There is this myth that hiding your SSID is a form of keeping your wifi network safe from malicious intent…this is a lie! Service Set Identifier was never meant to be a form of security, it was designed to be a network identifier. Even when you “hide” your SSID, your router is broadcasting information whether it is “hidden” or not and with the right software you can find these quicker then Waldo in the children’s books. If anything, hiding your SSID is worse because when and if your network is discovered, you raise curiosity in the viewpoint of the attacker…“what are they trying to hide?”
To understand what is going on here, you must first understand how networks work to communicate and transport data via the OSI Model. The OSI Network Model is based on 7 layers. See the diagram above for details.
In this case we will use a MacBook and wifi router to explain. If the MacBook is connecting to a wifi router, the router will broadcast a name to identify the network called the SSID. When you click on the wifi signal icon at the top of your desktop you see a listing of available wifi networks. Those names are the Service Set Identifier. Now the myth: if you “hide” that from being broadcasted, you should be safe from would-be attackers trying to gain access to your network. Again, this is a lie.
Say hello to our non-friendly software, such as Aircrack-ng or Kismet. Certain hacker tools such as these can monitor wifi air traffic and pull information right out of the air. Wifi traffic is broadcasted on layer 2 and it is broadcasting layer 3 information (the network layer) as “packets.” These types of software are called packet sniffers, meaning they can pull your info right out of thin air, even if you are trying to hide it.
So how do I keep people off of my network? One answer is complex passwords. When an attacker chooses a target, they have a plethora of tools, and a password cracker is one of them. The more complex you make your password, the longer and more difficult it is for the cracker to figure out the hash encryption of the password, thus the more likely the attacker will give up for fear of being discovered.
Surf safe, friends!