Is Hiding the Wireless SSID All the Network Security You Need?

Wednesday, June 20, 2012

Dale Rapp


Every wireless network has a service set identifier or SSID, which is the name given to the wireless network.

The SSID is used to distinguish wireless networks from one another. Small office home office (SOHO) routers come from the factory with a default SSID and owners of the SOHO router should always change this default SSID name to something of their choosing.

Along with changing the SSID name another very popular setting for individuals to enable on the router is to not have it broadcast the SSID or wireless network name.

Hiding the SSID requires more overhead by the network owner to manually configure any wireless devices that need to be part of the network. Many network owners believe hiding the presence of the wireless network and configuring the devices that join it as a great way to secure the network, but this is providing a false sense of security.

You’re not really hiding the network you are just hiding the network from advertising itself. A moderately skilled hacker with the right utilities can still find hidden wireless networks, and if there is no other security defined on the router you open your network up to several attacks.

Anyone with knowledge of wireless networks can use free utilities downloaded from the internet to scan the airwaves and capture specific communication frames to discover hidden networks. Once the hidden network name is discovered, and assuming no other security is setup, an intruder could connect to the wireless network and use it for free internet access.

If an unauthorized person connects to the wireless network this would expose the other computers connected to the network. Any shared folders setup on your computers could then be browsed by the intruder and the data in them downloaded.

Hiding the SSID has one attack method that most people are not aware of. When you take your wireless device to a Wi-Fi hot spot the device will try to search for your hidden network. Basically the device will be announcing the name of the hidden SSID to anyone that may be listening.

If a bad guy is at the hot spot he could create a fake access point with the SSID that your device is searching for and then try to trick you or force your device to connect to his “evil twin” access point. If the bad guy can get you to connect to the fake AP it can open up your device to numerous attacks.

This may not sound like a big risk, and so many people feel the public Wi-Fi network at their local coffee shop or cafe is safe, but I always recommend when you’re using a free wireless hot spot to treat that network as unfriendly. What I mean by unfriendly is free wireless hot spots usually have no security setup and they are just convenient portals for internet access.

With hot spot networks having very little or no security setup it is a prime location for the bad guys to take advantage of unsuspecting victims, so don't think your local coffee shop or cafe is not susceptible to these types of attacks.

Regardless if your wireless network is hidden or not encryption should always be used. Encryption will scramble the network communications so they are unreadable by anyone capturing the traffic.

The bad guy doesn't need to know if a wireless network is hidden or connected to the network to capture unencrypted traffic, and this unencrypted traffic could be divulging emails you send, web sites you visit, and passwords you type into log in pages. Encryption is an important security setting to enable on your wireless network and should be setup on all wireless networks whether they are hidden or not.

Used by itself, hiding the network SSID does not provide adequate security, but using this feature along with encryption and other security settings available on your home wireless router will give you a more layered approach to security.

The more layers or harder you make breaking the security of the network the more someone wanting to access it will move on to an easier target.

Cross-posted from DaleWiFiSec

Possibly Related Articles:
Network Access Control
Information Security
Encryption Wireless Access Control WiFi Network Security Routers SSID Layered Security
Post Rating I Like this!
Robin Jackson Don't forget to turn off WPS there are tools out there that will successfully recover your SSID, clear password, and encryption algorithm within no more than about 8 hours (to go through the entire WPS key space).

Also MAC restriction is not safe, because, even as a bad guy can find your SSID, they can also see what MAC addresses are connecting and spoof that address to allow their machine to gain access.
Dale Rapp The Reaver WPS attack tool did get a lot of publicity earlier in the year and disabling WPS is a great recommendation to avoid that vulnerability.

MAC address filtering was never something I liked, it's a lot of overhead with very little reward and MAC addresses can be spoofed very easily.

Thanks for the comments and I appreciate the discussion.
Robert Mora Hiding the presence of wireless network is a great way to secure the network but it provide false sense of security.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.