Forum

All this is very confusing, from what I understand if you use good encryption and strong 2 way authentication than broadcasting the SSID is of little concern. I'll be implementing 802.1X EAP-TTLS, with TKIP. The end users will be authentication using existing credentials in LDAP. I would like to broadcast 1 SSID to make things simple. Do I have any real security concerns with broadcasting my SSID under this design? Thanks

By design a Wi-Fi client displaying discovered SSID(s) operates like the Wi-Fi equivalent of an Ethernet link light. When the light comes on the physical layer to the first concentrator is almost always working. When the light stays off there is probably something wrong at the physical layer. Disabling these operational mechanisms of Ethernet or Wi-Fi creates a major hindrance to customer self help and help desk support, and drives up costs.

The IEEE 802.11 standard requires the SSID be published in beacons. Not inclulding the SSID in beacons violates the standard. The IEEE 802.11 standard requires that all AP's respond to probe requests that specify the null SSID. Not responding with a probe response that includes the SSID violates the standard.

Attempts to hide SSIDs can be easily subverted, afford no real security, and may attract curious abusers. These techniques are outdated weak attempts to compensate for the embarrassments of broken WEP based authentication and frame protection. Now that better authentication and frame protection are standardized and available, all attempts to obscure the SSID should be left behind.

I hope this helps. Thanks. /criss

Thank You for sharing your knowledge. Bill