Wireless security

Apologies all for x-post

Mr T - dont be so f'ing lazy - hit google. This has been done to death.

Cheers

Then what??? :)

What sort of answer is "hit google"?

You need to login to your router of access point and setup WPA encryption (if it's supported) WPA-PSK to be exact... then enter a nice long pass phrase.

You need to configure the PC's for WPA-PSK to be able to connect. Assuming the PC's network cards/operating system are able to do this...

As you can see there are lots of variables...

Take look here for some more info...

Mr T must be chuffed with all the help you gave...

| >>What sort of answer is "hit google"? | >>

| >

| > | > | > | > | > | >

With a name like "Justin", what else do you expect.....??

*snigger*

| "Justin Thompson" wrote in message | news: snipped-for-privacy@4ax.com... | > On Sun, 02 Oct 2005 01:00:43 GMT, "Doz" wrote: | >

| >>What sort of answer is "hit google"? | >>

| >

| > | > | > | > | > | >

With a name like "Justin", what else do you expect.....??

The best thing to do is enable MAC address filtering on the access point. Add the MAC addresses of the wireless networkcards. This will make it much harder for any random passer to even connect to the AP network.

2nd that best & simplest way

mike

Thanks to everyone who contributed sensible answers :)

Mr T

So what security does MAC filtering bring to the table?

It doesn't provide any encryption whatsoever.

The valid MAC addresses are broadcast for anyone to sniff.

If the objective is to prevent casual bypassers from connecting, then even 40 bit WEP has value here and even gives a slither of security.

MAC filtering brings nothing useful from a security standpoint which was the original question.

David.

Have you got any suggestions then please?

Mr T

WPA with a strong passphrase (strong, non dictionary phrase, greater than 20 characters, non a-z characters.

You haven't actually said what it is that you'd like to achieve from a security standpoint.

David.

Sure it does, If your next door neighbor can't access the AP because the MAC address isn't on the allowed list, then unless they go out their way to clone one of your wireless card's MAC address they're not going to get access by default. There for it is useful from a security standpoint. Not only that, but unless your neighbor knows you have a wireless AP and have cloned one of the MAC addresses, they won't even see it on the list of available networks to connect to. Sure, they can run a lot of tools, a large list can be found at

The OP might want to run a few of them on his network to check how secure is really is. These are the kind of tools crackers might be using to gain access to the network, but given enough time, even WEP and any key/pass phrase can be found if you sniff enough packets on the network.

Again, even WEP, poor and cracked though it is, provides the same inability to associate with the AP *and* encrypts the payload.

MAC filtering does not encrypt the payload so anyone within range gets to sniff the contect even if they haven't associated so tell me again, how MAC filtering brings any security to the OP's data?

Don't confuse security with the inability to associate with an AP, it's not the same thing.

Turning on MAC filtering will not prevent the display of the SSID in XP or netstumbler and turning off SSID broadcasts does not prevent it being discovered by anyone with a sniffer or even just a copy of kismet or similar so tell me again, how MAC filtering secures a network because you did say just MAC filtering.

Yes, 500,000 packets which can be captured in say 15 minutes. Without even WEP, no key to crack i.e. NO SECURITY!

David.

There is a link below for you Mr. T. You're about to enter the Twilight Zone with someone's drunken mistake old Dave.

Duane :)

Ah, 5 newsgroups to crosspost. ntl internal groups dropped because my usenet news server doesn't carry them.

I thought you might be amused to know that the original MAC address filtering feature was added to solve a problem with multiple access point systems. There was no way to pre-select which access point one would connect if all the SSID's were the same. This was a critical feature for WISP (wireless ISP service) and corporate WLAN's with fixed wireless desktops. With MAC address filtering one could nail down a connection to a specific access point and still have roaming among the other access points for laptops and PDA's. Eventually, this mutated into a security feature when blocking by MAC addresses was added. I don't think anyone originally intended it to be much of a security feature as everyone was counting on encryption to provide security.

MAC address filtering for security is like locking your door with duct tape. It does present an obstacle, but is not a replacment for a good lock.

it's one aspect of security, and MAC filtering gives you that aspect, which is all many people want.

Just because you want *more* security doesn't mean MAC filtering is

*no* security.

-- Richard

Well since the original poster hasn't said whether he wan't security or to just keep accidental stumblers off his network we won't know.

I'd just want some rather than nothing. MAC filtering prevents people from associating for the amount of time it takes them to run a sniffer and spoof their MAC address. That in my mind is no security from either association and certainly no security of the data packets in transit so I still call that no security.

If you are happy with the illusion that MAC filtering provides your network with some security, i'm happy for you! :) Just let me know where you live. ;)

David.