Wireless networks are identified by the service set identifier (SSID), used as a network name. However, should SSID broadcast be enabled or disabled? If you’re taking the Security+ exam, that’s an important concept you should understand. More, you can expect to see two different perspectives on whether SSID broadcast should be disabled or not.
At some point, someone stated that the SSID was a password and many IT professionals latched onto the idea that you can increase security by disabling the SSID broadcast. Others say that the SSID has nothing to do with security and disabling the broadcast reduces usability but does not increase security.
Master Security+ Performance Based Questions Video
First, the SSID is not a password.
A password is used for authentication to prove an identity. For example, a user can use a password with a username. The username is the claimed identity, and the password proves the user’s identity. However, a SSID is a network name and all users must use the same SSID. None of the users are authenticated with the SSID. Adding authentication to wireless connections certainly provides stronger security, but you do so with an 802.1x or RADIUS server.
Second, attackers can easily discover SSIDs, even when SSID broadcast is disabled.
WAPs must regularly send out a beacon frame to ensure interoperability with other devices in the wireless network. This beacon frame includes the SSID and if the SSID broadcast is disabled, the SSID entry is blank. However, even if SSID broadcast is disabled the WAP includes the SSID in Probe responses sent in response to Probe requests from authorized wireless clients. Because of this, it’s easy for an attacker with a wireless sniffer to listen for the Probe responses and detect the SSID.
In short, disabling the SSID does not provide any security. It’s a trivial matter for an attacker to discover it if it is enabled or disabled. Steve Riley wrote in a security blog titled “Myth vs. reality: Wireless SSIDs“ that disabling the SSID for security “is a myth that needs to be forcibly dragged out behind the woodshed, strangled until it wheezes its last labored breath, then shot several times for good measure.”
What you should know for Security+.
If you’re taking the CompTIA Security+ exam, you may like to know about two perspectives.
- The SY0-201 exam (that retired December 31, 2011) came out in 2008 when the idea of disabling the SSID broadcast was more prevalent. Questions and answers clearly indicated that CompTIA test writers believed that disabling the SSID broadcast provides security.
- The SY0-301 exam (that retired December 31, 2014) tended to lean towards disabling the SSID broadcast doesn’t provide any security since an attacker can easily discover it anyway.
- The SY0-401 exam still includes “Disable SSID broadcast” within a wireless security objective, but CompTIA seems to have moved away from asking questions that indicate this provides security protection. However, it still does hide the wireless network from casual users.
While I’m talking about wireless security, it’s worth mentioning MAC filtering, supported by most WAPs. You can configure the WAP to allow traffic only from clients using specific MAC addresses. While this sounds good, it’s also easily circumvented by an attacker. An attacker with a wireless sniffer can capture packets and identify MAC addresses that are accepted. The attacker can then modify the operating system to spoof the MAC address bypassing the MAC filter.
This post includes graphics on how to configure a WAP including MAC filtering.
Great articleAnyway I might want to add a little bit to what you hinted upon when you said “WAPs must regularly send out a beacon frame to ensure interoperability with other devices in the wireless network”
And that is in the real world be careful about disabling SSID broadcasts, on certain devices such as certain types of Tablet PCs or other devices that support Wi-Fi, disabling SSID broadcasts can cause intermittent connection problems and sometimes a device can lose the connection and not be able to connected again unless you turn off and on you device’s Wi-Fi or turn on then off (or reset) on WAPs side. So if you have problems connecting devices to a wireless Access Point and you have SSID broadcast turned off, turn it on to see if there is any change.
If you’re able to disable SSID why would this be done?