Debunking the Myth of SSID Hiding

Robert Moskowitz (ICSA Labs) on WiFi SSID hiding (PDF):

Contrary to a common belief that the SSID is a WLAN security feature and its exposure a security risk, the SSID is nothing more than a wireless-space group label. It cannot be successfully hidden. Attempts to hide it will not only fail, but will negatively impact WLAN performance, and may result in additional exposure of the SSID to passive scanning. The performance impact of this misguided effort will be felt in multiple WLAN scenarios, including simple operations like joining a WLAN, and in significantly longer roaming times.

Trying to hide the SSID does not strengthen security in WLANs. The scarce resources of today s WLAN administrator are better spent tuning WLAN performance and operations with full SSID usage, and enhancing WLAN security by deploying modern security technology, such as link-layer encryption, and IEEE 802.1X authentication.

One Comment

  1. joat says:

    This vaguely sounds like my too-often argument that a VLAN is not a security tool.

Leave a Reply