Windows Vista sees your wireless network because the access point (AP) broadcasts the network's service set identifier (SSID). However, when you connect to a wireless network, Vista offers a Save Network check box. If you leave that check box activated, Vista remembers the wireless network, and will connect to it automatically the next time it comes within range. Therefore, after all of your computers have accessed the wireless network at least once, you no longer need to broadcast the network's SSID. Therefore, conventional wireless wisdom says that you should use your AP setup program to disable broadcasting and prevent others from seeing your network.
However, you should know that when previously authorized devices attempt to connect to a nonbroadcasting network, they include the network's SSID as part of the probe requests they send out to see whether the network is within range. The SSID is sent in unencrypted text, so it would be easy for a snoop with the right software (easily obtained from the Internet) to learn the SSID. If the SSID is not being broadcasted as a way to hide a network that's unsecure or that uses an easily breakable encryption protocol, such as WEP, hiding the SSID in this way actually makes the network less secure.
Of course, you aren't trying to hide an unsecure network, right? As a savvy wireless network administrator, you have WPA or WPA2 encryption enabled. So in your case, disabling SSID broadcasting either keeps your security the same or improves it:
Simple, right? Well, maybe. Okay, there is one scenario where hiding your SSID can make your wireless network less secure. If a cracker detects that you've disabled SSID broadcasting, he might think you've done it because you've got something particularly important or sensitive to hide, so he might pull out all the stops to crack your network. How likely is this? Not very. Most crackers want easy targets, and most neighborhoods supply them, so unless a snoop knows that you're hiding something juicy, he'll almost certainly move on to a less-secure network.
Paul McFedries is the author of more than 60 computer books that have sold more than 3 million copies worldwide. His recent titles include Windows Vista Unleashed, Windows Home Server Unleashed, Formulas and Functions with Microsoft Excel 2007, Tricks of the Microsoft Office 2007 Gurus, and Microsoft Access 2007 Forms, Reports, and Queries. Paul also operates Word Spy, devoted to tracking new words and phrases as they enter the English language. You can also follow Paul on Twitter.
Paul's book Networking with Microsoft Windows Vista: Your Guide to Easy and Secure Windows Vista Networking, is featured on Microsoft Subnet as the October, 2008, book giveaway:
Read a sample chapter of Networking with Microsoft Windows Vista.
Buy a copy of the book now.
Enter your name for a chance to win one of 15 copies of Microsoft Subnet's monthly giveaway.
The Leader in Network Knowledge
Wireless SSID hiding is bad advice
OK, so I can't really tell from your writing whether you're advocating SSID hiding or not, but anyone who does hide SSIDs is invited to publish their phone number to take help desk calls from all of the legitimate users who need to get on the wireless network---but can't because some moron turned off SSID broadcasting.
Security with a business purpose and risk reduction is good. Security with (as I *think* you're suggesting) virtually no value which blocks the easy use of technology is bad. Security of enterprise IT must *never* be discussed out of context, or it's just meaningless drivel. (Not accusing you of that; just pointing out the general point that I've seen others violate over and over and over again)
I was talking about small networks
Sorry, I should have made it clear that I was talking about small networks here: home or SOHO setups. Obviously, turning off SSID broadcasting on a large network would be a nightmare.
not neccessarily
having broadcasting off does not prevent legitimate users from connecting. if you manage your laptops with a central management tool, and all the laptops are built from a common image, you can have your wireless settings automatically configured (and securely locked down), such that not broadcasting does not pose an issue.
this scenario does work for a large organization (speaking from personal experience) where the laptop configurations are tightly controlled. it wouldn't be helpful in a situation where you have many laptops without a common control mechanism - for example, for a guest wireless network, or perhaps a university setting.
Myth 1: Turning OFF SSID Broadcasting Increases Security
Oh my. Any cracker capable of using decrpytion tools will surely have the simpler tools necessary to find "hidden" SSIDs.
Yet another myth squashed.
Just turn on encryption and use a modern WiFi system with modern security.
Ken Biba
Managing Director
Novarum, Inc.
www.novarum.com