This is part 2 of a 3 part series where I am listing "dumb mistakes" network administrators make when configuring WLANs. In Part 1, I talked about the importance of eliminating excessive SSIDs. Today's mistake stays with the theme of SSIDs:
2. "Hiding" the broadcast of the SSID: SSID stands for Service Set Identifier. It is the network name that you see when you scan for wireless networks on your computer. There is an option on most access points to "hide" the SSID so its value is absent from beacon frames. In basic supplicant software such as the one that comes embedded in Windows, these networks do not show up as available connection options. Proponents say that disabling the broadcast of the SSID thereby protects the wireless LAN from attack because it adds a layer of defense. Attackers will have to spend time learning the SSID before then can continue to monitor the network, circumvent encryption & authentication, and move on to more sophisticated attacks.
However, there are many commercial and free programs such as Kismet that can quickly decipher "hidden" SSIDs. Other programs such as Netstumbler, may not fully resolve the SSID, but they will show the existence of access points with a null SSID. Netstumbler does this by sending out active probe requests. Even if the SSID is hidden, per the IEEE standards, Access Points are required to respond to such requests. Although this response doesn't contain the actual SSID, it contains other useful information such as the MAC address, channel number, signal level, etc. Attackers can use this information as a spring board for their attack, just as they could if they found out the actual SSID.
Here's the kicker: legitimate users also need to know the SSID in order to associate to the wireless network. Hiding the broadcast of the SSID often causes legitimate users confusion about where to connect, leading to a dramatic increase in calls to the organization's help desk.
Bottom line, since the SSID can be detected so easily, it provides little security from malicious attack. It is more of an inconvenience to your own users than it is an obstacle to even semi-skilled hackers.
Tomorrow is the conclusion to this series, which discusses time slicing wireless intrusion detection.