Skip to main content

The Illusion of Hidden SSIDs

November 26, 2013

First a few definitions:

BSS (Basic Service Set) – The basic building block for a WLAN, a single access point and its clients SSID (Service Set IDentification) – String used as the network name for WLANs

BSSID (Basic Service Set IDentification) – The unique identifier for a BSS

ESSID (Extended Service Set IDentification) – Two or more BSS that share the same SSID

Quite often, we are asked to make a recommendation on whether to hide or not to hide SSIDs. In this case, security through obscurity is a myth. “Hiding” an SSID usually consists of turning off the beaconing mechanism of an access point. This can be effective in obscuring the SSID for the casual passer-by, but does nothing to really hide the network. Someone of any skill level using a wide variety of free tools can discover the network. Even Windows 7 natively identifies the network as hidden. This discovery is possible because there are other mechanisms at work which broadcast the SSID.  “Hiding” an SSID by turning off beacons is one mechanism. Probe requests from client devices also contain this data, as well as probe responses, association requests, etc.  Hiding beacons can also  impede roaming and introduce technical and operational issues when trying to troubleshoot user connectivity.

The approach that you want to take is looking at your organization’s needs. What are the use-cases? What SSIDs do you need? What authentication and encryption methods are supported? Can you consolidate by using role-based access?  Once you have an assessment of your needs, you can put a plan together taking into consideration the appropriate security mechanisms.

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 25, 2017

Identity and Access Management Program Primer

Learn how to create an identity and access management maturity roadmap tailored for your organization.

See Details

January 27, 2012

Identity and Access Management - Goal-driven Business Cases You Can't Ignore

From a 30,000-foot-view perspective, the idea of risk being a driver and a business proposition for the implementation of Identity and Access Manageme...

See Details

January 05, 2016

How secure is your WPA2-Enterprise WLAN?

If you let your client’s control their supplicant, you have NO control. When you deploy your WLAN, with the advent of changes in standards for 802.11n...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.