SSID (Service Set IDentifier)

The SSID (Service Set IDentifier) is a token that identifies a 802.11 (Wi-Fi) network. The SSID is a key that the wireless network administrator sets. Users must know the SSID to connect to an 802.11 wireless network. However, network sniffing/scanning allows users to determine the SSID. By default, the SSID is part of the packet header for every packet sent over the WLAN.

SSID access points continuously broadcast radio signals that enabled client machines receive. Based on the automatic or manual configuration, the client can connect to the access point. An SSID is generally 32 bits long, but when displayed to the user, it is projected into a human readable ASCII format. Multiple access points can possibly share the same SSID if they are for the same wireless network. Many wireless access points support broadcasting multiple SSIDs, permitting the formation of Virtual Access Points. Such Virtual Access Points partition a single physical access point into many logical access points, each of which can have a special set of security and network settings.

SSID Security Issues

Every network user must configure the SSID into their system. If the network administrator seeks to lock a user out of the network, the administrator must change the network’s SSID, which will require reconfiguration of the SSID on every network node. Some 802.11 NICs allow users to configure several SSIDs at one time.

SSID Example

Default SSIDs

Most 802.11 access point vendors allow the use of an SSID of “any” to enable an 802.11 NIC to connect to any 802.11 network. This is known to work with wireless equipment from Buffalo Technologies, Cisco, D-Link, Enterasys, Intermec, Lucent, and Proxim. Other default SSIDs include “tsunami,” “101,” “RoamAbout Default Network Name,” “Default SSID,” and “Compaq.”

Every time a client connects to the wireless network, the SSID is communicated in plain text format, which eavesdropper can easily sniff with sniffing applications like Kismet. Hence, additional security techniques are required to be implemented in order to enhance the wireless security.

Disabling SSID Broadcasting

Many Wireless Access Point (WAP) vendors have added a configuration option that lets the user disable SSID broadcasting. This adds little security because it is only able to prevent the SSID from being broadcast with Probe Request and Beacon frames. The SSID must be broadcast with Probe Response frames. In addition, the wireless access cards broadcast the SSID in their Association and Reassociation frames. Because of this, the SSID cannot be considered a valid security tool.