Solved

wireless - Should I broadcast my SSID?

Posted on 2011-09-27
5
455 Views
Last Modified: 2012-05-12
Ive read various documents that claim its actually more of a security risk to not broadcast your SSID since clients that were previously associated will send out sensitive data while trying to rejoin?
We havent broadcasted our corporate SSID for the past few years but we are going through a large upgrade and Im thinking it might be time to make the change.  I also noticed that Windows 7 still see SSID's that arent broadcast, though labels them as "unknown network" or something similar.

Just wondering your thoughts on whether or not I should broadcast our corporate SSID or leave it non-visible?  Thanks
0
Comment
Question by:CAITMAN
5 Comments
 
LVL 1

Accepted Solution

by:
JWong007 earned 32 total points
ID: 36710227
CAITMAN:

This article from Steve Riley is an excellent article regarding the myth vs. reality of broadcasting your SSID.  This is an older article, but I find the principles still apply.  I think you'll find it useful.

http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx.
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 31 total points
ID: 36710305
In my point of view hiding SSID's will only fool the casual User who doesn't really have any criminal intent. Anyone who wants to crack your Wireless LAN or tries to gain data from users will hardly have any trouble finding the SSID. So there isn't really much to gain in hiding them. If anything it'll make it more attractive for potential hackers as he'll suspect you have something to hide. From my knowledge though, clients can send out sensitive whether the AP is hidden or not. So to really make wireless connections secure you need a strong encryption, at least some form of WPA, and if you use WPA Personal, a very long and complex passphrase that can't be found in any dictionary.
0
 

Author Comment

by:CAITMAN
ID: 36710461
Thanks for the advice.
We do use WPA2 and 802.1x to secure the wireless.  Im thinking its more trouble than its worth to HIDE the SSID. I just wanted to get some feedback from others that are managing corporate wireless. Thanks
0
 
LVL 1

Assisted Solution

by:NetWORXmi
NetWORXmi earned 31 total points
ID: 36710748
I would tend to agree with leaving it broadcast in a "busy" enviroment- such as other office near by with wireless, and using the stronger encryption as the first time they conenct, if not done by the IT staff, they may connect to a "simular" rouge AP and spit out the encryption key to it if they did not notice the minor spelling change- maybe one that makes it just above the legit one? Even an IT staff that has multiple projects going at once might miss that.
0
 
LVL 25

Assisted Solution

by:Fred Marshall
Fred Marshall earned 31 total points
ID: 36711002
I think that NetWORXmi made a pretty good argument for NOT broadcasting the SSID.  You can't hook up to the "simular" network if you don't expect to see your network on the list in the first place!!  This also argues for using a complex name.  Names like Linksys, DLink, etc. make it dangerous for your folks who might travel outside the building.  They just might "automatically" connect to one of those.  Of course, security helps prevent that but nonetheless it's good practice.

While not  a security feature by itself (it's a bit like using a hook on your screen door) it makes things just one bit more difficult and it will keep out the lazy but curious snoopers.  I don't agree that "security by obscurity is no security at all".  If you hide behind a bush while the mugger walks past then obscurity did it's job of providing security.  But, if you are unarmed and he is looking right around the area for you then, of course, your security is compromised and hiding behind the bush likely won't help.  Same idea.

It's called "defense in depth".  Every added difficulty helps.  Just don't rely on any one added difficulty.

WPA/WPA2 are crackable by brute force methods so use a random 63-character, 504-bit passphrase.  It has to be pasted into the client setups but it makes cracking unlikely (one might say impossible).
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now