Better To Use Computer MAC Address Then Router Address For More Security

On my router/firewall I have an option to use the Router mac or the computer one, I'm wondering is it more secure to use the computer one, that way the router mac is more hidden, giving better security?

THANKS

 

So you would rather expose your computer instead of the router? The router is there to act as a barrier between you and the world. Let the router do its thing. You should, however, make sure you change the default password, and you should limit the number of connections to number you need.

 

Sheesh what a bonehead, I don't know what I was thinking, of course only use the router mac, not expose the pc... Sheesh I must of been in the twilight zone for sure when I asked that, LOL...

Limit the number of connections to number you need? Huh, what?

 

Hey - the stupid question is the one not asked!

In your router's menu system, you should see some options to restrict access to only specific IPs, or a range of IPs. If you only have 2 computers, then you don't need to allow access to 200. This is not a big issue with Ethernet (wired), but can be if wireless.

 

Well I have what's called the 'Wireless Card Access List' and I use this to only allow the boxs on by mac address...

I think that takes care of what you're saying...

For other security I use WPA2 and I disable the SSID broadcasting.

 

What about the default passwords?

 

Enabling WPA or WPA security for your wireless is all you need. Disabling SSID broadcasting actually won't stop kids from getting into your network if they're looking. If kids are looking to break into wireless..they use tools which still see wireless networks even if SSID broadcast is disabled. The only thing disabling SSID broadcasting does is prevent innocent neighbors next door from seeing your network in their Windows wireless config.

Keep the routers firmware up to date
Make sure the routers web admin password is changed from the default
Keep your SSID unique, enable WPA or higher, sit back and enjoy.

 

SSID broadcasting does not let anyone "in" or keep anyone out" regardless the setting. Saying it won't stop kids from getting in could be confusing. Access control is not its function.

If you own an Internet Cafe, you want folks who visit to easily find your "hot spot" so you enable SSID Broadcasting and name your network DosFoxCafe. The purpose is to announce, "here I am" so anyone with a notebook, cell phone, or PDA configured for wireless networking can easily pick your cafe over Joe's Bookstore next door.

If you don't want to announce your network's presence, you disable SSID broadcasting - you simply take down the sign intended to draw people's attention. This keeps all "normal" users from accidentally discovering your network. ANYONE "looking" for wireless networks as possible "targets" for malicious deeds will still be able to see your network using any notebook, easy to find software, and a good, perhaps directional antenna.

So all disabling SSID broadcasting does is keep nosy neighbors from accidentally discovering you have a home wireless network. And that alone will keep most honest people honest.

But just because some neighbor (and not just the kids ), wannabe hacker, or even a determined badguy cruising your neighborhood is able to "see" your SSID broadcast, that does not mean he or she has, or can get access to your network.

Bottom line is this - SSID broadcasting "announces" the "presence" of your network. If you disable broadcasting, it is less likely nosy neighbors will stumble on it and start entering your pets' names, trying to guess your password.

Badguys go for the easy pickings, then quickly move on. Disabling SSID broadcasting will not stop a determined badguy scanning neighborhoods and big apartment complexes from detecting your network. But it does send a message to him that you have taken one step for securing your network so chances are you took more and changed other defaults and took other precautions. Unless this badguy has targeted you personally, they don't want to waste their time or bother, and move on to easier pickings.

Of course none of this is an issue with Ethernet.

 

A hidden SSID can make wireless LANs less user friendly, it also forces your wireless devices to probe for your network, as well as, in some cases, cause some network devices from connecting at all. Another downside to disabling SSID broadcasting for your network is that it prevents others from knowing what channel your network is using which could help eliminate co-channel interference. They would know to select a channel farther away from those most in use. My preference is to keep SSID broadcasting enabled.

Anyone looking for a system to hack doesn't give a hoot if the SSID broadcasting is disabled - they look to the encryption scheme as that is the design to stop unauthorized access so use WPA2 or WPA.

 

User friendly and secure often don't play together.

That's true - it is not for folks "looking".

 

You made the above statement in regards to SSID broadcast disabling, which I agree with, but then you infer SSID broadcasting is a security issue in your last post.

It boils down to proper WPA2 encryption of the wireless signal is the way to secure a wireless network signal (included in the three points YeOldeStonecat posted which are what is needed). Disabling SSID doesn't help secure it.

 

Did you read my whole post? It would appear not.

It is a security issue! But you imply it is so easy to defeat, why bother using it? That is flawed logic. Why lock your window and close the blinds when someone can just break the glass and climb in? You lock it to keep kids and wannabes out. You close the blinds so folks can't see your big screen TV and get some idea to come steal it. You do the little things to minimize "crimes of opportunity". Disabling SSID is one of those little things. Of course, it will not stop a determined thief! But it will stop kids, most wannabes, and most nosy neighbors - out of sight, out of mind.

What is even more flawed is this,

So you want to announce to the neighborhood that you have a wireless network, computers and probably other nice, fenceable, high-tech stuff in your house? And you want to announce what channel to use to connect to your network? You don't see a security issue here?

Now if you host wireless LAN parties, that's different - enabling SSID broadcasting may be advantageous - but that certainly is not what the typical home network is used for.

Disabling SSID broadcasting is one, and just one of the little things you do to secure a "private" wireless network. It and by itself does not secure a network, it just turns off the flashing neon lights announcing its presence.

 

I get better performance with broadcasting my SSID with a strong 20-character computer generated key. Even MS says that hidden networks do not increase security in this TechNet blog.

 

I think we are focusing on two different things from two different angles - with some refusing to see the other side.

Most Wifi networks are in the home, installed because folks need to share an Internet connection, but don't want to pull Ethernet cables through walls, floors, and ceilings. There are typically only 2, maybe 3 computers that need connection. Not dozens coming and going.

If you have a business, and folks coming and going need wireless access - enable broadcasting. But if like most home WiFi administrators, your network is private, and you wish it to remain so, disabling SSID will help keep it that way. If your computer does not connect, fix the computer! Will it stop a badguy focused on you? No. It was never intended to do that.

I am not saying you must disable SSID broadcasting to secure your network. I said to avoid accidental discovery, disable it. TechNet is NOT for home users - I have a subscription. Most home users do NOT want other computers to easily connect. Most home users do not want the 14 year old kid next door snooping around by chance.

 

I didn't say it was access control. Some people think that disabling SSID broadcast will keep people out. The reality is, it only keeps innocents and the like from stumbling across your network. But anyone with ambitions to find some network and break into it will be using any of the many tools out there which now make it easy..and those tools will still "see" your wireless network even if you've disabled SSID broadcast.

Oddly enough, quite a few wireless client devices have issues connecting to your wireless network if SSID broadcast is disabled.

Before biting fingernails, losing sleep, and ripping hair out....think about the application of this wireless network. Is it just a home network? What kind of neighbors do you have..mature adults, or a houseful of EMO looking grungy kids next door who live on their computers 23.9 hours per day?

Enable WPA or higher..sit back, and relax. I don't care how many people can see my wireless network...it's locked(secured)..they are not getting in. They can stare at my SSID in their wireless sniffing utility all they want, I'll look out my window and flip them the bird, point and laugh at them..they aren't getting in.

The people that are computer savvy enough to break into wireless networks that have "some" sort of security, will be using tools that can see the SSID anyways. So disabling SSID broadcast only stops grandma next door or those amateur users who use the windows zero config to browse and find their own. If I have WEP or higher..they're stopped right in their tracks. The kid who will employ a tool to begin to sniff and crack WEP will be (and now we're back to this point again) a tool that will see my SSID anyways!

 

I do not worry about Grandma next door - I worry about her grandson who comes to visit. I'm not even worried about the kid on the other side - I know him. I don't know all his friends.