Is hiding your SSID really worth while?
Seems like every guide to securing your wireless network tells you to keep your SSID from broadcasting to make your network more secure, but is that really worthwhile? Let’s take a look at one of the silliest myths out there.
This myth has been around for a very long time, and we aren’t expecting everybody to receive this news with happy agreement. You’re welcome to state your case in the comments for why hidden wireless networks are a great idea, but we think if you keep reading, you’ll realize that it’s just not a security feature.
Obviously feature demand drives the specifications, so even though everybody eventually supported hidden SSIDs, the point is that there’s no extra protection from hiding your SSID. Read on.
Finding Hidden SSIDs Is a Trivial Task
***It’s extremely easy to find the ID for a “hidden” network—all you have to do is use a utility like inSSIDer, NetStumbler, or Kismet to scan the network for a short while to show all of the current networks out there. It’s really that simple, and there’s plenty of other tools that do the same job.
Don’t believe me? Grab a copy, start it up, and then click the Start Scanning button—within a minute you’ll see a list of every single network in range. You can then identify which ones are using WEP and start cracking them.
Some commenters have complained that you can’t see the networks… and we should clarify: hidden networks show up as Unknown in version 1 of this particular tool, but they do show all of the other data about the network, including the encryption type and MAC address. Version 2.0 of inSSIDer actually does show the SSID for a hidden network.
Real hackers are going to be using tools like Kismet and Aircrack to figure out the SSID before they crack your network, so whether or not a particular tool is showing the right data is beside the point. Should also note that you can use this tool to figure out how to change the wireless router channel and optimize your Wi-Fi signal.
Hidden Wireless Networks Are a Pain to Deal With
Now that you know how simple it really is for people to find your ID, wouldn’t you rather use the default networking configurations where you can easily select the network from a list? Why go through all the steps required to connect to a hidden network?
For instance, on your Windows 7 box, you’ll have to go to Network and Sharing Center –> Manage Wireless Networks –> Add –> Manually Create a network profile to get to the screen where you can start entering all the details for the hidden network. For a network that is broadcasting, all you have to do is click twice.
When you hide your wireless SSID on the router side of things, what actually happens behind the scenes is that your laptop or mobile device is going to start pinging over the air to try and find your router—no matter where you are. So you’re sitting there at the neighborhood coffee shop, and your laptop or iPhone is telling anybody with a network scanner that you’ve got a hidden network at your house or job.
Microsoft’s Technet explains exactly why hidden SSIDs are not a security feature, especially with older clients:
A non-broadcast network is not undetectable. Non-broadcast networks are advertised in the probe requests sent out by wireless clients and in the responses to the probe requests sent by wireless APs. Unlike broadcast networks, wireless clients running Windows XP with Service Pack 2 or Windows Server® 2003 with Service Pack 1 that are configured to connect to non-broadcast networks are constantly disclosing the SSID of those networks, even when those networks are not in range.
Therefore, using non-broadcast networks compromises the privacy of the wireless network configuration of a Windows XP or Windows Server 2003-based wireless client because it is periodically disclosing its set of preferred non-broadcast wireless networks.
The behavior is a little better in Windows 7 or Vista as long as you don’t have automatic connection enabled—the only way to be sure that you’re not leaking the network name is to disable automatic connection to wireless networks with a hidden SSID. Microsoft’s explanation:
The Connect even if the network is not broadcasting check box determines whether the wireless network broadcasts (cleared, the default value) or does not broadcast (selected) its SSID. When selected, Wireless Auto Configuration sends probe requests to discover if the non-broadcast network is in range.