fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
| Questions about SSID broadcasting. Even though I have my network secured with WPA, I am thinking about turning off SSID just as an extra measure to prevent an outsider from hacking my encryption password.
1. If I turn it off, do I have to turn it back on again when I restart my computers in order for the computers to connect to the network?
2. Will turning it off in anyway affect the performance on the network? Such as download speeds?
--
»Check this out! | |
|
 
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| Re: Questions about SSID broadcasting. There's no real benefit to turning off the SSID broadcast. However, if you turn it off, you should still be able to connect.
In windows, the effect is that you cannot scan for wifi networks, then click "connect" on the selected one. Rather, you have to manually enter the SSID and key before you can connect. If you put the hidden network early in the list of configured WiFi networks, then Windows will thereafter automatically connect (assuming you allow that). If the hidden net is too low on the list, it will only be found if nothing earlier on the list is found.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10 | |
|
 |
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
| Re: Questions about SSID broadcasting. No benefit? To me a HUGE benefit would be that outsiders wouldn't be able to pick up my network signal and try to hack my network. If I do decide to do this, what is the SSID key and how do I manually enter it?
--
»Check this out! | |
|
| |
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | Re: Questions about SSID broadcasting. They can still pick up your network signal, and they can still try to hack.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10 | |
|
| | |
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
1 edit | Re: Questions about SSID broadcasting. said by nwrickert  :They can still pick up your network signal, and they can still try to hack. How can they pick it up if SSID broadcasting is turned off?
This is what my router says about SSID:
"Broadcast SSID
It is possible to make your wireless network nearly invisible. By turning off the broadcast of the SSID, your network will not appear in a site survey. Site Survey is a feature of many wireless network adapters on the market today. It will scan the "air" for any available network and allow the computer to select the network from the site survey. Turning off the broadcast of the SSID will help increase security."
--
»Check this out! | |
|
| | | | 
Mem
join:2002-01-03
USA
·AT&T Southeast
| Re: Questions about SSID broadcasting. Kismet can see SSID's that are turned off (since they are still broadcast in other protocols of the wireless) or you can use airopeek & airodump.
I prefer to leave it enabled, it is the encryption you use that secures the signal from others accessing your network. Use a secure password for the encyption. | |
|
| | | | | 
ameritech
The Helping Hand
join:2008-09-26
Winnetka, IL
·AT&T Yahoo
 ·AT&T CallVantage
 ·Comcast
·AT&T Yahoo
 ·Dish Network
| Re: Questions about SSID broadcasting. The network can be hacked easily, if the hacker gives a flying crap. The hacker can guess your SSID if it just suddenly drops off radar. For best results, use no personal info in SSID, change it as soon as Broadcast turned off, and, for crying out loud, don't pick the default one (ie: NETGEAR, linksys, 2WIRE192).
--
"When it comes to technology, if you are not part of the steamroller, you are part of the road." -Anon.
Find me @: »www.tinyurl.com/alanxweb | |
|
| | | | | | keeska
Premium
join:2007-04-06
Sedona, AZ
| Re: Questions about SSID broadcasting. quote:
change it as soon as Broadcast turned off
I assume this is a mis-type and you are not really recommending the so called "disable SSID broadcast" so may clueless router vendors include in their products? | |
|
| | | | | | | |
| | | | | | | | 
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS | Re: Questions about SSID broadcasting. What farcical advice. Please don't post here if you have no clue how wifi works please ameritech. | |
|
| | | | | | | | 
F430
@cox.net
| quote:
I am, and so is most of this thread.
Actually besides you and one or two people new to wireless no one who understands how wireless works has recommend disabling SSID broadcast in this thread.
quote:
in conjunction with WPA2 , MAC Addr. filtering, and DHCP address limiting.
Is your WPA PSK that bad that you have to resort to tricks? How about you set a good WPS PSK and forget the remaining tricks. | |
|
| | | |
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| How can they pick it up if SSID broadcasting is turned off? A casual windows user will not pick it up. Somebody with hacking tools will. The SSID is not broadcast, but it is still sent in other packets and can be found with suitable tools.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10 | |
|
| | | |
F430
@cox.net
| quote:
To me a HUGE benefit would be that outsiders wouldn't be able to pick up my network signal
They are always able to pick up your network signal unless you turn your wireless Access Point (AP) or router with built in AP off. Your AP is always broadcasting. The so called "SSID broadcasting off" setting is actually telling the AP to send an empty name when it broadcasts. The AP still broadcasts several packets each second even if there is no traffic. And if a new PC/MAC tries to join the network the SSID is broadcast while that machine is joining the network.
quote:
try to hack my network.
Certainly. Anyone looking can still see your AP broadcasting and in less then a minute download the tools to start hacking if they have not so already. The only way to stop people seeing your AP is to pull the plug.
Note: Some Windows and Macintosh wireless drivers will fail to connect to an AP if they do not see its SSID broadcast even if you configure the SSID on your PC or MAC. I have a relatively large number of such machines I have to support. | |
|
| | | |
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
1 edit | The problem fonzbear is that your taking marketing crap from a router vendor as gospel but ignoring well educated and informed posts from IT professionals and experienced users.
The only practical thing turning off ESSID will do is attract the attention of those you wish to avoid. On top of that you run the risk of making it difficult for you and your family to use your own system as turning off ssid at times can create some issues in a busy wifi environment.
Bottom line is that for good wifi security just ensure that
a. you use WPA or WPA2 encryption with a strong key 20+ characters and
b. you use the strongest password your router will allow.
c. ensure you do not turn on or alllow unsecured remote access to your router or a PC.
d. as far as ssid. leave it on and make it unique for you to recognize out of the crowd but not that it points to your house/location/personal identification
As I have stated previously, the only thing worse than no security is a false sense of security, which is the problem your exposing once again. SSID is NOT a security mechanism.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment | |
|
| | | | |
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
| Re: Questions about SSID broadcasting. said by Anav :The problem fonzbear is that your taking marketing crap from a router vendor as gospel but ignoring well educated and informed posts from IT professionals and experienced users. The only practical thing turning off ESSID will do is attract the attention of those you wish to avoid. On top of that you run the risk of making it difficult for you and your family to use your own system as turning off ssid at times can create some issues in a busy wifi environment. Bottom line is that for good wifi security just ensure that a. you use WPA or WPA2 encryption with a strong key 20+ characters and b. you use the strongest password your router will allow. c. ensure you do not turn on or alllow unsecured remote access to your router or a PC. d. as far as ssid. leave it on and make it unique for you to recognize out of the crowd but not that it points to your house/location/personal identification As I have stated previously, the only thing worse than no security is a false sense of security, which is the problem your exposing once again. SSID is NOT a security mechanism. I'm not ignoring anyone on here. I've read all the posts and now understand why turing off SSID isn't a good security method.
Question for you: How do I do option C?
--
»Check this out! | |
|
| | | | | | docrice
join:2008-03-31
Fremont, CA | Re: Questions about SSID broadcasting. Most consumer routers have a "remote administration" option that allows access to the router's admin console from external networks. It's like allowing access to your home alarm's control panel from a place outside the house. | |
|
| | munky99999
Munky
join:2004-04-10
canada
clubs:
| said by fonzbear2000 :No benefit? To me a HUGE benefit would be that outsiders wouldn't be able to pick up my network signal and try to hack my network. If I do decide to do this, what is the SSID key and how do I manually enter it? Actually hiding your broadcast generally has a NEGATIVE benefit.
1. Adminstrative. You essentially have more trouble in getting your computers connected. Connecting by clicking from a list vs manually inserting all the details...
2. From a cracker's point of view... we can see you even with you not broadcasting. Then it becomes a question... What are you trying to hide? Also more fun and a challenge to crack you.
IOW by not broadcasting... you are attracting the crackers. | |
|
docrice
join:2008-03-31
Fremont, CA
| No and no. The only thing "turning off the SSID" does is null the value of the network name field in the 802.11 beacon. Anytime a station associates or re-associates, that value is sent in the clear within the respective 802.11 frames. For this reason, it's not considered a security measure at all, except to superficially reduce confusion in areas where there are a lot of access points announcing themselves and prevent someone from accidentally selecting your network.
»wicked-styles.com/bitsandpieces/···ecurity/ | |
|
|
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
| Re: Questions about SSID broadcasting. said by docrice :No and no. The only thing "turning off the SSID" does is null the value of the network name field in the 802.11 beacon. Anytime a station associates or re-associates, that value is sent in the clear within the respective 802.11 frames. For this reason, it's not considered a security measure at all, except to superficially reduce confusion in areas where there are a lot of access points announcing themselves and prevent someone from accidentally selecting your network. » wicked-styles.com/bitsandpieces/···ecurity/ Sorry, but I have NO idea what you're talking about and I'm not sure what I'm supposed to be looking for at that link.
--
»Check this out! | |
|
docrice
join:2008-03-31
Fremont, CA
| Turning off the SSID does not turn off the signal. It's still broadcasting. The beacon that's transmitted 10 times a second just doesn't transmit the SSID value. This is how the 802.11 protocol works.
If you really want to understand how Wi-Fi / 802.11 networking works from a security lockdown perspective, I'd recommend reading the article that I wrote (which I linked to). What your router is saying either in the manual or in the admin interface somewhere is only conveying a simplistic interpretation of how wireless connectivity works. | |
|
saltyvinegar
join:2009-06-17
Gloucester, ON | If you want to add another level of security to prevent hacking then make sure you enable MAC filtering and only allow the MAC addresses of your local PC's or devices to connect. | |
|
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
| Re: Questions about SSID broadcasting. Another item that adds really nothing once you have a strong WPA encryption setup. Mac addresses are easily spoofied by the people that fonz is trying to protect himself from, and thus your advice is not all that helpful. If you have it already setup, there is no harm in leaving it in place, ie no ill effects, but do not presume this gives one any security. | |
|
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN | Thanks for the suggestions in the last 4 posts, however, I have no idea how to do what's being suggested.
--
»Check this out! | |
|
| docrice
join:2008-03-31
Fremont, CA
| Re: Questions about SSID broadcasting. It seems to me that the main issue here is your unfamiliarity with wireless networking in general, the options available regarding network administration, and the risks / benefits of each feature. Like anything else, 802.11 / Wi-Fi has a learning curve if you want to do anything beyond just hitting the connect button and doing minor client-side configuration.
This is unfortunately the nature of all things computer-related and given how consumer marketing has shaped most people's expectation of Wi-Fi into, "It's so simple and you just press a button a voilà!" I can see how many people easily run into walls when it comes to the step 2 out of the box in order to enable security.
The truth is that since wireless networking isn't something you can "see" without appropriate tools and the skills to use them, you have to rely on the word of experienced individuals who understand how the protocols are designed and are aware of the established history of how device (in)compatibilities and vendor implementations have worked out. Almost all the time, this is not very accurately reflected in marketing materials or in quick-start user guides. | |
|
|
|
fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN
| Re: Questions about SSID broadcasting. Well, 2 people responded and said it wasn't a concert so I guess I'm not going to worry too much about it.
--
»Check this out! | |
|
| | docrice
join:2008-03-31
Fremont, CA
| Re: Questions about SSID broadcasting. The Wi-Fi access point component of your home router bridges client connections to your internal network, not to the external interface drop on your router. Those ICMP probes you see on the external interface isn't directly relevant to how you configure link-layer connectivity and security for your home.
The general consensus in Wi-Fi / 802.11 security for the common household is this: WPA2-PSK (using CCMP / AES) with a 20+ character, randomly-generated passphrase, preferably 63 to utilize the entire "key space," so to speak.
»https://www.grc.com/passwords.htm
If any of your clients or potential clients (such as friends with really old laptops) might not support WPA2-capable hardware, then WPA-PSK via TKIP / RC4 is your next best option.
If you want to layer on the "security through obscurity" tricks (which amount to paper-thin armor equivalent), then MAC address filtering, "non-standard" IP spaces, are options, although almost no one recommends them for good reason. | |
|
|
| 
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| Re: Questions about SSID broadcasting. said by DaMaGeINC : Also making sure your pc's dont connect to any available network in range option is unchecked. Where would that be located?
--
Patriotism is not waving a flag, it is living the ideals
Bush & Co. didn't keep us safe - 9/11 happend on their watch! | |
|
| | 
DaMaGeINC
The Lan Man
Premium
join:2002-06-08
Greenville, SC
clubs: | Re: Questions about SSID broadcasting. In your wireless properties. Advanced somewhere | |
|
| | 
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
| said by DownTheShore :Where would that be located? It's generally called 'ad-hoc networks' and should be located in your wireless utility, including the Windows wireless version.
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous | |
|
| | |
DaMaGeINC
The Lan Man
Premium
join:2002-06-08
Greenville, SC
clubs: | Re: Questions about SSID broadcasting. What does Ad-Hoc have to do with anything? | |
|
| | | |
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
| Re: Questions about SSID broadcasting. said by DownTheShore :said by DaMaGeINC : Also making sure your pc's dont connect to any available network in range option is unchecked. Where would that be located? Uh, in response to DTS...
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous | |
|
|
|
|
