I'm fairly new to wireless networking but not a dummy. I have a D-Link 900+ access point which allows me to set filters for the MAC addresses I want to allow on my wireless network. Is using this manner of 'security' as good as, better than, poorer or not related to controlling access to my network? I am shying away from WEP at this point because one node is fairly distant and I don't want to take a system-wide performance hit if the MAC filtering will do just as well.
Any help will be greatly appreciated.
Thanks in advance,
Glenn M. Dunn
dunngm@swbell.net
wireless filter vs WEP
MAC filtering will prevent access to your lan. WEP will prevent others from monitoring traffic between WAP and card. Subtle difference.
Both *can* be circumvented, however - MACs may be spoofed and their is software that captures wifi streams and writes them to disk, allowing you to go back later and break the crypt.
What's 'enough' depends on yoru threshold for pain
Both *can* be circumvented, however - MACs may be spoofed and their is software that captures wifi streams and writes them to disk, allowing you to go back later and break the crypt.
What's 'enough' depends on yoru threshold for pain
anything is possible - nothing is free
Blisster wrote:It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)
-
dunngm
Thanks for the reply.
I thought as much. Since I am mostly interested in keeping the casual surfer out of my network, I'll probably just stick w/ the MAC filtering.
I realize that anyone who really wants to get in, can.
What exactly is 'spoofing?' I've heard the term serveral times, but never seen it defined.
Again,
Thanks
Glenn M. Dunn
I thought as much. Since I am mostly interested in keeping the casual surfer out of my network, I'll probably just stick w/ the MAC filtering.
I realize that anyone who really wants to get in, can.
What exactly is 'spoofing?' I've heard the term serveral times, but never seen it defined.
Again,
Thanks
Glenn M. Dunn
Spoofing usually means sending false credentials.. you can spoof an ip address (this is easy in bsd/linux if you build your own kernel) - this may allow you to bypass a firewall, for example, where inbound traffic is only allowed from a specific address.
In your case, someone could manually set their MAC address and then keep trying to access. I believe there is malware out there that will run through all possible MACs and register whether any were given access. Much like a port scan in teh wired world.
Password protect important directories/data. Maybe get a personal firewall and only allow traffic from other hosts on your LAN....WEP is the bandwidth killer, but unfortunately windows networking is very chatty and a lot of stuff you don't want known (passwords) is flying around.
Skye
In your case, someone could manually set their MAC address and then keep trying to access. I believe there is malware out there that will run through all possible MACs and register whether any were given access. Much like a port scan in teh wired world.
Password protect important directories/data. Maybe get a personal firewall and only allow traffic from other hosts on your LAN....WEP is the bandwidth killer, but unfortunately windows networking is very chatty and a lot of stuff you don't want known (passwords) is flying around.
Skye
anything is possible - nothing is free
Blisster wrote:It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)
I personally just use mac address filtering, WEP can easily be broken in under 30 minutes, and mac address filtering can be broken just as easily. Simply put, they both basically just keep a passing war driver or a neighbor who doesn't know much about computers off of your network. Anyone who wants to get in WILL.