3 reasons why hiding your wireless SSID is a bad idea

Your wireless SSID (technically known as Service Set Identifier) is the name of the wireless network.  It’s called a Service Set Identifier because it represents all the devices being serviced by that SSID name.

A SSID simply provides a way to distinguish between wireless networks. Now, that’s fine as far as goes; however, a problem arises when people treat SSID’s like passwords.

Confusing the two can have big ramifications; that’s why in this guide I’m going to clear the muck by explaining the differences.  I’ll also give you three reasons why you should never hide your wireless SSID as a security measure.

Since the wireless SSID is the network name but not the network password, hiding the SSID doesn’t fortify your network security.  While it is true that cloaking your network will prevent the name from appearing in the Wi-fi network listing, that does nothing to deter motivated network crackers.

IT professionals like to call the notion of using secrecy for protection security through obscurity.

The premise is that hiding something will make it more secure but this ignores the reality that malicious hackers often start attacks with an information gathering phase.  Hiding your network may delay the incursion but it won’t finally stop it.  Today there are a motley of tools anyone can use to get your SSID in seconds.

Here are three reasons why I think you shouldn’t hide your wireless SSID:

1. Hiding your wireless SSID tempts the bad guys

Anyone who knows anything about network intrusion and penetration testing knows that hiding an SSID is a sophomoric mistake made by newbies.  Therefore it diverts their attention to a network that is likely teeming with vulnerabilities.

The rationale is that if the network administrator used such paltry protection schemes on his network then there are probably other vulnerabilities waiting for exploitation such as a weak password or protection algorithm.

You don’t want to get on these guys radar.  Instead of doing what feels right – do the opposite and broadcast your SSID like everyone else.

Yes, I know this is counter-intuitive.  I mean, after all – if the bad guys can’t see your SSID how could they ever be tempted to find something that ostensibly doesn’t exist?

In order to understand this you need to know a little bit about how wireless networks work.

The client (your laptop) is constantly sending out a data frame requesting information about the network such as supported data rates.  The client computer continually submits these frames hoping that the relevant access point it’s associated with will pick it up and reply with the data it needs to get going.

These information exchanges between the client and the access point are known as wireless probe requests and responses.

The problem is that the probe requests and responses always include your SSID.  Darren Kitchen from Hak5 demonstrated this in an old Youtube video that’s about 10 minutes long.  Actually this isn’t a problem – it’s the way Wi-Fi has been designed; however, it does become an issue for people relying on security through obscurity to obfuscate their networks.

The bottom line is that wireless networks are not undetectable.

Free and well-known tools such as NetStumbler and NetSurveyor make it extremely easy for not only pernicious hackers but also curious enthusiasts to see all the hidden networks that are within range.

These tools capture the probe conversations and display the SSID in plain sight.  In addition, many of them have special features that enable anyone to specifically seek non-broadcast networks.  Thus hiding SSIDs isn’t a good idea because if a malicious hacker is specifically looking for non-broadcast networks and yours shows up he’s going after you first.

2. Cloaked networks are deceiving

Hiding your network will give you false sense of security because you’ll think your network is stronger than it really is.

A prudent way to secure your network is to:

  • Change the default password of the admin account used to configure your router.
  • Use WPA2-AES encryption with a strong password.

This is certainly more involved than disabling network broadcasting; however, you’ll effectively put yourself in a position of strength and then can take solace in the fact that your network is reasonably strong. It still isn’t impenetrable but it will certainly fortify your network presence.

Linksys has a few articles about securing your router.  You’ll also find some for some other popular routers. Here are the knowledgebase articles from a few of the big guys:

If these links aren’t relevant to your router just Google around and you’ll find something in no time.  It make take a few minutes to set up but once you change the router access password and enable WPA2 encryption you’ll never have to do it again.  So it’s worth it.

3. It’s a waste of time

Finally, cloaking a wireless SSID is just a waste of your time.

Time is the only thing in the world that we are force to spend but we never get back; therefore, we need to make sure we’re using it wisely.

When the wireless network is configured not to broadcast the SSID it’s not like the client stops sending probe requests just because the network is out of range.  In other words, if your home wireless network is configured as a non-broadcast wireless network and you take your laptop to your job, the airport, the library, the coffee shop or the park – your laptop will still periodically send a probe request searching for your preferred network.  And this probe has the SSID so why should you waste any time disabling it?

The Bottom Line

I think part of the appeal of hiding the wireless network is the ease of implementation. A computer novice connects to his home wireless router via 192.168.1.1 or 192.168.0.1, enters his wireless configuration and unchecks the “Broadcast my network SSID” option.

Next, he blithely clicks Save, leans back in his chair with hands behind his head and breaths a sigh of relief.

But this faulty for the reasons I showed above.  Instead of using security through obscurity use security through reality.  The reality is that a strong WPA2 and router access password will protect you from most threats so there’s no reason not to use it!

Please share your thoughts about this article in the comments below!

 

About

Connect with Vonnie on Twitter

Posted in Windows, Windows 7, Windows 8, Windows 8.1, Windows Vista Tagged with: ,
  • Pingback: How Wi-Fi works (Parts 3 of 3) - fixedByVonnie()

  • Gerri

    Good review. It help me a lot!

  • Steve

    What do you think about a MAC address whitelist? Is that similarly a waste of time?

    • Tcat Houser

      If you have a stable environment clearing ‘friendly’ MAC addresses for USER. In most cases, the odd visitor can be handled via a GUEST SSID on the router.
      It’s real work (I mean Real Work) to hack a WLAN with a strong WPA2 Key (password) AND a MAC whitefish.
      First your opponent would have to sniff enough data packets to reverse engineer the key via sufficient interactions. If your using BASE 16 (09 + A-F) in a long key, and you are re-setting the key before enough packets are broadcast, well… that’s a high bar to overcome.
      Then assuming the Black Hat got you there, the next challenge would be to discover a valid MAC address and impersonate a legit node.
      This has several hurtles.
      1. Black Hat needs to read decrypted Advanced Encryption System (

      • An Oylla

        Thank you! a useful article, but the last phrase about the battery powered devices, convinced me! I had strong router password with numbers, letters, capital letters and symbols. The same logic used in the wifi password. I have a MAC address whitelist. I thought that was a good idea to have hidden SSIP, until I read your article 🙂

  • oceanmaster

    Bottom line is it doesn’t matter if you hide your SSID or not. What matters is you have a good encryption algorithm and a complex password. If you want to hide it go ahead it doesn’t matter if hackers think it hack-able.. nobody can hack recent wireless encryption with a good password. Not with all the computers in the world together.

  • Gikera Wa Mwangi

    This is a great discussion. I would like to ask why having an SSID like 2WIRE497 probably isn’t the best idea.
    Please I will appreciate any assistance accorded?