Hi all I have just installed a wireless network for the first time, having used a wired router up until now. I have set it up with WPA encryption and have connected to it with my iphone and kindle devices. My question is. do I utilise the facility within the routers settings to hide my ESSID? Does this give me additional security in addition to the WPA encryption and are there any other sensible security precautions I should be taking? Thanks for your replies.
No. 'Hidden' ssid can still be seen if someone is looking for, with for example inssider. I hope you mean WPA2 AES, as WPA is fairly useless if you want to keep most off.
To be fair, "security" can have a couple different meanings depending on what you're trying to protect against. If you're trying to protect against someone trying to gain access to your network for illegitimate purposes then you'll want WPA2 encryption. If you're just trying to keep your neighbors off your network then hiding your SSID is quite effective. Of course, "sensible security precautions" would say to use WPA2 encryption in all cases anyway. Personally I like disabling SSID broadcast as well because it's a quick switch of a setting and will keep your neighbors from seeing your network at first glance, why let them know your network is even there?
Nope. You can easily find it. As an example, on how easy it is, any wireless heatmap software, such as this one (free): http://www.ekahau.com/products/heatmapper/overview.html Will show your hidden wireless network. WPA2 and a strong password is the best protection for a home network. What you can do with some routers, for additional security (but won't protect your systems), is to block people on wireless to change the router configuration. So an intruder on your wireless network can't change your router settings. But that's about it. A strong password is key.
I'm going to go the other way with this. I say YES, hide your ssid. It dissuades the casual hacker exploiting the more publicised issues around e.g. the consistent password algorithm on some routers based on the factory ssid. at the very least, give it a non-factory name to obfuscate your supplier.
The only person it dissuades, is you connect to his network, and giving a go at his password. Assuming his password isn't something weak like Abc123, you will probably have more chances at winning the loto, and typing random characters and that it just happen to be the correct password. I am sure you can get the list of hidden wireless SSID from windows with the command prompt, or some basic tool. I haven't look into it. But it seams that hidding the SSID, is just telling Windows "Please don't show it on your list, kthxbye!" The person that wants to connect to your network, probably doesn't care about your picture of your cat, although he might have with some of your videos/movies, but I think he is more interested in stealing your internet, mainly use your bandwdith quota, instead of his, and of course, can do any illegal activity, and you will be responsible. So, he will have all the tools in hand to decrypt your password... he will probably won't be using Windows wireless connection to get starter, but rather directly access his wireless card drivers, to get all the information he can, bypass the wireless card security, and be able to start finding a network, and trying to decrypt the password.
The only thing hidden SSID gives you is headaches when you will need to connect a new device. You will have to unhide SSID, connect, then hide SSID again.
you don't have to unhide to connect a new device. In fact, when I hid my ssid I had to reconnect all my devices re-specifying the ssid name! The hidden ssid is determined at the router, it has to be broadcast for windows or any other OS to know in advance what it is. I have looked into it, used to sit next to a guy that reverse-engineered the algorithms for a number of routers based on the factory-set ssid (then submitted the article to H2600 on it!). determining what is being broadcast is v easy, it's exposed as an API by your wifi device, all it takes is e.g. powershell or a free copy of VB (in windows) to determine what is being broadcast by the router. but everything needs a starting point, & if you're a malicious hacker you're more likely to target the rather easier looking "BTHomeBusinessHub-1234" than a slightly savvier ""
I'm amazed by the credit most of you give to the average person. The most common type of person who will be trying to access the typical home wireless network is the technologically uneducated person who just wants quick internet access. This is the type of person who uses the automatic connection tools in Windows or on their phone and connects to whatever unprotected network they can find, they likely don't even consider it as stealing or a breach of privacy and have no ill will: they just want to access the internet to look up that funny Youtube video or check up on Facebook. Yes, encryption (of any type, but WPA2 is still recommended) will stop this person from acessing your network. Even when the rare person who knows how to spot hidden SSIDs comes along you will still have a very strong layer of protection which will take some serious effort to break. However, a simple click of a checkbox (or similar process) will prevent the common user from even getting this far. Your network won't even show up on most automatic connection tools. No one trying to guess your password on the off chance it works, no kid next door googling "how to hack wireless passwords" and practicing on you. EDIT: As Landy_Ed says above it's just an additional thing to make yourself less appealling. Considering that there's so little downsides it's hard to give a reason not to. What are you trying to connect with? You should be able to manually enter the SSID without having to unhide it, not exactly a hassle because you'll already be entering a password.
Thank you all for your comments, I have changed my encryption to WPA2 and enabled MAC address filtering. I have also disabled remote access and formulated a very long and hopefully obscure encryption key. I have also changed my SSID from the default and of course changed the router login password. I know nothing is totally secure, but hopefully my network is now secure enough to deter all but the most determined attacker!
Seems like my comment about how is MAC filtering useless missed you. A more technical explanation - let's imagine someone cracked your WPA2 password. He can listen to your network packets now. And what is in every network packet ? Your MAC address. So what did you achieve by MAC filtering ? Nothing, maybe it will take a minute more to get inside your network.
Half of these explanations go WAY beyond what the question asked (Edit: so will this). For the record here, we should assume that almost nothing in the computing world is or will ever actually be "secure". Sure, AES 256 encryption is amazing but eventually someone will crack it. Fortunately for most it's not going to be their next door neighbor or even the kid who's war-driving a block away. So.. in general, a moderate amount of security on a WiFi network is adequate. That said, yes disabling SSID broadcast does do it's part to help a bit. Most people don't know how to look for hidden networks let alone would they go to the trouble. But, when most people see a network and want internet they'll connect to it, try to guess the password, and eventually give up. True they're not hogging any bandwidth but they're still connected to your router and using it's resources as the router tries to figure out if it's allowed in or not. If you live in a densely populated area that can become a problem since there will be more than one person trying to hop on for some free internet access. If that's the case it could slow you down as your consumer grade router tries to talk to a bunch of devices rather than just a couple of laptops and iPods. Commercial/Enterprise wireless access points have no problem handling 30 or more devices but something like a Linksys WRT54G.. push it past 10 and you'll start seeing noticeable drops in performance. If the unlikely chance happens that someone is desperately trying to gain access to your network and they know what they're doing, they'll know how to find a hidden ssid, have programs to run to crack your security, and be in fairly quick if that security isn't up to par. It's a hard thing to prevent especially with consumer grade equipment but luckily it's not exactly common. TLDR: Disabling SSID broadcast can be a good idea but does not actually add much in terms of security.
I Didn't miss your comment, and you may well be right that for a determined attacker MAC address filtering is easy to overcome. However, I am just an ordinary internet user with nothing much on my machines other than the normal detritus of everyday life. I just want my network to be as secure as I can make it without limiting my ability to use it to it's fullest extent. I steered clear of wireless up until now because of the perceived threat from hackers, but now realise that I am just limiting my enjoyment of my wireless equipped devices by not having a wireless router. So long as I have done all that I can to lock down my network then I will be content. I realise that for a determined attacker no network is secure, but hopefully my security will deter most of the opportunist hackers out there who just want to poach my bandwidth.
Here is a little known fact. If you hide your ssid you have to tell windows to connect even though the ssid is not being broadcast. You take your laptop to starbucks and as soon as you power it up to use the free wireless windows starts broadcasting your hidden ssid name in an attempt to connect to it. That's great isn't it. Sent from my MB525 using Tapatalk 2
It doesn't take a 'determined' hacker to see hidden SSIDs, get a list of all client MAC addresses connecting to a network, or indeed crack WEP. Even the most opportunist of 'hackers' (apart from some guy manually inputting passwords) will be able to get around things like MAC blocks very easily. You're just making it difficult for yourself by putting up such useless restrictions. WPA2 with a strong password is the way to go. If you're not convinced, grab a copy of backtrack, google one of the many tutorials on the subject and have a go at attacking your own network. From memory, the biggest challenge is getting the drivers to work!... Edit: WPA2! Thanks to Flak for pointing that out.
It's fine because, unless your hidden ESSID is the street address of your house, or you live right next to Starbucks, simply knowing the ESSID in Starbucks offers no discernible advantage. As others have said, hiding the ESSID is *only* about deterring casual hacking by neighbours, who won't be stalking you in Starbucks.
Don't you mean WPA2? I know WEP has been cracked some time ago. As I posted earlier in the thread I have WPA2 encryption with a (I think) very complex password.
What I don't understand is how come you guys have SOOOOOO no trusting of your neighbors. "Ahh I don't know him, he is probably a terrorist or a no life hacker!". Man what did the scary news done to you guys. Dude and Dudettes, please calm down, and relax. The reason why WEP is no longer in use and WPA2 is highly recommended, is because WEP is like a real jewelry store on the street, downtown, all open, no safes, with a sign "No one is here, please don't steal anything while I am out". Ok I exaggerate a bit, but WEP is very weak, and our computers today are fast enough (excluding GPU password cracking which can do it in mili-seconds), can crack a password in a minute or less. WPA is enough, WPA2 is if you want to sleep better at night. No one will hack your wireless. You just want to avoid people accidentally connect to your network, and use your bandwidth instead, and avoid the 13-14 year old kid that tries to show off his friend, so you put a strong, long password. No one at home is running a business which million dollar worth of information at home.
