Can I hide a wireless network

networking wireless-networking

Is there any way to "not advertise" my wireless network to the world in Windows XP SP3? I'm not relying on this for intrusion security. I've read the article. My wireless network has WPA2 with a secure password that only I know.

At the same time, I do not really want to advertise to the world that I have a wireless network. It's a relatively public location with no other WiFi anywhere nearby; I don't need 100 strangers walking in to ask if they can "just use my WiFi" for a moment. Call it stumble across security.

NOTE: Regarding security, I'm not so worried about packet sniffers tracking me down. The data is all secure anyways. 1 in 1,000 people will find the network, and see it's encrypted. Somehow I don't think they'll walk in and say "I packet sniffed out your hidden network, do you think I can use it for awhile?"


If you want to stop your SSID being broadcast such that it appears in unregistered clients' lists of networks, you'll need to disable it on your wireless access point (or wireless router). If you don't know how to manage the device, try putting its address into a browser. If you don't know its address, look for the default router in the output of ipconfig.

The location of the option to disable SSID broadcast obviously varies by vendor, but to give you an idea, this is what it looks like on a Linksys X3500:

enter image description here

The article you cite covers the disadvantages nicely, so I'll assume you understand the implications of doing this.


It sounds like you're more or less already aware, that hiding SSID does not make your wireless network any (more) secure.

What most people aren't aware of though, is that hiding your SSID might actually expose more info than leaving it visible, depending on the client OS. Hiding your SSID also makes your connection more prone to performance and stability issues.

My favourite article on the topic, though slightly dated: Technet Blogs: Non-Broadcast Wireless SSIDs Why hidden wireless networks are a bad idea.

On the risk of leaking more info when hiding SSID

The name of the network itself is only an identifier and is not a security element. In fact the name of the network has no bearing on security whatsoever from an encryption or authentication standpoint.

If the network name of a wireless network (SSID) is not broadcast, the clients must search for it with probe requests. So if you have one AP and 100 wireless devices, you partially limit exposure of the network name with one device while causing 100 devices to expose it instead. The probe frames sent by the clients advertise the SSID every 60 seconds, whether they are close to the actual AP or not. This means that instead of one device broadcasting the SSID in the immediate proximity of your network, you now have these 100 devices potentially advertising the SSID in every coffee shop, hotel, and airport they visit. The security vulnerability this exposes is worse the larger the wireless deployment is.

Later summarised:

Non-broadcast SSIDs are not a valid security measure and actually make it easier for the SSID to be discovered since it forces clients to continuously probe for it.

On hidden SSID's being more prone to connection issues

In order for the new process to work, the wireless driver must send the probe packet to the AP for the hidden SSID. We have seen that power settings defined on the NIC driver can influence whether the AP receives this probe. Sometimes setting the transmit power setting to maximum will allow the probes to reach the AP.

Currently there are several widely-distributed WLAN drivers which either do not support or do not work properly with the Vista method of dealing with non-broadcast SSIDs, including the Intel 3945ABG and the Broadcom 802.11g Network Adapters.

The Intel 3945ABG adapter is very widely distributed in current laptop models. The latest Intel driver provides improvement but does not address all issues with hidden SSIDs encountered when roaming or resuming from hibernation.

Broadcom does not show any unnamed networks, and they are not planning to fix this. One of the reasons, besides being low priority for them, is also to push customers to stop hiding the SSID, which creates a problem instead of solving it.

Related

Can I pipe/redirect a console application through netcat so it can be used remotely?
How can I stop cat output immediately despite massive output?
Sublime Text 2 opens last opened files from last session
Disable screensaver / screen blank via command line?
How do I grep the first 50 lines of each file in a directory recursively?
What is the equivalent of "cp --verbose" on windows for copy?
Unable to move my mouse to second screen Windows 8
How did this ZIP file print to my command line when I extracted it?
Can't run Hyper-V after changing to SSD
Mac cannot browse, ping works fine
How to chain SOCKS proxies?
How do I find out what files a process is writing to? [duplicate]