Security on Wireless Network

I use MAC filtering for security purposes. I specify the MAC addresses on the three computers in my home which are my family's network. Is there any additional security to be gained by using encryption?

 

LowWaterMark -

Thank you for your reply. And I am digging through the lengthy link you provided. But help me understand why MAC filtering is only 1% effective? When I bring another laptop into the house, I can't access my network and I can't access the internet - that seems like good security. What am I missing here?

 

hello lenC,
with a simplebit ofsoftware you can find out the mac addresses allowed and spoof the macaddress and then use the network.
also if no encryption then anyone can use a packet sniffer and find out everything your sending.

 

Thank you. I understand and I am convinced of the need for encryption.

Hopefully, it's not too late

 

That is, for me, the important part. To paraphrase another post on another forum, "it's not merely possible, it's trivial".

 

I'm encrypted. THANK YOU for your advice. I had no idea how easy it is to do.

I actually did some research on the topic and selected WPA-2. I had my three home computers working just fine with WPA-2. The problem was with my office laptop, which I like to bring home and use (how sad is that ). Anyway, WPA-2 is not an option on my laptop in the drop down box for selecting an encryption method. So, I switched to WPA as the encryption method - it was a choice on my laptop (and my home computers).

So I am using WPA. Is that a reasonably secure encryption method? I get the sense that WPA-2 is better because it is newer.

 

Yes, WPA is secure enough.
What changes from WPA to WPA2 is the encryption algorithm, from TKIP to AES. Although the second is considered more secure, there are no known attacks against WPA that are not valid against WPA2.
One suggestion: make sure you use a very secure password, no matter if you use WPA or WPA2.

 

Thank you Markoman -

Having been fortunate to survive in this world with an open network - I got a little paranoid when I realized the potential dangers. I have a strong encryption key.

 

Besides the obvious
- enable WPA2 encryption with long password
- add password for admin and user
- change names of admin and user
- change SSID name
- change IP address of the router configuration software

I also did
- add PIN (needed to add wireless devices to network)
- enabled Wireless Network Partitioning (so clients can not access each other)
- added MAC address control
- added DHCP reservation, to still use DHCP but always allocate the same IP addresses to the clients
- added a inbound filter to log only the (above) IP's and deny all other machines (IP's) to the network
- disable UPnP
- disable WAN respons on ping
- disable remote admin

Used the routers
- SPI firewall
- DOS/DDOS attack prevention
- ARP spoofing protection

And did HIDE the SSID (so it is not visible in the neigbourhood)

On the down side: we don't run any software firewall

 

Hi Kees1958. Looking at your wireless setup, I would like to post my opinion about it. For the use of you, and every other reader of the forum:

I agree with:

I don't agree with:

and this is why:
- if even you change the IP of the router, it will take a port scanner 3 minutes to find its new IP
- it takes 3 minutes of traffic analysis with aircrack-ng and any MAC spoofer (aircrack-ng can do it itself) to change a MAC address
- This doesn't add any security: this configuration won't prevent the attacker from setting his maching with an IP compatible with our network.
- Still using aircrack-ng, it won't take more than few minutes in order to spot your hidden wireless access point.

So, these 4 settings, add no extra security, but extra hassle to the legitimate user.

About

requires quite some work on configuring and mataining the network devices, besides adding inconvenience to the legitimate user, so I would advice this kind of setup only to lcoations with HIGH SECURITY needs.

And this:

is good configuration habits, but not only about wireless netowrks.

And this is BAD! Compromise your host, and the most secure network setup becomes useless. The attacker won't even need to break into your network, since he already will be IN your network controlling your PC.