Hidden SSID

WinXPHome desktop - mine - wirelessly networked to a Voyager ISP hard
configured router using a Voyager wireless adapter
Win98SE desktop - wife - upstairs ethernet wired to the same router. (It
was simpler to wire to the Win98SE as the adapter I bought was not
compatible with Win98SE)

Encryption WPA-PSK
SSID hidden
Router configured to connect ONLY to one named MAC address (the wireless
adapter on the XP machine)
Adapter config utility configured to only connect to my named router. In
its available networks dialog it shows mine and four others. In its
"automatically connect to available networks in the order listed below"
it shows only my router SSID
Its working fine.

Someone on grc.com wireless group has advised against hiding SSID thus:
<<I would re-think that strategy. The purpose of
the SSID broadcast is to uniquely identify your network among several;
such as the three, or four others in your neighborhood. By having a
unique SSID name, you pretty much guaranty that your own networked
computers will correctly jump onto your WLAN, and not attempt to
associate to one of your neighbor's WLANs.>>

Hiding my SSID doesn't seem to be causing me any problems - and my top
priority is security as I use this computer for online banking among
other things. Any advice please - is there really a downside to hidden
SSID - our network is just these 2 machines - no one in my family can
afford a roaming laptop! Thanks in advance

--
Rev Robert M Jones, Wimborne Baptist Church, UK
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420

Robert M Jones

Hi
There is really No point in Hiding your SSID.
Any one who has the knowledge to bypass MAC filter, and encryption, would
be able to bypass the hidden SSID in 10 sec. http://www.ezlan.net/faq#ssid
Jack (MVP-Networking).

"Robert M Jones" <robert53newsgroups-> wrote in message
news:%...
> WinXPHome desktop - mine - wirelessly networked to a Voyager ISP hard
> configured router using a Voyager wireless adapter
> Win98SE desktop - wife - upstairs ethernet wired to the same router. (It
> was simpler to wire to the Win98SE as the adapter I bought was not
> compatible with Win98SE)
>
> Encryption WPA-PSK
> SSID hidden
> Router configured to connect ONLY to one named MAC address (the wireless
> adapter on the XP machine)
> Adapter config utility configured to only connect to my named router. In
> its available networks dialog it shows mine and four others. In its
> "automatically connect to available networks in the order listed below" it
> shows only my router SSID
> Its working fine.
>
> Someone on grc.com wireless group has advised against hiding SSID thus:
> <<I would re-think that strategy. The purpose of
> the SSID broadcast is to uniquely identify your network among several;
> such as the three, or four others in your neighborhood. By having a
> unique SSID name, you pretty much guaranty that your own networked
> computers will correctly jump onto your WLAN, and not attempt to
> associate to one of your neighbor's WLANs.>>
>
> Hiding my SSID doesn't seem to be causing me any problems - and my top
> priority is security as I use this computer for online banking among
> other things. Any advice please - is there really a downside to hidden
> SSID - our network is just these 2 machines - no one in my family can
> afford a roaming laptop! Thanks in advance
>
> --
> Rev Robert M Jones, Wimborne Baptist Church, UK
> http://www.wimborne-baptist.org.uk
> Free trial of Mailwasher Pro - effective email spam filter - (commission
> goes to our partners in Bulgaria)
> http://fta.firetrust.com/index.cgi?id=420

Robert M Jones wrote:
> WinXPHome desktop - mine - wirelessly networked to a Voyager ISP hard
> configured router using a Voyager wireless adapter
> Win98SE desktop - wife - upstairs ethernet wired to the same router. (It
> was simpler to wire to the Win98SE as the adapter I bought was not
> compatible with Win98SE)
>
> Encryption WPA-PSK
> SSID hidden
> Router configured to connect ONLY to one named MAC address (the wireless
> adapter on the XP machine)
> Adapter config utility configured to only connect to my named router. In
> its available networks dialog it shows mine and four others. In its
> "automatically connect to available networks in the order listed below"
> it shows only my router SSID
> Its working fine.
>
> Someone on grc.com wireless group has advised against hiding SSID thus:
> <<I would re-think that strategy. The purpose of
> the SSID broadcast is to uniquely identify your network among several;
> such as the three, or four others in your neighborhood. By having a
> unique SSID name, you pretty much guaranty that your own networked
> computers will correctly jump onto your WLAN, and not attempt to
> associate to one of your neighbor's WLANs.>>
>
> Hiding my SSID doesn't seem to be causing me any problems - and my top
> priority is security as I use this computer for online banking among
> other things. Any advice please - is there really a downside to hidden
> SSID - our network is just these 2 machines - no one in my family can
> afford a roaming laptop! Thanks in advance
>

There are a few problems that can be caused by not broadcasting your
SSID, but if your setup is working OK, don't worry about it. On the
other hand, even though some of the wireless router manufacturers
suggest hiding SSID as a security measure, it isn't worth much in that
regard. It will prevent a casual passer-by from seeing your network and
attempting to connect, but any halfway serious wardriver will be able to
detect it quickly. See
http://www.microsoft.com/technet/com...uy/cg1102.mspx
for a discussion of how Windows wireless configuration works, including
how it deals with hidden SSIDs, and in particular, the following:

"If there are no successful connections, Wireless Auto Configuration
attempts to connect to the preferred networks that do not appear in the
list of available networks, in the preferred networks preference order.
This is done so that a Windows wireless client can connect to a hidden
wireless network, one that is either not broadcasting its SSID or
broadcasting an SSID of NULL. Configuring hidden wireless networks is
used as a security measure to prevent malicious users from detecting and
attempting a connection to a wireless network. However, the SSID is
included in other types of wireless connection management frames and is
easily discoverable by either capturing wireless management frames or
using tools available on the Internet."

Jack wrote:
> Hi
> There is really No point in Hiding your SSID.
> Any one who has the knowledge to bypass MAC filter, and encryption, would
> be able to bypass the hidden SSID in 10 sec. http://www.ezlan.net/faq#ssid
> Jack (MVP-Networking).

Thanks - I understand - and the url was helpful. I have MAC filtering
enabled and the router is configured to only connect to the MAC address
of my wireless adapter, and now a 63 character password for the WPA-PSK
encryption.

My next job is attending to bindings and network protocols.

--
Rev Robert M Jones, Wimborne Baptist Church, UK
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420

Lem wrote:
> Robert M Jones wrote:
>> WinXPHome desktop - mine - wirelessly networked to a Voyager ISP hard
>> configured router using a Voyager wireless adapter
>> Win98SE desktop - wife - upstairs ethernet wired to the same router.
>> (It was simpler to wire to the Win98SE as the adapter I bought was not
>> compatible with Win98SE)
>>
>> Encryption WPA-PSK
>> SSID hidden
>> Router configured to connect ONLY to one named MAC address (the
>> wireless adapter on the XP machine)
>> Adapter config utility configured to only connect to my named router.
>> In its available networks dialog it shows mine and four others. In its
>> "automatically connect to available networks in the order listed
>> below" it shows only my router SSID
>> Its working fine.
>>
>> Someone on grc.com wireless group has advised against hiding SSID thus:
>> <<I would re-think that strategy. The purpose of
>> the SSID broadcast is to uniquely identify your network among several;
>> such as the three, or four others in your neighborhood. By having a
>> unique SSID name, you pretty much guaranty that your own networked
>> computers will correctly jump onto your WLAN, and not attempt to
>> associate to one of your neighbor's WLANs.>>
>>
>> Hiding my SSID doesn't seem to be causing me any problems - and my top
>> priority is security as I use this computer for online banking among
>> other things. Any advice please - is there really a downside to hidden
>> SSID - our network is just these 2 machines - no one in my family can
>> afford a roaming laptop! Thanks in advance
>>
>
> There are a few problems that can be caused by not broadcasting your
> SSID, but if your setup is working OK, don't worry about it. On the
> other hand, even though some of the wireless router manufacturers
> suggest hiding SSID as a security measure, it isn't worth much in that
> regard. It will prevent a casual passer-by from seeing your network and
> attempting to connect, but any halfway serious wardriver will be able to
> detect it quickly. See
> http://www.microsoft.com/technet/com...uy/cg1102.mspx
> for a discussion of how Windows wireless configuration works, including
> how it deals with hidden SSIDs, and in particular, the following:
>
> "If there are no successful connections, Wireless Auto Configuration
> attempts to connect to the preferred networks that do not appear in the
> list of available networks, in the preferred networks preference order.
> This is done so that a Windows wireless client can connect to a hidden
> wireless network, one that is either not broadcasting its SSID or
> broadcasting an SSID of NULL. Configuring hidden wireless networks is
> used as a security measure to prevent malicious users from detecting and
> attempting a connection to a wireless network. However, the SSID is
> included in other types of wireless connection management frames and is
> easily discoverable by either capturing wireless management frames or
> using tools available on the Internet."

Thanks - I'm wiser!

--
Rev Robert M Jones, Wimborne Baptist Church, UK
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420

I always refer to this: http://blogs.zdnet.com/Ou/index.php?p=43

Mike G wrote:
> I always refer to this: http://blogs.zdnet.com/Ou/index.php?p=43
>
>

Thanks Mike - the learning goes on!

--
Rev Robert M Jones, Wimborne Baptist Church, UK
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420

Robert M Jones wrote:
> Jack wrote:
>> Hi
>> There is really No point in Hiding your SSID.
>> Any one who has the knowledge to bypass MAC filter, and encryption, would
>> be able to bypass the hidden SSID in 10 sec.
>> http://www.ezlan.net/faq#ssid Jack (MVP-Networking).
>
> Thanks - I understand - and the url was helpful. I have MAC filtering
> enabled and the router is configured to only connect to the MAC
> address of my wireless adapter, and now a 63 character password for the
> WPA-PSK encryption.
>
> My next job is attending to bindings and network protocols.

I use WPA-PSK with a strong 63 character password for my home wlan. But I
also have MAC filtering set up too. I understand that experts feel that is
no use either. Does the group feel that it is harmful to leave MAC
filtering on or does it add a tiny additional layer of protection?

Jeff

For reasons noted already its not worth much, IMHO, in terms of security.

I do, however, filter on one specific MAC address strictly for the purpose
of assigning the same DHCP IP address to that client on my home LAN. A
pseudo static IP address so to speak. I do that so I can setup the XP SP2
Windows Firewall File & Print Sharing (F&PS) custom address scope on my
desktops to allow that client access to shares.

The real key is the strong WPA key. I also use a totally random 63-character
ASCII key and WPA-PSK (AES) to encrypt my wireless segment.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"Jeff" <> wrote in message
news:...
> Robert M Jones wrote:
>> Jack wrote:
>>> Hi
>>> There is really No point in Hiding your SSID.
>>> Any one who has the knowledge to bypass MAC filter, and encryption,
>>> would be able to bypass the hidden SSID in 10 sec.
>>> http://www.ezlan.net/faq#ssid Jack (MVP-Networking).
>>
>> Thanks - I understand - and the url was helpful. I have MAC filtering
>> enabled and the router is configured to only connect to the MAC
>> address of my wireless adapter, and now a 63 character password for the
>> WPA-PSK encryption.
>>
>> My next job is attending to bindings and network protocols.
>
> I use WPA-PSK with a strong 63 character password for my home wlan. But I
> also have MAC filtering set up too. I understand that experts feel that is
> no use either. Does the group feel that it is harmful to leave MAC
> filtering on or does it add a tiny additional layer of protection?
>
> Jeff
>

Thank you.

Jeff

"Sooner Al [MVP]" <> wrote in message
news:OkXv$...
> For reasons noted already its not worth much, IMHO, in terms of security.
>
> I do, however, filter on one specific MAC address strictly for the purpose
> of assigning the same DHCP IP address to that client on my home LAN. A
> pseudo static IP address so to speak. I do that so I can setup the XP SP2
> Windows Firewall File & Print Sharing (F&PS) custom address scope on my
> desktops to allow that client access to shares.
>
> The real key is the strong WPA key. I also use a totally random
> 63-character ASCII key and WPA-PSK (AES) to encrypt my wireless segment.
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
>
> "Jeff" <> wrote in message
> news:...
>> Robert M Jones wrote:
>>> Jack wrote:
>>>> Hi
>>>> There is really No point in Hiding your SSID.
>>>> Any one who has the knowledge to bypass MAC filter, and encryption,
>>>> would be able to bypass the hidden SSID in 10 sec.
>>>> http://www.ezlan.net/faq#ssid Jack (MVP-Networking).
>>>
>>> Thanks - I understand - and the url was helpful. I have MAC filtering
>>> enabled and the router is configured to only connect to the MAC
>>> address of my wireless adapter, and now a 63 character password for the
>>> WPA-PSK encryption.
>>>
>>> My next job is attending to bindings and network protocols.
>>
>> I use WPA-PSK with a strong 63 character password for my home wlan. But I
>> also have MAC filtering set up too. I understand that experts feel that
>> is no use either. Does the group feel that it is harmful to leave MAC
>> filtering on or does it add a tiny additional layer of protection?
>>
>> Jeff
>>
>
>