Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > Wireless security

Reply
Thread Tools

Wireless security

 
 
David Taylor
Guest
Posts: n/a
 
      10-02-2005
> 2nd that
> best & simplest way


So what security does MAC filtering bring to the table?

It doesn't provide any encryption whatsoever.

The valid MAC addresses are broadcast for anyone to sniff.

If the objective is to prevent casual bypassers from connecting, then
even 40 bit WEP has value here and even gives a slither of security.

MAC filtering brings nothing useful from a security standpoint which was
the original question.

David.
 
Reply With Quote
 
 
 
 
Mr T
Guest
Posts: n/a
 
      10-02-2005

"David Taylor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) d.com...
>> 2nd that
>> best & simplest way

>
> So what security does MAC filtering bring to the table?
>
> It doesn't provide any encryption whatsoever.
>
> The valid MAC addresses are broadcast for anyone to sniff.
>
> If the objective is to prevent casual bypassers from connecting, then
> even 40 bit WEP has value here and even gives a slither of security.
>
> MAC filtering brings nothing useful from a security standpoint which was
> the original question.
>
> David.


Have you got any suggestions then please?

Mr T


 
Reply With Quote
 
 
 
 
David Taylor
Guest
Posts: n/a
 
      10-02-2005
> Have you got any suggestions then please?

WPA with a strong passphrase (strong, non dictionary phrase, greater
than 20 characters, non a-z characters.

You haven't actually said what it is that you'd like to achieve from a
security standpoint.

David.
 
Reply With Quote
 
Mark
Guest
Posts: n/a
 
      10-02-2005

"David Taylor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) d.com...
>> 2nd that
>> best & simplest way

>
> So what security does MAC filtering bring to the table?
>
> It doesn't provide any encryption whatsoever.
>
> The valid MAC addresses are broadcast for anyone to sniff.
>
> If the objective is to prevent casual bypassers from connecting, then
> even 40 bit WEP has value here and even gives a slither of security.
>
> MAC filtering brings nothing useful from a security standpoint which was
> the original question.
>
> David.


Sure it does, If your next door neighbor can't access the AP because the MAC
address isn't on the allowed list, then unless they go out their way to
clone one of your wireless card's MAC address they're not going to get
access by default. There for it is useful from a security standpoint.
Not only that, but unless your neighbor knows you have a wireless AP and
have cloned one of the MAC addresses, they won't even see it on the list of
available networks to connect to.
Sure, they can run a lot of tools, a large list can be found at
www.wardrive.net/wardriving/tools. The OP might want to run a few of them on
his network to check how secure is really is. These are the kind of tools
crackers might be using to gain access to the network, but given enough
time, even WEP and any key/pass phrase can be found if you sniff enough
packets on the network.




 
Reply With Quote
 
David Taylor
Guest
Posts: n/a
 
      10-02-2005
> Sure it does, If your next door neighbor can't access the AP because the MAC
> address isn't on the allowed list, then unless they go out their way to


Again, even WEP, poor and cracked though it is, provides the same
inability to associate with the AP *and* encrypts the payload.

MAC filtering does not encrypt the payload so anyone within range gets
to sniff the contect even if they haven't associated so tell me again,
how MAC filtering brings any security to the OP's data?

Don't confuse security with the inability to associate with an AP, it's
not the same thing.

> Not only that, but unless your neighbor knows you have a wireless AP and
> have cloned one of the MAC addresses, they won't even see it on the list of
> available networks to connect to.


Turning on MAC filtering will not prevent the display of the SSID in XP
or netstumbler and turning off SSID broadcasts does not prevent it being
discovered by anyone with a sniffer or even just a copy of kismet or
similar so tell me again, how MAC filtering secures a network because
you did say just MAC filtering.

> crackers might be using to gain access to the network, but given enough
> time, even WEP and any key/pass phrase can be found if you sniff enough
> packets on the network.


Yes, 500,000 packets which can be captured in say 15 minutes. Without
even WEP, no key to crack i.e. NO SECURITY!

David.
 
Reply With Quote
 
Duane Arnold
Guest
Posts: n/a
 
      10-03-2005
> Have you got any suggestions then please?
>


There is a link below for you Mr. T. You're about to enter the Twilight
Zone with someone's drunken mistake old Dave. <g>

http://netsecurity.about.com/cs/wire...aa112203_2.htm

Duane

 
Reply With Quote
 
Richard Tobin
Guest
Posts: n/a
 
      10-03-2005
In article <(E-Mail Removed) >,
David Taylor <(E-Mail Removed)> wrote:

>Don't confuse security with the inability to associate with an AP, it's
>not the same thing.


it's one aspect of security, and MAC filtering gives you that aspect,
which is all many people want.

Just because you want *more* security doesn't mean MAC filtering is
*no* security.

-- Richard
 
Reply With Quote
 
David Taylor
Guest
Posts: n/a
 
      10-03-2005
> it's one aspect of security, and MAC filtering gives you that aspect,
> which is all many people want.


Well since the original poster hasn't said whether he wan't security or
to just keep accidental stumblers off his network we won't know.

> Just because you want *more* security doesn't mean MAC filtering is
> *no* security.


I'd just want some rather than nothing. MAC filtering prevents people
from associating for the amount of time it takes them to run a sniffer
and spoof their MAC address. That in my mind is no security from either
association and certainly no security of the data packets in transit so
I still call that no security.

If you are happy with the illusion that MAC filtering provides your
network with some security, i'm happy for you! Just let me know
where you live.

David.
 
Reply With Quote
 
Jeff Liebermann
Guest
Posts: n/a
 
      10-03-2005
On 3 Oct 2005 16:36:49 GMT, http://www.velocityreviews.com/forums/(E-Mail Removed) (Richard Tobin)
wrote:

>Just because you want *more* security doesn't mean MAC filtering is
>*no* security.
>
>-- Richard


Ah, 5 newsgroups to crosspost. ntl internal groups dropped because my
usenet news server doesn't carry them.

I thought you might be amused to know that the original MAC address
filtering feature was added to solve a problem with multiple access
point systems. There was no way to pre-select which access point one
would connect if all the SSID's were the same. This was a critical
feature for WISP (wireless ISP service) and corporate WLAN's with
fixed wireless desktops. With MAC address filtering one could nail
down a connection to a specific access point and still have roaming
among the other access points for laptops and PDA's. Eventually, this
mutated into a security feature when blocking by MAC addresses was
added. I don't think anyone originally intended it to be much of a
security feature as everyone was counting on encryption to provide
security.

MAC address filtering for security is like locking your door with duct
tape. It does present an obstacle, but is not a replacment for a good
lock.

--
Jeff Liebermann http://www.velocityreviews.com/forums/(E-Mail Removed)-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
 
Reply With Quote
 
Geoffrey
Guest
Posts: n/a
 
      10-03-2005
On Sun, 02 Oct 2005 11:20:40 GMT, David Taylor <(E-Mail Removed)>
wrote:

>> Have you got any suggestions then please?

>
>WPA with a strong passphrase (strong, non dictionary phrase, greater
>than 20 characters, non a-z characters.
>
>You haven't actually said what it is that you'd like to achieve from a
>security standpoint.
>

Be aware that you will incur a significant overhead by setting up
encryption. IIRC it was about 30% when I last set one up at work.

Personally I don't bother with any security on the wireless component
of my network. If anyone is stealing my bandwidth it hasn't been
noticable.

Why do you think you need it?

--
Warning: Do not look directly into laser with remaining eye.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Belkin N1 Wireless USB Adapter (F5D8051 ver 2010uk) and Channel 13. Notes on Pre-N Notebook card (F5D8010 ver 1001uk), Wireless G Notebook card (F5D7011 ver 1000uk) and Wireless G Plus router (F5D7231-4 ver 3000uk) John Wireless Networking 1 07-27-2009 08:41 AM
Wireless Bridge VS Wireless Access Point for DVR connection to wireless network Mark Wireless Networking 0 12-28-2005 09:21 PM
Accessing higher security level from higher security level nderose@gmail.com Cisco 0 07-11-2005 10:20 PM
Going from higher security level interface to lower security interface- HELP!!! - AM Cisco 4 12-28-2004 09:52 PM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM



Advertisments