FALSE: Hiding your WiFi SSID is more secure than not, and here's why:
By: Cub Cyber
October 05, 2020
Does hiding your SSID improve security?
Hiding your WiFi SSID provides a small amount of security because it adds an extra level of complexity for an attacker. The added security benefits are minimal and are likley not worth it for most scenarios. Hiding your SSID will only provide what it known as "security through obscurity". In most cases, you are simply deterring those that are looking for an access point to connect to (legally).
What is an SSID?
In the most practical sense, the SSID is the name WIFI broadcasts for other devices to see when they scan the airways for a network. By default the SSID usually has the name of/provided by the router manufacturer, however this can be changed to a custom name.
In the technical sense, the SSID is broadcast by routers in beacon packets to announce the presence of a network. SSIDs are usually customizable, and these SSIDs can be zero to 32 octets (32 bytes) in length, and are, for convenience, usually in a natural language, such as English. The 802.11 standards prior to the 2012 edition did not define any particular encoding/representation for SSIDs, which were expected to be treated and handled as an arbitrary sequence of 0–32 octets that are not limited to printable characters. The IEEE 802.11-2012 defines a tag that the SSID is UTF-8 encoded and when interpreting could contain any non-ISO basic Latin characters within it. It should be noted that wireless network stacks must still be prepared to handle arbitrary values in the SSID field.
Lasty the SSID isn’t actually necessary for wireless devices to connect to the network.
Here's why hiding your WiFi SSID is more secure than not:
When trying to hack into a WiFi network the first step is to identify and choose a target to hack. Although hackers will use a network sniffing tool, such as Kismet, to quickly find out the SSID, channel, security protocol, and other information. Hackers may still do a preliminary search using a basic WiFi device in which case, if the WiFi SSID is hidden, it won't be detected. The hacker, having not detected any network, may not spend the time to do any further checks and move on to another target. It should be noted that hiding your SSID can be more trouble than it's worth, as it could cause some issues with devices connecting to the network, it is incorrect to say that it is not more secure. A way to think about it is having a bunker, it’s preferred to have one underground and out of sight so it can't be spotted, but it can still be detected by sonar or a metal detector.
What guidance does the CMMC provide regarding WiFi?
Some CMMC practices that are related to WiFi security include AC.2.011 “Authorize wireless access prior to allowing such connections” and AC.3.012 “Protect wireless access using authentication and encryption”.
What you need to do: Define the types of devices allowed onto your company's networks and only allow them access to your WiFi. For example you decide to only allow company owned devices onto your WiFi network. You can enforce this policy via a technical control (e.g. Mac address filtering or 802.1X authentication). If you have guests or employees that need to use WiFi you can set up a separate WiFi network for them. Create an acceptable use policy that specifies the usage restrictions for your WiFi network. Think of the acceptable use policy you accept when you access WiFi at a hotel. Require users to authenticate to your wireless networks before joining them. You can accomplish this using a WiFi password with the WPA2 pre-shared key configuration. Another method is to use WPA2 Enterprise with Active Directory.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance