Service set identifier

A service set identifier, or SSID, is a name used to identify the particular 802.11 wireless LANs to which a user wants to attach. A client device will receive broadcast messages from all access points within range advertising their SSIDs, and can choose one to connect to based on pre-configuration, or by displaying a list of SSIDs in range and asking the user to select one. ESSID stands for Extended Service Set Identifier [citeweb|title=Techinfo Wifi-Terms|url=http://www.datapro.net/techinfo/wifi_term.html|publisher=datapro.net|accessdate=2008-09-30] .

Description

It is normal for multiple access points to share the same SSID if they provide access to the same network.

In 802.11 it is possible to create an ad-hoc network of client devices (an IBSS), in which case the SSID is chosen by the client device that starts the network, and broadcasting of the SSID is performed in a pseudo-random order by all devices that are members of the network.

As the SSID is a name that may be displayed to users, it normally consists of displayable ASCII characters. However the standard does not require this—the SSID is defined as a sequence of 1–32 octets each of which may take any value.

Some wireless access points support broadcasting multiple SSIDs, allowing the creation of Virtual Access Points—partitioning a single physical access point into several logical access points, each of which can have a different set of security and network settings.

"SSID Client Isolation" prohibits wireless clients in the same subnet from communicating directly with each other and thereby bypassing the firewall

Not broadcasting the SSID

Some people have erroneously attempted to improve security by turning off the broadcast of the SSID. [citeweb|title=Debunking the Myth of SSID Hiding|url=http://www.icsalabs.com/icsa/docs/html/communities/WLAN/wp_ssid_hiding.pdf|publisher=icsalabs.com|accessdate=2008-02-06] To a user, depending on the wireless software, the network either does not show up, or is displayed as "Unnamed Network". In any case, one needs to manually enter the correct SSID to connect to the network.

This method is not secure, because every time someone connects to the network, the SSID is transmitted in cleartext even if the wireless connection is otherwise encrypted. An eavesdropper can passively sniff the wireless traffic on that network undetected (with software like Kismet), and wait for someone to connect, revealing the SSID.

A publication by Planet 3 Wireless helps to clear the air with this frequently misinterpreted topic by saying:

In most access points this announcement can be disabled, making it slightly more difficult for an attacker to learn a network's SSID...Some people mistakenly believe that turning off "SSID broadcast" turns off beacons entirely, which is not true." [citebook|author=Joshua Bardwell|coauthors=Devin Akin|publisher=McGraw-Hill|title=CWNA Official Study Guide|page=334|year=2005|edition=Third|isbn=0072255382]

Thus, this should not be the only protection used in a wireless network against determined crackers. [citeweb|title=What is a Wireless Network's SSID?|url=http://kbserver.netgear.com/kb_web_files/N100683.asp|publisher=netgear.com|accessdate=2008-02-06] Real security should be used such as requiring WPA/WPA2.

Basic service set identifier

A related field is the BSSID or Basic Service Set Identifier, which uniquely identifies each BSS (the SSID however, can be used in multiple, possibly overlapping, BSSs). In an infrastructure BSS, the BSSID is the MAC address of the wireless access point (WAP). In an independent (ad-hoc) basic service set, the BSSID is a locally administered MAC address generated from a 46-bit random number. The individual/group bit of the address is set to 0. The universal/local bit of the address is set to 1.

A BSSID with a value of all 1s is used to indicate the broadcast BSSID. A broadcast BSSID may only be used during probe requests.

References