One of the ill-effects of changing the default SSID on your Access Points/Routers, and disabling SSID broadcast on your Access Points/Routers, is that your access point becomes invisible to everyone -including your own wireless client PCs, PDAs, and all your other wireless networking devices.

Therefore, unless you configure your wifi clients to connect (only) to that particular trusted AP or Wireless Router of yours that is no longer announcing itself to the world, wireless adapter cards installed in your wireless-enabled computers are not going to find your APs, WiFi Routers or Wireless Gateways. As soon as you power up your wireless clients, they will most likely default to looking/scanning around for any available APs. It is very possible, therefore, that if any of your (friendly?) neighbor happens to be running an AP (or a wireless gateway) that broadcasts a factory default SSID, your wireless adapter cards are going to discover it, and will try and get associated with it. It should be no surprise that most wireless intruders like to just show up in their victim’s wifi-space with an AP that is setup to broadcast one of those factory default SSIDs; and configured to happily allow anyone that is ignorant enough to want to get connected with their rogue AP.

What really compounds this problem is that certain versions of Microsoft XP operating system have their network configlet setup (by default) to connect with any available networking service provider gateways. Oddly enough, Microsoft was suggesting its users to NOT disable SSID on their APs! They used to even state: "Disabling SSID broadcasts on an access point is not considered a valid method for securing a wireless network." Looks like this oddity (or should we call it a feature?) has been (reportedly) patched up in recent versions of Windows XP.

Just to be safe, however, follow these instructions to verify/configure your computer to NOT connect to unknown APs or untrusted wireless gateways:

Stop Windows from connecting to unknown WLANs:

1. Launch Windows Control Panel
   
2. Double click on Network Connections
   
3. Double click on your Wireless Network Connection
   
4. Click on Properties button
   
5. Click on Wireless Networks tab
   
6. Click on the Advanced button
   
7. Uncheck the box labeled something like: Automatically connect to non-preferred networks
   
8. Click "Ok" your way out of these screens.
   
9. Reboot.

This should configure your computer to not connect to any unknown wireless service providers (APs, Gateways, etc.) –if they just happen to show up in its vicinity.

This in itself, however, does not really fully protect you from those that may show up in your wireless world with fake identity -especially if you are using "known" third-party (wifi hotspots at hotels, airports, convention centers, or at your favorite corner cafe) wlans.

What is there to stop someone from scanning for the SSID that APs on any such "known" public wireless networks, and then configuring one of his/her own "pocket AP" with such a fake identity (SSID); and carrying out that age-old >em>Man in the Middle attack? There is nothing that you can do to stop someone from launching such an attack using a fake identity. What you can do, however, is use additional safety measures to verify that your friendly AP is actually what it claims to be. Some of the ways to further verify a wireless device's credentials include: MAC address verification/filtering, IP-address based verification filtering, and using a pre-shared secret authentication/encryption key.