MAC Filering vs. WEP

After reading a lot on this group I learned about WAC filtering.

I agree that it is a good security gate.

Now, should I also enable WEP in addition to MAC filtering?

Tks

Brian

> Now, should I also enable WEP in addition to MAC filtering?
>

You should enable WEP which encrypts the data that is being transmitted
between the router and the machine so that it cannot be eavesdropped easily.
You should change the SSID on a routine basis too.

Duane

"Duane Arnold" <(E-Mail Removed)> pounded on the keyboard and wrote:

>> Now, should I also enable WEP in addition to MAC filtering?
>>
>
>You should enable WEP which encrypts the data that is being transmitted
>between the router and the machine so that it cannot be eavesdropped easily.
>You should change the SSID on a routine basis too.
>
>Duane
>
>
Tks Duane

Brian
-----------------------------------------------------------------------------------------
Brian J. Rueger | Hampton Div. of Fire & Rescue | "Who dares wins"
Lt./Paramedic | Fire Communications Officer | Hampton, VA.
B.S. Comm/I/SEL Pilot | MSgt, USAF (Ret.) 49199 | NREMT-P
Check out my home page: http://members.cox.net/brueger
"Life's too short to drink LITE beer!"
-----------------------------------------------------------------------------------------

Duane Arnold wrote:
>>Now, should I also enable WEP in addition to MAC filtering?
>>
>
>
> You should enable WEP which encrypts the data that is being transmitted
> between the router and the machine so that it cannot be eavesdropped easily.
> You should change the SSID on a routine basis too.

What will that accomplish? My laptop's software detects available
networks and their SSID.
>
> Duane
>
>
>

Will it detect a network with the SSID broadcast turned off? Try it and let
us know.

--
Bob Alston

bobalston9 AT aol DOT com

"Tim" <(E-Mail Removed)> wrote in message
news:h2nib.189661$(E-Mail Removed) ble.rogers.com...
> Duane Arnold wrote:
> >>Now, should I also enable WEP in addition to MAC filtering?
> >>
> >
> >
> > You should enable WEP which encrypts the data that is being transmitted
> > between the router and the machine so that it cannot be eavesdropped
easily.
> > You should change the SSID on a routine basis too.
>
> What will that accomplish? My laptop's software detects available
> networks and their SSID.
> >
> > Duane
> >
> >
> >
>

You should perhaps reread the thread "MAC address filtering - enough
security??". Bottom line is that MAC addresses can be spoofed very easily.
MAC addresses are transmitted in the clear, whether you have WEP enabled or
not. Anyone with Kismet, which is available free on the web, should be able
to read off the MAC addresses of any stations communicating on your wireless
net. They can configure their stations to masquerade as one of those
addresses.

Bottom line, MAC filtering can't hurt but it would be a mistake to think it
gives you any real protection.

Best thing to do with SSID is disable it, if you can. Changing it frequently
accomplishes nothing. Even if you disable it, that only means that it is not
sent in beacon frames from the AP. It still sent in the clear by any station
associating with the AP on your net.

Bottom line, you should assume that eavesdroppers can figure out your SSID
if they are determined and have the right tools. Kismet, for example, has a
feature called "Hidden SSID decloaking".

You should definitely use WEP with the strongest encryption it supports -
128 bi t or higher, if available. Without WEP, you have almost no security.
However, be aware that WEP can be fairly easily cracked in anywhere from a
half hour to a few hours, depending on how much traffic you generate. Going
from 64-bit WEP to 152-bit WEP actually doesn't improve things very much,
because the way WEP implements RC4 encryption is inherently weak and even
long keys are compromised.

You should use open authentication, not pre-shared key, since pre-shared key
just gives a potential cracker a few extra clues for cracking.


<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> After reading a lot on this group I learned about WAC filtering.
>
> I agree that it is a good security gate.
>
> Now, should I also enable WEP in addition to MAC filtering?
>
> Tks
>
> Brian

>> You should enable WEP which encrypts the data that is being transmitted
between the router and the machine so that it cannot be eavesdropped easily.
You should change the SSID on a routine basis too.

Duane:

Changing the WEP key frequently is very desirable, but, IMO, changing the
SSID frequently has little value.

Bob Alston wrote:

> Will it detect a network with the SSID broadcast turned off? Try it and let
> us know.
>

What good is a network turned off? nobody can use it. What a stupid comment.

Only stupid if you are ignorant.

I said turn off SSID BROADCAST - not turn off the radio. Turning off SSID
broadcast is a commonly recommended security measure. With it off, only
users who know and manually enter the SSID can connect.

Read the attached, especially item #9
http://www.practicallynetworked.com/...ess_secure.htm
--
Bob Alston

bobalston9 AT aol DOT com
"Tim" <(E-Mail Removed)> wrote in message
news:l5Aib.192257$(E-Mail Removed) able.rogers.com...
> Bob Alston wrote:
>
> > Will it detect a network with the SSID broadcast turned off? Try it and
let
> > us know.
> >
>
> What good is a network turned off? nobody can use it. What a stupid
comment.
>

"Bob Alston" <(E-Mail Removed)> wrote in message
news:3lAib.68431$Ms2.27496@fed1read03...
> Only stupid if you are ignorant.
>
> I said turn off SSID BROADCAST - not turn off the radio. Turning off SSID
> broadcast is a commonly recommended security measure. With it off, only
> users who know and manually enter the SSID can connect.
>
> Read the attached, especially item #9
> http://www.practicallynetworked.com/...ess_secure.htm
> --
> Bob Alston

I agree with all the points in this white paper, except point 4, which
recommends using shared-key authentication. I suggest reading the paragraph
entitled "Weak Authentication" on page 5 of:

http://www.wifialliance.org/opensect...rise2-6-03.pdf

In addition to the caution listed there, shared-key authentication gives a
big clue to a potential cracker. It sends 128 bytes of text in the clear,
and then the same 128 bytes encrypted, so a cracker has 128 bytes of
plaintext and encrypted text corresponding to a particular IV. Here's what
the 802.11 1999 standard says about it (clause 8.1.2, "Share Key
Authentication"):

__________________________________________________ __________________________
________
During the Shared Key authentication exchange, both the challenge and the
encrypted challenge are transmitted. This facilitates unauthorized discovery
of the pseudorandom number (PRN) sequence for the key/IV pair used for the
exchange. Implementations should therefore avoid using the same key/IV pair
for subsequent frames.

----------------------------------------------------------------------------
------------------------------------------------

In other words, if your station cannot automatically change to another key
in the keylist immediately after authorization, and you don't do that
manually, using shared-key authentication has helped any potential WEP
cracker.

My home/SOHO router can't make the change automatically. Even if yours can,
shared-key really doesn't enhance your security. If you're using WEP, any
station associating successfully with your router still has to be able to
encrypt and decrypt successfully. If it can do that, then it can pass the
shared-key authentication procedure. If it can't, then it can't do anything
on your network anyway. For home use, WEP with open authentication is at
least as secure as WEP with shared-key, and more secure for most people.

>
> bobalston9 AT aol DOT com
> "Tim" <(E-Mail Removed)> wrote in message
> news:l5Aib.192257$(E-Mail Removed) able.rogers.com...
> > Bob Alston wrote:
> >
> > > Will it detect a network with the SSID broadcast turned off? Try it
and
> let
> > > us know.
> > >
> >
> > What good is a network turned off? nobody can use it. What a stupid
> comment.
> >
>
>