Friday, May 21, 2010

SSID Service Set Identifier for Wireless LAN

Service set identifier, or SSID, is a name that identifies a particular 802.11 wireless LAN. A client device receives broadcast messages from all access points within range advertising their SSIDs. The client device can then either manually or automatically—based on configuration—select the network with which to associate. The SSID can be up to 32 characters long. As the SSID displays to users, it normally consists of human-readable characters. However, the standard does not require this. The SSID is defined as a sequence of 1–32 octets each of which may take any value.

It is legitimate for multiple access points to share the same SSID if they provide access to the same network as part of an extended service set.

Some wireless access points support broadcasting multiple SSIDs, allowing the creation of Virtual Access Points, partitioning a single physical access point into several virtual access points, each of which can have a different set of security and network settings. This is not yet part of the 802.11 standard

Basic service set
The basic service set (BSS) is the basic building block of an IEEE 802.11 wireless LAN (according to the IEEE 802.11-1999 standard). In Infrastructure mode a single access point (AP) together with all associated stations (STAs) is called a BSS.[1] This is not to be confused with the coverage of an AP, which is called Basic Service Area (BSA). An AP acts as a master to control the stations within that BSS. In Independent mode a set of synchronized STAs, one of which acts as master, forms a BSS. Each BSS is identified by a BSSID. The most basic BSS consists of one AP and one STA.

Independent Basic Service Set (IBSS)
With 802.11 it is possible to create an ad-hoc network of client devices without a controlling Access Point called an Independent Basic Service Set (IBSS), in which case the SSID is chosen by the client device that starts the network, and broadcasting of the SSID is performed in a pseudo-random order by all devices that are members of the network.
Extended service set

An Extended Service Set is a set of one or more interconnected BSSs and integrated local area networks (LANs) that appear as a single BSS to the logical link control layer at any station associated with one of those BSSs.

The set of interconnected BSSs must have a common service set identifier (SSID). They can work on the same channel, or work on different channels to boost aggregate throughput.
Basic service set identifier (BSSID)

A related field is the BSSID or Basic Service Set Identifier, which uniquely identifies each BSS (the SSID however, can be used in multiple, possibly overlapping, BSSs). In an infrastructure BSS, the BSSID is the MAC address of the wireless access point (WAP). In an IBSS, the BSSID is a locally administered MAC address generated from a 48-bit random number. The individual/group bit of the address is set to 0. The universal/local bit of the address is set to 1.

A BSSID with a value of all 1s is used to indicate the broadcast BSSID. A broadcast BSSID may only be used during probe requests.
Security of Broadcasting SSID

Many access points allow a user to turn off the broadcast of the SSID. With many network client devices, this results in the detected network displaying as an unnamed network and the user would need to manually enter the correct SSID to connect to the network.

Unfortunately, turning off the broadcast of the SSID may lead to a false sense of security. The method discourages only casual wireless snooping, but does not stop a person trying to attack the network.[2]

It is not secure against determined crackers, because every time someone connects to the network, the SSID is transmitted in cleartext even if the wireless connection is otherwise encrypted. An eavesdropper can passively sniff the wireless traffic on that network undetected (with software like Kismet), and wait for someone to connect, revealing the SSID. Alternatively, there are faster (albeit detectable) methods where a cracker spoofs a "disassociate frame" as if it came from the wireless bridge, and sends it to one of the clients connected; the client immediately re-connects, revealing the SSID.[3]

As disabling SSID doesn't offer protection against determined crackers, proven security methods should be used such as requiring 802.11i/WPA2.

TKJ SMKN 1 Purwodadi by widoajiwibowo. Powered by ICT Center Purwodadi and Supported by Hanya Kutipan