question about wifi security

Hi,

On my home set-up, I have 3 mac laptops (all running 10.3 or 10.4)
linked to a zoom router via a belkin WAP. I've used MAC filtering as a
way to keep other computers out, and it certainly seems to work. Are
there security problems with this method?

TIA

--
David Horne- http://www.davidhorne.net
usenet (at) davidhorne (dot) co (dot) uk
http://www.davidhorne.net/pictures.html http://soundjunction.org

MAC filtering on it's own is not a good method. It's relatively simple to
spoof MAC addresses. If your router offers WPA I'd use that.

Dan

"David Horne, _the_ chancellor of the royal duchy of city south and
deansgate" <(E-Mail Removed)> wrote in message
news:1hmddr4.1fjmxn1loye6mN%this_address_is_for_sp (E-Mail Removed)...
> Hi,
>
> On my home set-up, I have 3 mac laptops (all running 10.3 or 10.4)
> linked to a zoom router via a belkin WAP. I've used MAC filtering as a
> way to keep other computers out, and it certainly seems to work. Are
> there security problems with this method?

Are you using WEP or WPA?
If neither then you have *no* security.

dennis@home <(E-Mail Removed)> wrote:

> "David Horne, _the_ chancellor of the royal duchy of city south and
> deansgate" <(E-Mail Removed)> wrote in message
> news:1hmddr4.1fjmxn1loye6mN%this_address_is_for_sp (E-Mail Removed)...
> > Hi,
> >
> > On my home set-up, I have 3 mac laptops (all running 10.3 or 10.4)
> > linked to a zoom router via a belkin WAP. I've used MAC filtering as a
> > way to keep other computers out, and it certainly seems to work. Are
> > there security problems with this method?
>
> Are you using WEP or WPA?
> If neither then you have *no* security.

No. I should look iinto it then- the WPA has both.

--
David Horne- http://www.davidhorne.net
usenet (at) davidhorne (dot) co (dot) uk
http://www.davidhorne.net/pictures.html http://soundjunction.org

"David Horne, _the_ chancellor of the royal duchy of city south and
deansgate" <(E-Mail Removed)> wrote in message
news:1hmddr4.1fjmxn1loye6mN%this_address_is_for_sp (E-Mail Removed)...
> Hi,
>
> On my home set-up, I have 3 mac laptops (all running 10.3 or 10.4)
> linked to a zoom router via a belkin WAP. I've used MAC filtering as a
> way to keep other computers out, and it certainly seems to work. Are
> there security problems with this method?
>

My view is that it depends on the location.
At home I just use mac address filtering as my network barely works outside
the house and I am in a remote location.
At work I use WEP encryption because there is a nice car park outside and
six other networks that can be received from here due to the height and
proximity of other businesses.

Encryption uses more processing resources but if you are showing as
unsecured people will tend to try yours and it will just lead to trouble,


--
Gordon Hudson || Hostroute.com Ltd
e-mail:ghudson [at] hostroute.net
http://www.hostroute.co.uk/resellers Host 5 web sites for £9 per month
http://www.nameroute.co.uk/ Domain Names with free hosting and email
http://www.myqth.co.uk/ 3000MB of web space for £29 per year

"Gordon Hudson" <(E-Mail Removed)> wrote in message
news:451ba2f6$0$632$(E-Mail Removed)...

> My view is that it depends on the location.
> At home I just use mac address filtering as my network barely works
> outside the house and I am in a remote location.

Where are you?
I can put a nice 20db gain aerial on my laptop and could probably get a
connection at a few hundred feet without being too obvious.

Just because your wireless adapters can't get a connection outside your
building doesn't mean a better adapter can't.
Radio doesn't just stop, it just fades a bit.

David Horne, _the_ chancellor of the royal duchy of city south and
deansgate wrote:

>Hi,
>
>On my home set-up, I have 3 mac laptops (all running 10.3 or 10.4)
>linked to a zoom router via a belkin WAP. I've used MAC filtering as a
>way to keep other computers out, and it certainly seems to work. Are
>there security problems with this method?
>
>TIA

Use the highest level of encryption that you can; WEP is reputedly
easily broken; WPA-PSK with TKIP is much better. I tried WPA-RSA but
had problems.

If you want to generate unique long random keystrings, try

https://www.grc.com/passwords.htm

Copy the string to a Notepad file on a USB memory dongle for easy
portability and 'air gapping' when not is use for other things.

Ensure that you turn off "management over wireless" (but that means
you'll need to run an ethernet connection to talk to your router).

Turn off SSID broadcast.

Use MAC address filtering for allowed computers.

Don't use default passwords or usernames (plenty of people do!)

Don't send your SSID or keystring information over the internet, use
the USB memory stick to set up your computer's network properties.

There is no such thing as absolute security, but running the above
should keep things fairly tight.

"dennis@home" <(E-Mail Removed)> wrote in message
news:9vMSg.26098$(E-Mail Removed) .uk...
>
> "David Horne, _the_ chancellor of the royal duchy of city south and
> deansgate" <(E-Mail Removed)> wrote in message
> news:1hmddr4.1fjmxn1loye6mN%this_address_is_for_sp (E-Mail Removed)...
>> Hi,
>>
>> On my home set-up, I have 3 mac laptops (all running 10.3 or 10.4)
>> linked to a zoom router via a belkin WAP. I've used MAC filtering as a
>> way to keep other computers out, and it certainly seems to work. Are
>> there security problems with this method?
>
> Are you using WEP or WPA?
> If neither then you have *no* security.

I have several computers in a wireless network, including one laptop running
the latest version of XP, with a Belkin 54g wireless notebook card. When I
configure that particular laptop, for some reason WEP comes up as an option
but not WPA. I have tried installing the latest drivers but to no avail. Is
there any obvious explanation that I might have overlooked?

Actually, it fades a lot; it's an inverse square law - a doubling of
distance quarters the power received.

"dennis@home" <(E-Mail Removed)> wrote in message
newsVNSg.26123$(E-Mail Removed) .uk...
>
> Radio doesn't just stop, it just fades a bit.

"Burton Bradstock" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> David Horne, _the_ chancellor of the royal duchy of city south and
> deansgate wrote:
>
> >Hi,
> >
> >On my home set-up, I have 3 mac laptops (all running 10.3 or 10.4)
> >linked to a zoom router via a belkin WAP. I've used MAC filtering as a
> >way to keep other computers out, and it certainly seems to work. Are
> >there security problems with this method?
> >
> >TIA
>
> Use the highest level of encryption that you can; WEP is reputedly
> easily broken; WPA-PSK with TKIP is much better. I tried WPA-RSA but
> had problems.
>
> If you want to generate unique long random keystrings, try
>
> https://www.grc.com/passwords.htm
>
> Copy the string to a Notepad file on a USB memory dongle for easy
> portability and 'air gapping' when not is use for other things.
>
> Ensure that you turn off "management over wireless" (but that means
> you'll need to run an ethernet connection to talk to your router).

there are good reasons to "manage" on the LAN - but if it is secure then
shouldnt be an issue (and some kit justbridges wireless and wired ports
together, so doesnt let you disable this anyway - such as my Netgear WGR614)

>
> Turn off SSID broadcast.

pretty worthless as a security measure - and SSID is one of the ways your
wireless adaptor finds the router and connects, so can make the connection
less reliable.
>
> Use MAC address filtering for allowed computers.

Helps a bit - but the MAC addresses are there in "clear" whenever one of
your devices transmits - so they can be picked up easily , and then a
different adaptor programmed to use the same MAC and spoof your connection.

definitely more pain and little gain.
>
> Don't use default passwords or usernames (plenty of people do!)

definitely.

the main thing to protect is the WPA key - so if you lose a laptop / PDA,
USB key with it, then time to change to a new key.

router passwords should only be useable inside your LAN / WLAN. A lot of
home kit will not let you change the "admin" login username.

dont forget to change passwords, keys etc from time to time anyway. After
all WEP was supposed to be uncrackable security - until it was cracked....
>
> Don't send your SSID or keystring information over the internet, use
> the USB memory stick to set up your computer's network properties.

if someone is reading your mail, then worrying about WPA keys should be a
long way down the list of things to panic about .
>
> There is no such thing as absolute security, but running the above
> should keep things fairly tight.

The really paranoid run IPsec VPN over the wireless so that even a
successful intruder cannot see traffic or access the Internet.

Or you could just run a few cables around the place......
--
Regards

(E-Mail Removed) - replace xyz with ntl