To Hide or Not to Hide…Not even a question!

Hiding your SSID does nothing for you…

There, I have stated it out loud.

Look, for all you security types who think hiding the SSID makes it less likely to be noticed, guess what?  It will likely lure more people (read: script kiddies) to want to test it out!  Security through obscurity is sooooo last century!

Today there are many apps and programs designed to “unhide” your SSID, it isn’t difficult at all to find it.  There’s a part of the 802.11 protocol that requires Access Points to respond to a Probe Request (think of a client devices asking the question, “What networks exist here?”) with all their networks, regardless of if they are hidden or not.  Hiding the SSID only stops them from being transmitted in a Beacon, which is akin to not announcing their presence unsolicited; however, when asked the AP must respond and tell the device asking the full list.  This is how the SSID can be uncovered fairly quickly.

Very few client devices work off of passively listening to the airwaves first to find the network they are interested in.  Most use the active probing for “ANY” SSID since it makes for faster roaming and association as the device doesn’t have to wait to hear the SSID before it can find a network.

The one exception to the active probing is in regards to DFS frequency usage, at least in the US.  On a channel that follows the DFS requirements, the client device is not allowed to send a Probe unless it hears an Infrastructure AP “speak” first.  This is because the client device is not programmed to assess the air for radar events, thus it trusts that if an AP is talking it is okay to transmit.  Hiding the SSID in this scenario can make a client miss an AP that would normally be available for roaming and association, causing issues with connectivity for those clients.  I’ve seen it.  And with the increasing use of 5GHz along with the necessity of Wi-Fi connectivity, the last thing you want is for your devices to encounter trouble while roaming.

For those security conscious people out there, do yourself and your Wi-Fi consumers a favor – focus on getting rid of those clients that cannot support anything but WEP or even WPA-PSK (TKIP) support.  Use a method advocated with an RSN (Robust Security Netowrk) and let your SSIDs be known and advertised!  You could potentially save yourself (and your Wi-Fi admins) some headaches.

(Steps down off the soap box…)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s