CWNA: Certified Wireless Network Administrator v108 — Question 29

You are the network administrator for ABC Company. Your manager has recently attended a wireless security seminar. The seminar speaker taught that a wireless network could be hidden from potential intruders if you disabled the broadcasting of the SSID in Beacons and configured the access points not to respond to Probe Request frames that have a null SSID field.
Your manager suggests implementing these security practices. What response should you give to this suggestion?

Answer options

• A. Any 802.11 protocol analyzer can see the SSID in clear text in frames other than Beacons frames. This negates any security benefit of trying to hide the SSID in Beacons and Probe Response frames.
• B. To improve security by hiding the SSID, the AP and client stations must both be configured to remove the SSID from association request and response frames. Most WLAN products support this.
• C. Any tenants in the same building using advanced penetration testing tools will be able to obtain the SSID by exploiting WPA EAPOL-Key exchanges. This poses an additional risk of exposing the WPA key.
• D. This security practice prevents manufacturers' client utilities from detecting the SSID. As a result, the SSID cannot be obtained by attackers, except through social engineering, guessing, or use of a WIPS.

Correct answer: A

Explanation

The correct answer is A because even if the SSID is hidden in Beacons, it can still be detected in other frames, which diminishes the effectiveness of hiding it. Options B and D incorrectly suggest that hiding the SSID provides significant security benefits, while option C focuses on a different vulnerability that does not relate to SSID broadcasting.