«

"Mark" <> wrote in message
news:9sI%e.4569$...
>
> "Mr T" <> wrote in message
> news:JCx%e.4598$O%....
>>I have recently setup a wireless network with my laptop and 3 desktops. At
>> present I have no security on my network. Can someone advise me what
>> security I need to setup on my network?
>> Thanks
>>
>> Mr T
>>
>>
>>
>
> The best thing to do is enable MAC address filtering on the access point.
> Add the MAC addresses of the wireless networkcards. This will make it much
> harder for any random passer to even connect to the AP network.

LOL that is *not* at all secure! If I was beside your house and you had MAC
filtering on, I could watch about 10 packets, get the MAC address of the
person using the network, then just change my NIC to match it.

The *ONLY* secure way (NOT WEP!!) is to use WPA with AES (NOT TKIP!!!) -
also using WPA with AES means less bandwidth is used in communication, so
you're not sacrificing speed to such an extent.

Always amuses me how random comments get made about this subject.

"DevilsPGD" <> wrote in message
news:...
> In message <lkqa13-> Derek Broughton
> <> wrote:
>
>>Dave Dowson wrote:
>>
>>> 1. disable MAC filtering
>>> 2. turn on SSID broadcast
>>> 3. choose a SSID which clearly identies it as your network [1]
>>> 4. turn off encryption [1]
>>> 5. only permit VPN traffic between the WLAN and any other network
>>> (and only allow VPN authentication through certificates, not
>>> PSKs).
>>
>>Maybe I'm just demonstrating my ignorance, but doesn't VPN require a VPN
>>server on the other end? If I was an authorized user on your WLAN, how
>>would I browse the Internet?
>
> Yes.
>
> Personally, I don't run MAC filtering, WEP, WPA, or anything else...
> However, the only services you'll get on my wireless LAN are a DNS
> server and a VPN server. Depending on which firewall I'm using, the
> only query the DNS server will answer is the VPN server's IP, it doesn't
> even resolve on it's own, it's just there so that I can use the same VPN
> icon on my desktop when I'm on my wireless network or when I'm
> traveling.
>
> Anyone with the ability to break my VPN's encryption will have better
> things to do then monitor my wireless traffic

The fact is, it'll likely only be a script-kiddie hacking your network.
WPA-PSK or WPA2 personal are fine, and wont realistically be hacked. Fact.

Just because you're a fanny running a VPN does not mean other people should
choose this path, you should disable SSID, enable mac filtering, change
default SSID name, enable WPA with AES, or WPA2 with AES+TKIP.

Knob.

> Just because you're a fanny running a VPN does not mean other people should
> choose this path, you should disable SSID, enable mac filtering, change
> default SSID name, enable WPA with AES, or WPA2 with AES+TKIP.

You commented on how random comments get thrown in, yet then suggest
disabling SSID broadcast which has no useful security value and only
makes it more difficult to a) troubleshoot connections, b) detect if
someone else is on the same channel (if you've all disabled SSID
broadcast).

In your previous post, you commented that MAC filtering has no security
value, yet bring it up again here?

Random!

BTW, there are other ways to secure WLAN's without using WPA(2) you know
and more secure than those too.

David.

"David Taylor" <> wrote in message
news: d.com...
> You commented on how random comments get thrown in, yet then suggest
> disabling SSID broadcast which has no useful security value and only
> makes it more difficult to a) troubleshoot connections, b) detect if
> someone else is on the same channel (if you've all disabled SSID
> broadcast).
>
> In your previous post, you commented that MAC filtering has no security
> value, yet bring it up again here?
>
> Random!
>
> BTW, there are other ways to secure WLAN's without using WPA(2) you know
> and more secure than those too.

You would be as well to enable it if you are going to use encryption, it
will take up no noticeable router resources, and will make you think about
who is on your network that little bit more;the normal modern home use will
not normally do that.

ie: a friend brings a laptop round, aha better put his MAC in...

You can use 'net-stumbler' to look at various signal strengths and channels
used in your area. And as a trouble-shooting assistance, it's a good plan,
even if you're a basic home wifi user, to have software that will identify
the above.

Did i suggest using it on your own? Yawn, you're a strange one.

> You would be as well to enable it if you are going to use encryption, it
> will take up no noticeable router resources, and will make you think about

No need if using something stronger.

> ie: a friend brings a laptop round, aha better put his MAC in...

MAC addresses are too easily spoofed.