Which statement best describes best practice for broadcast SSID in a corporate wireless network?

• A. Hide the SSID to improve security
• B. Use strong encryption and do not rely on hiding the SSID as a security measure
• C. Disable encryption to simplify access
• D. Broadcast SSID only on internal VLAN

Answer: (B)

Security for wireless networks relies on strong encryption and proper authentication, not on obscuring the network name. Hiding the SSID gives a false sense of security because it doesn’t prevent access; it only makes the network less visible to casual shoppers. Determined attackers can still discover the network and, more importantly, can capture traffic and break into weakly protected networks. The reliable way to protect a corporate wirelesslan is to enforce strong encryption (such as WPA2-Enterprise or WPA3-Enterprise) with robust authentication (802.1X and a central server like RADIUS) so that only authenticated users or devices can connect, and the data remains protected in transit. Broadcasting the SSID is fine and commonly done because it helps legitimate devices find the network, while encryption handles access control and data security. Disabling encryption would leave everything open and exposed, which is not acceptable for a corporate environment. Limiting the SSID to an internal VLAN without strong encryption still leaves data unprotected if other flaws exist, so it’s not a substitute for proper security.