Wednesday, July 30, 2008

Wi-Fi Mythbuster: Do *NOT* disable SSID

Wi-fi users are often advised to disable or hide the SSID (Service Set Identifier, or simply, the network name) of their routers as a security measure. This tip appears in numerous web pages, books, and magazines. It even shows up on the websites of wireless product manufacturers.
The idea behind disabling SSID is to make your wireless router “invisible” to hackers and other malicious users.

It's been repeated so often that many people just assume it is true. So it has become the tech equivalent of an old wive's tale, you know, like not swimming for an hour after you eat, or you'll get cramps and drown.

Unfortunately, merely disabling SSID is ineffective as a security measure, and any active wi-fi router can be revealed quite easily. Free tools like Netstumbler will display all active wi-fi routers, regardless of whether their SSID is hidden. Worse, disabling SSID can actually degrade network performance.

The SSID myth was actually been debunked for years. No less than Robert Moskowitz, senior technical director at ICSA Labs warned against it as far back as Dec 2003, in a paper titled “Debunking the Myth of SSID Hiding” (PDF file).
“Efforts to hide the SSID are at best half-measures which lead to a false sense of security and to a degradation of wireless network performance.” Moskowitz wrote.

Microsoft also advices against disabling SSIDs, as evidenced by these two pages from its TechNet website — “Non-broadcast Wireless Networks with Microsoft Windows”, and “Non-Broadcast Wireless SSIDs: Why hidden wireless networks are a bad idea

So, you should merely change your router’s SSID, and not disable it. Also implement other security measures such as enabling WPA encryption (don't use WEP), changing the default router password, and filtering by MAC address.

No comments: