Service set identifier

From Wikipedia, the free encyclopedia

This article or section does not adequately cite its references or sources.
Please help improve this article by adding citations to reliable sources. (help, get involved!)
Any material not supported by sources may be challenged and removed at any time. This article has been tagged since January 2007.

In Wi-Fi Wireless LAN computer networking, a service set identifier (SSID) is a code attached to all packets on a wireless network to identify each packet as part of that network. The code is a case sensitive text string which consists of a maximum of 32 alphanumeric characters. All wireless devices attempting to communicate with each other must share the same SSID. Apart from identifying each packet, SSID also serves to uniquely identify a group of wireless network devices used in a given "Service Set".

There are two major variants of the SSID.

  • Ad-hoc wireless networks (IBSS) that consist of client machines without an access point use the IBSS ID (Independent Basic Service Set Identifier)
  • Infrastructure networks which includes an access point (BSS or possibly an ESS) use the BSS ID or ESS ID (E for Extended) instead.

The naming is for convention only as the IEEE 802.11 standard dictates that an IBSS, BSS, and ESS are each defined by an SSID, otherwise known as a "Network Name". A Network Name is commonly set to the name of the network operator, such as a company name. Equipment manufacturers have liberally used all of the above SSID naming conventions to essentially describe the same thing. In some instances, the convention is wrong, as in the case of BSSID.

The SSID on wireless clients can be set either manually, by entering the SSID into the client network settings, or automatically, by leaving the SSID unspecified or blank. A network administrator often uses a public SSID, that is set on the access point and broadcast to all wireless devices in range.

[edit] Not broadcasting SSID

An extremely weak form of wireless network security is to turn off the broadcast of the SSID. To a user, depending on the wireless software, the network either does not show up, or is displayed as "Unnamed Network". In any case, one needs to manually enter the correct SSID to connect to the network.

This method is not secure because every time someone connects to the network, they transmit the SSID in cleartext (even if the wireless connection is otherwise encrypted). An eavesdropper can passively sniff the wireless traffic on that network undetected (with something like Kismet), and wait for someone to connect, revealing the SSID. Alternatively, there are faster (albeit detectable) methods where a cracker spoofs a "disassociate frame" as if it came from the wireless router, and sends it to one of the clients connected; the client will immediately re-connect, revealing the SSID.

Thus, this should not be the only form of defense to protect a wireless network. Other forms of encryption and authentication should also be used, WEP at the very least but preferably some form of WPA.

In fact, many security experts now consider turning off the SSID broadcast a security weakness. The access points may no longer broadcast the SSID, but every client that has that network set to automatically connect is now transmitting connection request packets with the network's SSID in an attempt to locate and connect to the network.

Today, some newer wireless access points disable the automatic SSID broadcast feature in an attempt to improve network security. Advanced wireless access points support broadcasting multiple SSIDs, allowing the creation of Virtual Access Points - partitioning a single physical access point into several logical access points, each of which can have a different set of security and network settings.

SSID Client Isolation prohibits wireless clients in the same subnet from communicating directly with each other and thereby bypassing the firewall.

Retrieved from "http://en.wikipedia.org../../../s/e/r/Service_set_identifier.html"