PCI compliance doesn't require or even say they recommend it: "Suppressing the SSID is not necessarily a security mechanism as a hacker can sniff the SSID using fairly trivial techniques. However, broadcasting an SSID that advertises the organization's name or is easily identifiable with the organization is not recommended." (this was updated less than a year ago) https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_Wireless_Guidelines.pdf
In short, broadcast it, but don't call it "Umpqua Bank" if your wireless serves Umpqua Bank. Also, if I read this right, if you hide your SSID but have Windows PC's that attach to it configured to "always connect" then you now have Windows systems specifically calling for your hidden wireless network's name, meaning even if they not near your wireless they're calling for it Hidden Wireless SSIDs Actually Leak Your SSID Name http://www.howtogeek.com/howto/28653/debunking-myths-is-hiding-your-wireless-ssid-really-more-secure/ Microsoft discourages hiding the SSID: http://en.wikipedia.org/wiki/Service_set_(802.11_network)#Security_disadvantages_of_SSID_hiding I even see references to "the 802.11i specification amendment (which defines WPA2, discussed later) even states that a computer can refuse to communicate with an access point that doesn't broadcast its SSID", although I am unable to find the specific 802.11 document they refer to. I suppose hiding the SSID could prevent Joe Casually Curious from trying to connect from his machine an THEN deciding to look for wireless cracking tools. The PCI remark makes sense to me - broadcast it but use a not-so-relevant name. Dave From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, June 18, 2012 7:18 AM To: NT System Admin Issues Subject: Re: Hiding Wireless SSID True, but the percentage of "people who will muck about with something they shouldn't if they know about it" is substantially larger than the percentage of "people who really know what they are doing and will hurt you without much assistance". In general, we're trying to protect ourselves from the former + mitigate, as much as possible, any damage caused by the latter. If the wireless config is setup via GPO, then I hide the SSID. BTW, just as a point of clarification, each measure of a security posture does not necessarily have to be secure in and of itself. Your security lies in the combination of each of these measures, operating together. There is *some* security value in obscurity. It is better said that true security cannot be had through obscurity alone. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Mon, Jun 18, 2012 at 9:26 AM, Ben M. Schorr <b...@rolandschorr.com<mailto:b...@rolandschorr.com>> wrote: I only do it if the client requests it. As for security...it certainly doesn't provide any security against people who know what they're doing. Ben M. Schorr Roland Schorr & Tower www.rolandschorr.com<http://www.rolandschorr.com> | www.officeforlawyers.com<http://www.officeforlawyers.com> | Twitter: @bschorr From: David Lum [mailto:david....@nwea.org<mailto:david....@nwea.org>] Sent: Monday, June 18, 2012 5:55 To: NT System Admin Issues Subject: Hiding Wireless SSID How many of you folks do it, and why? It's my debate this week with one of my security folks, my slant being that hiding it gains nothing but unnecessary Service Desk involvement in helping folks configure wireless. http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx I also told said person to Google "Does hiding wireless SSID add security". David Lum Systems Engineer // NWEATM Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) 503.267.9764<tel:503.267.9764> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
