January 22, 2012

1.6.8 SSID Broadcast

SSID broadcast

The SSID (Service Set IDentifier), or network name, of your wireless network is required for devices to connect to it.

SSID is a function performed by an Access Point (AP) that transmits its name so that wireless stations searching for a network connection can 'discover' it. It's what allows your wireless adapter's software to give you a list of the AP in range.

Wireless APs and routers can automatically broadcast their network name (SSID) into open air at regular intervals (every few seconds) to announce their presence. This feature of Wi-Fi network protocols is intended to allow clients to dynamically discover and roam between WLANs.

One method of "protecting" the network that is often recommended is to turn off the SSID broadcast. This should be considered a very weak form of security because it is a trivial process for an attacker to discover the presence of the access point besides the SSID broadcast.

Security by obscurity is no security at all.

SSIDs are not encrypted or otherwise scrambled, it becomes easy to grab one by snooping the WLAN looking for SSID broadcast messages coming from the router or AP. Knowing your SSID brings hackers one step closer to a successful intrusion.

All 802.11 wireless networks, regardless of the kind of operating system or encryption you might use, also emit unencrypted frames at times. One kind of unencrypted frame is an association frame. This is what a client computer, or "supplicant" in the 802.11 protocol vernacular, emits when it wants to join a wireless network. Contained within the frame, in clear text of course (since the frame is unencrypted), is the SSID of the network the supplicant wants to join.

An SSID is a network name, not a password. It is not designed to be hidden.

A wireless network has an SSID to distinguish it from other wireless networks in the vicinity. It's a violation of the 802.11 specification to keep your SSID hidden and, even if you think your SSID is hidden, it really isn't.

Having SSID broadcast disabled essentially makes your Access Point invisible unless a wireless client already knows the SSID, or is using tools that monitor or 'sniff' traffic from an AP's associated clients.

Related Terms
  • Site survey
  • War driving
  • War chalking
  • Basic Service Set (BSS)
  • Access Point (AP)
References:
  • http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx
  • http://compnetworking.about.com/cs/wirelessproducts/qt/disablessidcast.htm
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment