New here, wanted to say hi, and ask a SSID question.
Last Post: November 1, 2005:
-
Just wanted to say hello to everyone. This looks like an incredible site and I look forward to learning from everyone. I'd like to be certified, I am currently a MCP in Windows 2000 and XP, however I have a growing interest in wireless networks that brought me here. Hopefully I can keep up with the experts here and someday have a wireless certifictaion. First things first... :)
I have a wireless network at home. Just a laptop w/ Orinoco card, 802.11b and a Linksys wireless router. It is a great setup and I just went through the Linksys documentation on securing it. I've disabled the SSID from being broadcast. Enabled 128bit WEP encryption, and also enabled MAC filtering for the Orinoco's MAC address. I've also been reading on SSIDs...
I understand that in order to connect to an AP you need to have the correct SSID. (If any of this is wrong please correct me.) Now, a SSID is broadcast in clear text, which makes it easy for someone to sniff it, therefore it is suggested to disable it. I assume you disable it that way any device connecting to your AP must be setup by you, the administrator. Not just anyone walking around with a wireless device. That makes sense.
So why is the broadcasting of the SSID enabled by default? (It was enabled by default on my router.) Is there a situation where you would want to broadcast your SSID? -
Sort of "if it ain't broke, don't fix it" default configuration. When you buy the Linksys router and plug it in it works. When you start to implement security measures (MAC filtering, WEP, disable SSID, etc.) you need to have some idea what you are doing. Since the ordinary consumer doesn't want to deal with things (Plug & Play mentality), they are satisfied with the default configuration. Just war drive and see the number of home network (and business networks) with "linksys" as their SSID.
-
That makes sense. I have been doing some war driving as of late. I can't even begin to tell you how many default config AP there are around here. I went down one of the main streets and the SSID was set to the business name and was wide open.
-
That makes sense. I have been doing some war driving as of late. I can't even begin to tell you how many default config AP there are around here. I went down one of the main streets and the SSID was set to the business name and was wide open.
Sorry that was me, forgot to log in. -
Oh, and one more thing. I did some reading and it appears that broadcasting the SSID can help when you have devices that are roaming. This way you won't get bad performance when roaming and having to associate to the AP over and over again. I saw a white paper on it. Makes sense. I need to do some sniffing and roam with my laptop, see if I can see the association take place and how far out it happens. I go all over the house, and in the backyard with my laptop. I wonder if it hurts the performance of the signal.
-
if you disable SSID broadcast and if you have a wireless XP computer, you will have problems in making it connect. XP are made to connect only to those AP that has their SSID broadcast enabled.
in the other hand if you are using the wireless utility of your card, you can have your SSID broadcast with no problem.
just some things i noticed... -
Hi:
The IEEE 802.11 standard requires the SSID be published in beacons. Not inclulding the SSID in beacons violates the standard.
The IEEE 802.11 standard requires that all AP's respond to probe requests that specify the null SSID. Not responding with a probe response that includes the SSID violates the standard.
Attempts to hide SSIDs can be easily subverted, afford no real security, and can create significant inconveniences for users.
Besides violating the IEEE 802.11 standard these techniques are silly attempts to compensate for the embarrassments of broken WEP based authentication and frame protection. Now that better authentication and frame protection are standardized and available, all attempts to obscure the SSID should be left behind.
Thanks. /criss -
Hi,
Im a newbie here. Criss is perfectly right. Disabling the AP from broadcasting its SSID is a violation of the standard. Infact, when I was going through this discussion, I was surprised to see that LinkSys has given the option of disabling SSID broadcast. We have not provided this feature in our product (still under development phase) and so was wondering if we need to include that also.
Regards,
Harsha. -
If disabling broadcast SSID is a violation of the standards, then everyone is breaking the rules. I haven't used an AP that won't allow you to disable it. If I were to develop an AP, it would be a given that you would be able to disable broadcast. On a slightly different topic, some vendors (Cisco I know of) disables the radios out of the box. This is a security feature, albeit a simple one, but good.
A guest also said that if you disable the broadcast SSID on the AP an XP computer won't be able to connect to it. This is not correct. XP will connect to it, you just have to add it on the wireless zero configuration screen. One problem that XP has (this is probably what you noticed) is that it will sometimes only connect to the first SSID in the list. Deleting the other entries (although not convenient) fixes the problem right away.
To The Dude: You talk about disabling SSID broadcast as hurting roaming. When you are talking about going all over your house and into your backyard, that is not roaming. Roaming is being associated to one access point and then associating (reassociating) to another access point, usually while moving. It is much more complicated than this, but you can't "roam" with just one AP. Whether you broadcast the SSID or not does not affect the signal.
One other thing that was mentioned was MAC filtering. This is another one of those "security" methods that only stop the most novice of hackers. A simple packet capture and spoof of a MAC address will circumvent that security (used lightly) feature. Wouldn't take more than 30 seconds.
For those of you just joining, if you don't mind getting a login and giving us your location that would be great. So far I'm the only guy in Arkansas, but that is to be expected. :) -
Hi GT of Arkansas:
Good post. Well said. Please pardon me for resuming the soapbox on the SSID question:
It is no violation of the IEEE 802.11 standard to build and sell an access point that hides SSIDs. Apparently all vendors offer this proprietary feature, and apparently so with the blessing of the Wi-Fi Alliance. Since no small number of customers expect this feature, vendors are hard pressed not to offer it.
It is a violation of the IEEE 802.11 standard to hide SSIDs, either by nulling that field in beacons or by declining to respond to probe requests that carry a null SSID. By design readily seeing SSIDs in WLAN client software is a significant convenience to WLAN users trying to use an unlicensed public RF medium.
Now (2005) that WPA and WPA2 are with us, we should stop using WEP and all the pseudo security features and practices invented to ameliorate WEP. These distract us from better security and may make us less secure. We should stop hiding SSIDs, stop using obscure SSIDs, and stop filtering MAC addresses. Choosing power levels to project less signal beyond a service area, and choosing and positioning antennae to project less signal beyond a service area may make us better neighbors but also should not be pursued as "security".
The IEEE 802.11 standard, as amended by 802.11i (2004), deprecates WEP and urges that it not be used. One day vendors will feel free to eliminate it from their feature sets as a service to their customers. Hopefully the "Hide the SSID" feature will disappear as well. Meanwhile just don't use either.
I hope this helps. Thanks. /criss