Discussion in 'OT Technology' started by NPH, Feb 14, 2008.
Would using MAC Filtering as the only security measure in your wireless network be sufficient?
And how about making the netwok Invisible as well as only MAC Filtering?
No, and no.
Mac filtering is a VERY basic type of filtering... It is easily cracked.
Not broadcasting the SSID is also very basic.
You're best using a "combination", such as MAC filter, disable SSID broadcast, and use WPA2-PSK.
That is an easy setup for most consumer grade hardware without worrying about radius or whatnot.
what exactly are you trying to protect? i use very basic security on my home wireless network because all i care about is keeping my neighbors from stumbling onto my open network. other than that, i really don't care so much about blocking out people trying to hack in. i don't keep anything important on my PC.
you don't want them to make bots out of your pc's either though.
nah, got no problems with that.
My network has my desktop wired, my HTPC wireless, girlfriend's desktop wired, and rarely girlfriend's cell phone. This is in an apartment complex with quite a few other wireless networks around. I might just go a head and make the hole in the wall (currently has cable wire running through it) bigger and squeeze an ethernet cable in there. That or just add encryption. I DO care about what is on my desktop and I know my girlfriend cares about what is on hers.
To turn the PCs into bots though a hacker would still have to get through the firewalls (ZoneAlarm). I don't know how easy that is. Also, I don't see any of my neighbors being hackers of any sort, but I guess you never know.
So you don't care what occurs with your bandwidth/storage/cycles?
Access to your machines please.
no, MACs are so easy to clone, use higher security
Use WPA2-PSK and disable the SSID, MAC filtering too. I keep valuable stuff on my network and I don't want to lose it. Especially with these 2 kids on my street that think they are amateur hackers. Beware war drivers too
Depends on where you live. I live in a rural neighborhood with nothing but old farts around me. I only use MAC filtering, and in the 1 1/2 years my wireless network has been running, I have yet to get any unauthorized access. However, if you live near more people, I'd go with WPA.
nah, i keep an eye on who is on what. i'm actually using WEP which sucks, but it is the best i can use with my TiVo and a 3rd party wireless adapter.
but, living on a dead end street with nothing but old people around, a pond behind my house and pretty thick walls which kills the signal once you leave the building kind of not the greatest place for wardriving.
I don't remember the exact specifics, but this is how a system with MAC filtering can still be used:
You can run a packet sniffer and see the headers of each Ethernet frame. If you can somehow figure out which packets are headed to the protected AP, you can extract the MAC address and spoof your own MAC so the AP will think you are an authorized user.
So, no, it is not a great security measure. In a sparsely populated area, this is probably OK, but not in an urban area, or a college where there is a good likelihood someone in the know will associate with your AP.
wlan is slow enough as it is without turning on encryption. Turn on mac filtering and use that for now and monitor things to see if anyone tries to get on to your network. If that happens, then you have to ramp up the security.
If you can't take that risk, turn on the encryption; or if you're the only person on the wlan then you don't have much to lose with the encryption anyway.
Hiding the SSID won't make it much harder either because it's just as easy to find MAC addresses to spoof and "hidden" SSIDs anyway.
The odds of someone wanting to take the risk of haxing into your wireless and being able to get a good enough signal to want to do that are pretty low, and then for them to want to do something malicious with that even lower imo.
The important thing is that your computer itself be made as secure as possible, planning for the worst if someone compromises your network - because you can be at just as much risk using the internets anyway.