Author Topic: Broadcast SSID?  (Read 409 times)

0 Members and 1 Guest are viewing this topic.

Offline daniel1948

  • Stopped Going Outside
  • *******
  • Posts: 4553
  • Cat Lovers Against the Bomb
Broadcast SSID?
« on: April 10, 2017, 07:20:27 PM »
I've always been under the impression that it's best for my home Wi-Fi network not to broadcast its SSID, so that any passing "sniffers" won't see it. Today when I happened to be in the Settings screen of my iPad, I noticed that under Wi-Fi there was a "Security" warning, and it said that by NOT broadcasting the SSID I was exposing myself to the possible loss of personal data, and advised that if it was my network, I should set it to broadcast the SSID. This is the opposite of what I'd always thought.

What's going on?
Daniel
----------------
"Anyone who has ever looked into the glazed eyes of a soldier dying on the battlefield will think long and hard before starting a war."
-- Otto von Bismarck

Offline moj

  • beer snob
  • Reef Tank Owner
  • *********
  • Posts: 8836
Re: Broadcast SSID?
« Reply #1 on: April 10, 2017, 08:52:17 PM »
It's not really worth the hassle to hide it. Pretty much any network scanner these days that you would worry about can already detect hidden networks. A strong password is far more important.

Offline 2397

  • Seasoned Contributor
  • ****
  • Posts: 909
Re: Broadcast SSID?
« Reply #2 on: April 11, 2017, 05:07:24 AM »
It's not a security feature, it's more of a doormat and you can decide if you want to tell people they're welcome to knock on your door.

Offline Caffiene

  • Stopped Going Outside
  • *******
  • Posts: 4794
Re: Broadcast SSID?
« Reply #3 on: April 11, 2017, 05:57:53 AM »
I noticed that under Wi-Fi there was a "Security" warning, and it said that by NOT broadcasting the SSID I was exposing myself to the possible loss of personal data, and advised that if it was my network, I should set it to broadcast the SSID.

Basically when the SSID is not broadcast by the router, it means clients of the network may be sending out signals searching for that SSID instead - in theory this allows a listener to more easily associate a client device with which network it is trying to connect to, and potentially impersonate the network.

In practice its not a huge risk, since any suitable network password and encryption in place will mean the client realises the fake (the impersonator cant impersonate the encryption handshake without already having compromised important network information via some other means). But the flip side is that, as MoJ and 2397 said, theres very little benefit to hiding the SSID in terms of security - it is just obfuscation, not real security, and easily discoverable.

The minor risks of hiding SSID combined with being less user friendly outweighs the negligible benefit of obfuscation. It goes in the "not worth it" basket.
[Lurk Mode Disengage]

Offline The Latinist

  • Cyber Greasemonkey
  • Technical Administrator
  • Frequent Poster
  • *****
  • Posts: 3939
Re: Broadcast SSID?
« Reply #4 on: April 11, 2017, 07:19:59 AM »
To simplify Caf's excellent and correct response: if your router's not saying 'I'm here,' then your devices are saying 'Are you there?''—not just when you're at home but everywhere you go. Someone might then be able to pose as your router and intercept your activity.  The likelihood of either being a problem is small, but since a hidden SSID doesn't accomplish anything but giving a false sense of security, it's best to just broadcast.
I would like to propose...that...it is undesirable to believe in a proposition when there is no ground whatever for supposing it true. — Bertrand Russell

Offline daniel1948

  • Stopped Going Outside
  • *******
  • Posts: 4553
  • Cat Lovers Against the Bomb
Re: Broadcast SSID?
« Reply #5 on: April 11, 2017, 11:18:02 AM »
Thank you all for this information. I had to do some searching to figure out how to log on to my router, but I've now enabled SSID broadcast.
Daniel
----------------
"Anyone who has ever looked into the glazed eyes of a soldier dying on the battlefield will think long and hard before starting a war."
-- Otto von Bismarck

Offline Ah.hell

  • Poster of Extraordinary Magnitude
  • **********
  • Posts: 10641
Re: Broadcast SSID?
« Reply #6 on: April 11, 2017, 12:07:36 PM »
This has been an informative thread, thanks daniel for asking the question.

Offline Jeremy's Sea

  • Kintsukuroi, baby.
  • Frequent Poster
  • ******
  • Posts: 3160
  • 667 - Neighbor of the beast.
    • jeremyad [sic]
Re: Broadcast SSID?
« Reply #7 on: April 11, 2017, 01:23:31 PM »
Tangentially related question for all you tech smartypantses: Is it worth restricting your home network to known mac addresses and just let visitors use the guest network logon?
Knowledge is power. France is bacon.

Offline The Latinist

  • Cyber Greasemonkey
  • Technical Administrator
  • Frequent Poster
  • *****
  • Posts: 3939
Re: Broadcast SSID?
« Reply #8 on: April 11, 2017, 01:28:35 PM »
In my opinion, you should use WPA2 with a strong pass phrase and otherwise not worrry about it.  MAC addresses can be cloned; it's another of those things that gives a sense of security without really creating any.  If you have a separate guest network, use a strong pass phrase on that, too, and keep it on a separate subnet if your router allows it.
I would like to propose...that...it is undesirable to believe in a proposition when there is no ground whatever for supposing it true. — Bertrand Russell

Offline Jeremy's Sea

  • Kintsukuroi, baby.
  • Frequent Poster
  • ******
  • Posts: 3160
  • 667 - Neighbor of the beast.
    • jeremyad [sic]
Re: Broadcast SSID?
« Reply #9 on: April 11, 2017, 02:19:01 PM »
In my opinion, you should use WPA2 with a strong pass phrase and otherwise not worrry about it.  MAC addresses can be cloned; it's another of those things that gives a sense of security without really creating any.  If you have a separate guest network, use a strong pass phrase on that, too, and keep it on a separate subnet if your router allows it.
I figured as much. I knew someone who used to do it, pre-guest logon days, and it was a monsterous pain.
I assume (this could be a bad thing, I know) that the guest login will not allow access to computers on the main network? Am I misunderstanding this?
Knowledge is power. France is bacon.

Offline The Latinist

  • Cyber Greasemonkey
  • Technical Administrator
  • Frequent Poster
  • *****
  • Posts: 3939
Re: Broadcast SSID?
« Reply #10 on: April 11, 2017, 03:19:03 PM »
In my opinion, you should use WPA2 with a strong pass phrase and otherwise not worrry about it.  MAC addresses can be cloned; it's another of those things that gives a sense of security without really creating any.  If you have a separate guest network, use a strong pass phrase on that, too, and keep it on a separate subnet if your router allows it.
I figured as much. I knew someone who used to do it, pre-guest logon days, and it was a monsterous pain.
I assume (this could be a bad thing, I know) that the guest login will not allow access to computers on the main network? Am I misunderstanding this?

Mine won't. I can't speak to the default configuration or capabilities of other routers.
I would like to propose...that...it is undesirable to believe in a proposition when there is no ground whatever for supposing it true. — Bertrand Russell

Offline daniel1948

  • Stopped Going Outside
  • *******
  • Posts: 4553
  • Cat Lovers Against the Bomb
Re: Broadcast SSID?
« Reply #11 on: April 11, 2017, 05:19:04 PM »
... you should use WPA2 with a strong pass phrase ...

Gosh. I actually did something right. I set it up with WPA2 (except I always want to read it as WAP2) without knowing which I was really supposed to choose. Nobody's going to guess my passphrase. And I use it nowhere else. I don't re-use passwords for sites where there's any security issues.

My previous router allowed for a guest log-on, but my current one does not. But if I have a houseguest I'm trusting them enough already to be in my house, I don't mind letting them onto my network. Actually, I've only ever had a houseguest with a computer once. The Tesla ranger wanted to log on once and I could not remember my passphrase. He ended up using his own cell connection.

I do have a guest account on my computer, but nobody has ever asked to use it.

Daniel
----------------
"Anyone who has ever looked into the glazed eyes of a soldier dying on the battlefield will think long and hard before starting a war."
-- Otto von Bismarck

Online Belgarath

  • Forum Sugar Daddy
  • Technical Administrator
  • Poster of Extraordinary Magnitude
  • *****
  • Posts: 10838
Re: Broadcast SSID?
« Reply #12 on: April 12, 2017, 12:00:40 PM »
what kind of router, might I ask, daniel?  It probably does have a guest access methodology, most do nowdays.

With respect to letting people on your network, I generally trust the people in my house too.  What I don't trust is their ability to ensure that their equipment is free of infection, and once something is behind your NAT/Firewall, it has free reign on your devices.  I'd recommend turning on guest if you have it.

#notarealskeptic

Offline daniel1948

  • Stopped Going Outside
  • *******
  • Posts: 4553
  • Cat Lovers Against the Bomb
Re: Broadcast SSID?
« Reply #13 on: April 12, 2017, 05:46:16 PM »
what kind of router, might I ask, daniel?  It probably does have a guest access methodology, most do nowdays.

With respect to letting people on your network, I generally trust the people in my house too.  What I don't trust is their ability to ensure that their equipment is free of infection, and once something is behind your NAT/Firewall, it has free reign on your devices.  I'd recommend turning on guest if you have it.



It's a Netgear Wireless-N 150 WNR1000 v2. I've combed the user manual here: http://www.downloads.netgear.com/files/GDC/WNR1000V2/WNR1000v2_UM_19NOV2009.pdf
and I see no mention of setting up a guest account.

But as I said, I've only had a guest use it once, and he was much more computer savvy than I am. He does web design for a living and was working while visiting me.
Daniel
----------------
"Anyone who has ever looked into the glazed eyes of a soldier dying on the battlefield will think long and hard before starting a war."
-- Otto von Bismarck

 

personate-rain
personate-rain