The question have is that if I have the MAC address filtering turned on, and my laptop is the only node allowed on the wireless router, is there any point in turning on the encryption feature? Does someone have to be able to connect to my router inorder to sniff out my packets, or can they do this regardless because of it being a wireless connection? Also, is it possible for someone to impersonate a MAC address? The reason for asking this question is that I'm optomizing my wireless network for performance, but I need to be sure that I'm protected from outside intruders.
Thanks Thomas... that's very useful info to know. One thing that I'm curious about is that if a hacker does not have to connect to an AP to get access to my packets, then what method do they use for doing this?
I'll be encrypting my wireless network. There are several different encryption options for me to use, and I'm not sure which is the most secure option to use. One option is 'WPA Pre-Shared Key' with a WPA algorithm of either TKIP or AES, and another is WEP with 128 bit encryption. Is one better than the other?
Thanks... I found an interesting document on the net last night which covered security issues on wireless networks. Good to understand when protecting you networks, and knowing what the vulnerabilities of your network might be given the type of encryption your using. In particular, it describes just how unsecure WEP encryption really is...
Maybe, maybe not. Some sites and other sources of information about wireless security tend to exaggerate things, possibly to get you to buy things. If I had a very information-sensitive network, I definitely would not go WEP. But for my home use, WEP is fine.
A little OT, but I also found that Nortons and McAfee tend to exaggerate virus threats also, in order to sell products. I do have a virus-protection program on my computer but I use it in a reactive rather than a proactive manner. I find that Nortons does more harm to my computer than not, so I'm left to getting rid of a virus after it has arrived. Still, in 20 years of computer use here at home, I've had ONE virus.
So as is always the case when evaluating information, consider the source and then make decisions.
I only glanced through this document, but closest thing to a conclusion about *how* insecure WEP is that I saw is on page 18: "When network traffic is near the capacity of 11Mbps, cracking a 40-bit WEP key may take three to four hours." I didn't see any estimates for 128-bit WEP or for higher (802.11g) transmission rates. If anybody knows of such estimates, please post!
In an admittedly "lucky run" sniffing a ping flood, Rob Flickenger was able to crack 40-bit WEP in just under 90 minutes ; but this result may have been aided by the "weak IVs" created by older firmware. (See Tim F's comment "The Myth of Easy WEP cracking" below the main article.)
In any case, cracking WEP still requires a significant investment of time by somebody within range of your wireless network. Even after he's cracked your network, an intruder would then have to crack the individual computers on it or wait for something useful to fly by in the packet stream. (You don't send your credit card number via unencrypted email, do you?)
If you've got to worry about something, worry about 4-digit PINs for bank cards, or the lax security that often surrounds medical records, or how easy it is to pick the lock of your front door, or how many of the drivers out there on the road are intoxicated or just plain incompetent. If you really think you're the target of serious espionage, don't use WEP. In fact, don't use wireless at all, cell phones included. Otherwise, why fret about WEP?