fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
| Questions about SSID broadcasting.
Even though I have my network secured with WPA, I am thinking about turning off SSID just as an extra measure to prevent an outsider from hacking my encryption password.
1. If I turn it off, do I have to turn it back on again when I restart my computers in order for the computers to connect to the network?
2. Will turning it off in anyway affect the performance on the network? Such as download speeds?
--
»Check this out! |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| There's no real benefit to turning off the SSID broadcast. However, if you turn it off, you should still be able to connect.
In windows, the effect is that you cannot scan for wifi networks, then click "connect" on the selected one. Rather, you have to manually enter the SSID and key before you can connect. If you put the hidden network early in the list of configured WiFi networks, then Windows will thereafter automatically connect (assuming you allow that). If the hidden net is too low on the list, it will only be found if nothing earlier on the list is found.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10 |
|
docrice
join:2008-03-31
Fremont, CA
| reply to fonzbear2000
No and no. The only thing "turning off the SSID" does is null the value of the network name field in the 802.11 beacon. Anytime a station associates or re-associates, that value is sent in the clear within the respective 802.11 frames. For this reason, it's not considered a security measure at all, except to superficially reduce confusion in areas where there are a lot of access points announcing themselves and prevent someone from accidentally selecting your network.
»wicked-styles.com/bitsandpieces/···ecurity/ |
|
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
| reply to nwrickert
No benefit? To me a HUGE benefit would be that outsiders wouldn't be able to pick up my network signal and try to hack my network. If I do decide to do this, what is the SSID key and how do I manually enter it?
--
»Check this out! |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | They can still pick up your network signal, and they can still try to hack.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10 |
|
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
| reply to docrice
said by docrice  :No and no. The only thing "turning off the SSID" does is null the value of the network name field in the 802.11 beacon. Anytime a station associates or re-associates, that value is sent in the clear within the respective 802.11 frames. For this reason, it's not considered a security measure at all, except to superficially reduce confusion in areas where there are a lot of access points announcing themselves and prevent someone from accidentally selecting your network. » wicked-styles.com/bitsandpieces/···ecurity/ Sorry, but I have NO idea what you're talking about and I'm not sure what I'm supposed to be looking for at that link.
--
»Check this out! |
|
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
1 edit | reply to nwrickert
said by nwrickert :They can still pick up your network signal, and they can still try to hack. How can they pick it up if SSID broadcasting is turned off?
This is what my router says about SSID:
"Broadcast SSID
It is possible to make your wireless network nearly invisible. By turning off the broadcast of the SSID, your network will not appear in a site survey. Site Survey is a feature of many wireless network adapters on the market today. It will scan the "air" for any available network and allow the computer to select the network from the site survey. Turning off the broadcast of the SSID will help increase security."
--
»Check this out! |
|
Mem
join:2002-01-03
USA
·AT&T Southeast
| Kismet can see SSID's that are turned off (since they are still broadcast in other protocols of the wireless) or you can use airopeek & airodump.
I prefer to leave it enabled, it is the encryption you use that secures the signal from others accessing your network. Use a secure password for the encyption. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to fonzbear2000
How can they pick it up if SSID broadcasting is turned off? A casual windows user will not pick it up. Somebody with hacking tools will. The SSID is not broadcast, but it is still sent in other packets and can be found with suitable tools.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10 |
|
F430
@cox.net
| reply to fonzbear2000
quote:
To me a HUGE benefit would be that outsiders wouldn't be able to pick up my network signal
They are always able to pick up your network signal unless you turn your wireless Access Point (AP) or router with built in AP off. Your AP is always broadcasting. The so called "SSID broadcasting off" setting is actually telling the AP to send an empty name when it broadcasts. The AP still broadcasts several packets each second even if there is no traffic. And if a new PC/MAC tries to join the network the SSID is broadcast while that machine is joining the network.
quote:
try to hack my network.
Certainly. Anyone looking can still see your AP broadcasting and in less then a minute download the tools to start hacking if they have not so already. The only way to stop people seeing your AP is to pull the plug.
Note: Some Windows and Macintosh wireless drivers will fail to connect to an AP if they do not see its SSID broadcast even if you configure the SSID on your PC or MAC. I have a relatively large number of such machines I have to support. |
|
docrice
join:2008-03-31
Fremont, CA
| reply to fonzbear2000
Turning off the SSID does not turn off the signal. It's still broadcasting. The beacon that's transmitted 10 times a second just doesn't transmit the SSID value. This is how the 802.11 protocol works.
If you really want to understand how Wi-Fi / 802.11 networking works from a security lockdown perspective, I'd recommend reading the article that I wrote (which I linked to). What your router is saying either in the manual or in the admin interface somewhere is only conveying a simplistic interpretation of how wireless connectivity works. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
1 edit | reply to fonzbear2000
The problem fonzbear is that your taking marketing crap from a router vendor as gospel but ignoring well educated and informed posts from IT professionals and experienced users.
The only practical thing turning off ESSID will do is attract the attention of those you wish to avoid. On top of that you run the risk of making it difficult for you and your family to use your own system as turning off ssid at times can create some issues in a busy wifi environment.
Bottom line is that for good wifi security just ensure that
a. you use WPA or WPA2 encryption with a strong key 20+ characters and
b. you use the strongest password your router will allow.
c. ensure you do not turn on or alllow unsecured remote access to your router or a PC.
d. as far as ssid. leave it on and make it unique for you to recognize out of the crowd but not that it points to your house/location/personal identification
As I have stated previously, the only thing worse than no security is a false sense of security, which is the problem your exposing once again. SSID is NOT a security mechanism.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
| said by Anav :The problem fonzbear is that your taking marketing crap from a router vendor as gospel but ignoring well educated and informed posts from IT professionals and experienced users. The only practical thing turning off ESSID will do is attract the attention of those you wish to avoid. On top of that you run the risk of making it difficult for you and your family to use your own system as turning off ssid at times can create some issues in a busy wifi environment. Bottom line is that for good wifi security just ensure that a. you use WPA or WPA2 encryption with a strong key 20+ characters and b. you use the strongest password your router will allow. c. ensure you do not turn on or alllow unsecured remote access to your router or a PC. d. as far as ssid. leave it on and make it unique for you to recognize out of the crowd but not that it points to your house/location/personal identification As I have stated previously, the only thing worse than no security is a false sense of security, which is the problem your exposing once again. SSID is NOT a security mechanism. I'm not ignoring anyone on here. I've read all the posts and now understand why turing off SSID isn't a good security method.
Question for you: How do I do option C?
--
»Check this out! |
|
docrice
join:2008-03-31
Fremont, CA | Most consumer routers have a "remote administration" option that allows access to the router's admin console from external networks. It's like allowing access to your home alarm's control panel from a place outside the house. |
|
saltyvinegar
join:2009-06-17
Gloucester, ON | reply to fonzbear2000
If you want to add another level of security to prevent hacking then make sure you enable MAC filtering and only allow the MAC addresses of your local PC's or devices to connect. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
| Another item that adds really nothing once you have a strong WPA encryption setup. Mac addresses are easily spoofied by the people that fonz is trying to protect himself from, and thus your advice is not all that helpful. If you have it already setup, there is no harm in leaving it in place, ie no ill effects, but do not presume this gives one any security. |
|
ameritech
The Helping Hand
join:2008-09-26
Winnetka, IL
·AT&T Yahoo
 ·AT&T CallVantage
 ·Comcast
·AT&T Yahoo
 ·Dish Network
| reply to Mem
The network can be hacked easily, if the hacker gives a flying crap. The hacker can guess your SSID if it just suddenly drops off radar. For best results, use no personal info in SSID, change it as soon as Broadcast turned off, and, for crying out loud, don't pick the default one (ie: NETGEAR, linksys, 2WIRE192).
--
"When it comes to technology, if you are not part of the steamroller, you are part of the road." -Anon.
Find me @: »www.tinyurl.com/alanxweb |
|
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN | reply to fonzbear2000
Thanks for the suggestions in the last 4 posts, however, I have no idea how to do what's being suggested.
--
»Check this out! |
|
keeska
Premium
join:2007-04-06
Sedona, AZ
| reply to ameritech
quote:
change it as soon as Broadcast turned off
I assume this is a mis-type and you are not really recommending the so called "disable SSID broadcast" so may clueless router vendors include in their products? |
|
docrice
join:2008-03-31
Fremont, CA
| reply to fonzbear2000
It seems to me that the main issue here is your unfamiliarity with wireless networking in general, the options available regarding network administration, and the risks / benefits of each feature. Like anything else, 802.11 / Wi-Fi has a learning curve if you want to do anything beyond just hitting the connect button and doing minor client-side configuration.
This is unfortunately the nature of all things computer-related and given how consumer marketing has shaped most people's expectation of Wi-Fi into, "It's so simple and you just press a button a voilà!" I can see how many people easily run into walls when it comes to the step 2 out of the box in order to enable security.
The truth is that since wireless networking isn't something you can "see" without appropriate tools and the skills to use them, you have to rely on the word of experienced individuals who understand how the protocols are designed and are aware of the established history of how device (in)compatibilities and vendor implementations have worked out. Almost all the time, this is not very accurately reflected in marketing materials or in quick-start user guides. |
|
