April 17 2008
Vista Wireless Configuration
It’s long been the belief that broadcasting your wireless SSID is horribly unsecure. However, with Vista, people are noticing that maybe that doesn’t work so well anymore. This is mostly due to Microsoft’s belief that NOT broadcasting your SSID is actually less secure.
A non-broadcast network is not undetectable. Non-broadcast networks are advertised in the probe requests sent out by wireless clients and in the responses to the probe requests sent by wireless APs. Unlike broadcast networks, wireless clients running Windows XP with Service Pack 2 or Windows ServerĀ® 2003 with Service Pack 1 that are configured to connect to non-broadcast networks are constantly disclosing the SSID of those networks, even when those networks are not in range.
Therefore, using non-broadcast networks compromises the privacy of the wireless network configuration of a Windows XP or Windows Server 2003-based wireless client because it is periodically disclosing its set of preferred non-broadcast wireless networks.
Microsoft has reflected this in the way Vista connects to non-broadcast wireless network by making it harder for you to do so.
When you run through the wireless network connection wizard and setup you can fill in all the appropriate information correctly and it still won’t work. Why? Well, because it didn’t ask you if you want to allow the connection even if the network is not broadcasting. You have to go back into the connection and check the appropriate check box.
I’m not sure why Microsoft wouldn’t just ask you that question during the setup. It’s either an oversight by Microsoft or they’re trying to help us figure out that non-broadcast is actually less secure. So to fix the issue users just start broadcasting their wireless SSID again and voila! It works!
I’m not a security expert so I don’t really know if it’s more or less secure but Microsoft obviously feels it is and their pushing that with Vista by making it harder to connect to a non-broadcast wireless access point.