN for debit cards is at least slightly better, although I doubt any of you would send me a scan of your credit card and then challenge me to figure out that four digit pin.

And you guys are forgetting one major thing: the network is not always available if you are using a laptop. If you go outside the range of the laptop, the laptop will detect the exact same situation as it does if you turn off the SSID. That was my point before: there is no way that turning off the SSID changes how the laptop chooses to interact unless there is an option that must be changed.

Fortunately, I know a lot more than I did back then.

The way it works is pretty straightforward. The SSID first checks for any broadcast SSIDs in the area. If one of them matches the one it needs to connect to, it connects and asks it for the password. If it doesn’t find the device, then the connecting device asks for a certain SSID, not any passwords or encryption. The access point can lie and say that it has that SSID. Then, and only then, does your device send the encryption information.

So, as I said, the scenario is the same whether the SSID is hidden or not present, both of which are likely scenarios. The only real protection is to disable that second step (asking for a certain SSID) on the connecting device. Otherwise, the only time broadcasting an SSID is more secure is if you can be sure that the network would always be present.

Okay. This is all very interesting and all, but what I really need are clear instructions on what to do about an AP that is not broadcasting SSID. Do I simply turn it back on and get back to being ignorant or do I need to do more?
Do I need to reset the 20+ devices in my house? Should I change the password? Should I change the SSID?

Thanks!

Turn off WiFi Protected Setup and make sure it’s truly turned off. Use WPA-2 encryption. Turn on SSID broadcast.

That’s not totally secure, but it’s a good start.

All of this reminds me of what Mark Twain said about locks. They exist to keep honest men honest. So basically the lock on my door won’t stop someone from kicking it in and turning off SSID broadcast won’t stop someone from getting into my network if they really want.