Don't stealth the network? Why not?

[Sill]

The very first time I ran iStumbler or whatever it was called I discovered a long list of every wifi router in my building, some of which were wide open. Those were great when I would sometimes forget to pay the cable bill. Ever since then I would always use whatever stealth operations that were available to me. Till this day every network I set up for friends I will always put it into stealth if their software permits it.

Then I read one of those "I'm an online nerd and I'm here to tell you how to nerd better" articles. The author promised to offer 10 reasons why he knows better than anyone else out there how to protect the home network.

First thing the guy puts? "Don't stealth your network. Seriously. There's no reason to do that." And he goes on a meandering tangent about how thats not going to fool a determined attacker. Of course, this is the same guy who sees nothing wrong with offering his entire life up to Google/FB, is proud of it and ridicules those who think their lives are so important that a little (or a lot of) spying on them is detrimental to their life. But back to the topic.

To me, the first thing that occurs to me when I think of securing ANYTHING is "hide the stuff". Even though a safe will keep a bad guy busy for quite a while, its better to hide them rather than leave them out as if to say "here's your target bro". So I ignored the guy's "advice" because his reason made no sense.

Then I kept searching for home network security articles, and I saw that same reference in a wide variety of columns. More than a few security/tech/geek/wizard articles were saying the same thing. And none of it made sense to me. It reminded me of how people in many forums criticized Apple's "Bounce email to sender" feature and said Apple was right in ending it, because a true techie would look at the header info in a bounced email and realize that the recipient was the one who did the bounce, not a mail server reporting a dead account. I felt that was stupid, because a spam company isn't going to take the time to examine header info to make sure an account is dead, they're going to blacklist it and move on, and when they go to sell the whitelist the bounce won't be on it. Problem solved. Again, I digress.

So, perhaps some of the tech geniuses here can explain why stealthing isn't a good idea. I'd like to hear a good reason.

 

[MrRabuf]

You're talking about hiding your wireless network's SSID, right? If so, there's no reason to do that because it doesn't increase security at all. It only makes it more annoying for yourself and others you trust to join your network. Hackers can very easily see there are hidden networks and figure out what they are; in other words, hiding your SSID doesn't hide your network at all from hackers. In fact, I wouldn't be surprised at all if hackers intentionally target hidden networks just to screw with the owners and prove to them hiding the SSID does nothing (that's what I would do if I were a hacker).

BTW, the same applies to MAC address filtering and the like. You're just making life harder for yourself as it won't even slow down a hacker one bit.

I'm very paranoid about network security and I don't do any of that crap. WPA2 and a really strong password is what really increases security.

 

[Sill]

You're talking about hiding your wireless network's SSID, right? If so, there's no reason to do that because it doesn't increase security at all. It only makes it more annoying for yourself and others you trust to join your network. Hackers can very easily see there are hidden networks and figure out what they are; in other words, hiding your SSID doesn't hide your network at all from hackers. In fact, I wouldn't be surprised at all if hackers intentionally target hidden networks just to screw with the owners and prove to them hiding the SSID does nothing (that's what I would do if I were a hacker).

BTW, the same applies to MAC address filtering and the like. You're just making life harder for yourself as it won't even slow down a hacker one bit.

I'm very paranoid about network security and I don't do any of that crap. WPA2 and a really strong password is what really increases security.

do it because I don't want casual users to even know my network exists. In my last apartment, there were about a dozen networks up and running, plus mine. People would joke about the stupid names others would use, but no one knew about my network. There were no attempts on it either.

I have no idea what MAC address filtering is, never heard of it.

How is it more annoying for me to join my network if I hide it? I have zero trouble joining my network with any of my devices.

I would think someone who is out wardriving is going to be doing quick visual scans for whatever they can stumble upon, not examining every location for unannounced nets. Having an ID out for display just makes a network a target. You may think hiding a network makes it a challenge that will draw attention, but if the hacker mentality still holds true to my experience, then what'll really happen is they'll treat every visible network as a challenge, like a gang member wearing colors in a rival gang's territory. There'll be plenty of shouts of "I WILL NOT BE DENIED!" and "you DARE challenge ME?!"

 

[MrRabuf]

but no one knew about my network.

Like I said, SSID hiding doesn't hide your network but if it makes you sleep better at night, whatever. It does absolutely nothing to increase your network's security. There are tools available online that will discover these "hidden" networks and reveal the "hidden" SSID.

I have no idea what MAC address filtering is, never heard of it

It's an access control method in which you only let certain MAC addresses talk on your network. Like SSID hiding, it does nothing to increase security as it's easy to work around. Most poorly written network security articles that recommend hiding your SSID also recommend doing this.

Having an ID out for display just makes a network a target.

That's not how I see it. Attempting to hide your network can make you a bigger target because it can sometimes indicate the network's maintainer doesn't know much about network security and thus the network might be easier to hack.

 

[mcnallym]

One of the arguments about NOT hiding your ssid is that when out and about away from the network then as doesn’t advertise then your device starts looking for it, so effectively going are you there?

Those are you there can be captured and used to identify the network anyway.

When the ssid isn’t hidden then your device doesn’t do those are you there so those can’t be captured when out and about.

Ie when sat in Starbucks your phone, laptop, are actively looking for your ssid.

https://www.acrylicwifi.com/en/blog/hidden-ssid-wifi-how-to-know-name-of-network-without-ssid/

Gives good explanation.

£18 to buy the software, so hardly expensive.

Dongles that listed not that expensive either.

Isn’t that difficult to get that done.

 

[DJLC]

Neither SSID hiding nor MAC address filtering is truly a security feature.

SSID hiding goes against the WiFi specification. If you have your device set to auto-connect to a hidden network, you're broadcasting that name and some authentication info everywhere you go. If not, you're adding the extra step of manually connecting every time you get home. Either way, as others have noted, it's not difficult to see that there are hidden networks.

Allowed MAC addresses can be easily sniffed and spoofed. And it'll increase the amount of time it takes for your approved devices to authenticate with the network.

If it makes you feel better to hide the SSID, go for it. But unless you're disabling your devices' auto-connect functions, you're just trading one vulnerability for another. Nothing about it is more or less secure.

 

[hobowankenobi]

Hiding your SSID is like putting a $2 lock on your garden gate.

It will keep nosy neighbors out, but a crook will be over the fence or will cut the lock in less than a minute.

 

[amedias]

From a technical point of view hiding the SSID offers no barrier to attempted access, and at worst means your client machines may be leaking info elsewhere when looking for it.

From a psychological point of view hiding the SSID invites naughty people to start probing. Look at it from their angle, they're up to no good in your neighbourhood:

Step 1 - scan and find out what's out there
Step 2 - pick a target

(Or potentially worse scenario, you were the target from the beginning, in which case all bets were off anyway)

You hiding your SSID did nothing to affect Step 1, but now you've moved yourself up the list for Step 2, firstly because you're suggesting you want to hide so might have something interesting, and secondly because anyone remotely technical will think "silly rabbit tried to hide his SSID, I wonder what other silly stuff he's tried..." and start poking, especially since you've identified yourself as someone who wants to hide, but potentially doesn't know what they're doing.

I do this kind of stuff legitimately for a living, along with retrospective analysis of exploits (both attempted and successful), and believe me when I say that piquing a naughty persons curiosity is almost on a par with $$ as motivation for attack.