Why Disabling The SSID Broadcast On Your Wireless Network Access Point Is Bad
Google “Wireless Security” and you’ll find numerous websites which recommend that SSID (Service Set Identifier) broadcasting be disabled on wireless network access points. In fact, you’ll be hard pressed to find a website that recommends leaving it enabled. According to Steve Riley, a senior security strategist in Microsoft’s Trustworthy Computing Group, the claim that disabling broadcasting can enhance security is, “A myth that needs to be forcibly dragged out behind the woodshed, strangled until it wheezes its last labored breath, then shot several times for good measure.”
What is SSID Broadcasting?
The SSID is the name of your network and broadcasting it enables the people who need to use the network to be able to find it and connect to it easily. When you click on the icon in your Taskbar to view available networks, the networks that you see are listed because they’re broadcasting their SSIDs. Unfortunately, broadcasting the SSID also enables your network to be easily discovered by hackers – at least, that’s what the websites which recommend disabling SSID broadcasting would have you believe. The reality is, however, very different. Disabling broadcasting can actually compromise your security as explained in “Why Non-broadcast Networks are not a Security Feature” from Microsoft. Furthermore, tools such as Kismet enable non-broadcasting networks to be discovered almost as easily as broadcasting networks.
Why You Shouldn’t Disable SSID Broadcasting
Disabling broadcasting will also make life more difficult for the people who need to be able to connect to your network. Should you choose to disable your SSID broadcast, you’ll almost certainly see an increase in support calls from staff who are unable to find and connect to your network. But that’s not the only problem. Should your staff not be able to see your network, they may end up connecting to one that they can see – and that network may not be secure meaning that your company data will be whizzing through the air in unencrypted form.
SSIDs were meant to be broadcast, so go ahead and broadcast them! Doing so will not in any compromise your security.
One other thing that’s worth mentioning: many of the websites that recommend disabling your SSID broadcast also recommend enabling MAC filtering. Don’t do it! MAC filtering is so incredibly easy to bypass that it provides no real security whatsoever – and certainly not enough to even to begin to justify the time it takes to set up.
To find out how to properly secure a wireless network, see our article on the subject and also see Microsoft’s document Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks.