security on a wlan

Discussion in 'Wireless Networking' started by Jeff@unknown.com, Jul 27, 2008.

  1. Guest

    I get the impression from reading the messages on this newsgroup that the
    only security settings in the router one really needs in a home wireless LAN
    are:
    a) change the SSID from the default
    b) use WPA-PSK

    Is it really the consensus that things like
    c) not broadcasting the SSID
    d) MAC filtering
    e) IP filtering
    f) setting router firewall rules
    etc.
    that are available in the router settings are a waste of time and can be
    ignored?

    Thank you.

    Jeff
     
    , Jul 27, 2008
    #1
    1. Advertising

  2. <> wrote:
    > I get the impression from reading the messages on this newsgroup that
    > the only security settings in the router one really needs in a home
    > wireless LAN are:
    > a) change the SSID from the default
    > b) use WPA-PSK
    >
    > Is it really the consensus that things like
    > c) not broadcasting the SSID


    If you do that, it will probably cause problems; don't.

    > d) MAC filtering


    You can, but MAC addresses are easily spoofed, so I don't bother

    > e) IP filtering


    Not sure what that means in this context

    >> f) setting router firewall rules


    Also not sure what that means. You should have these anyway...nothing
    inbound should be allowed by default.

    > etc.
    > that are available in the router settings are a waste of time and can
    > be ignored?
    >
    > Thank you.
    >
    > Jeff
     
    Lanwench [MVP - Exchange], Jul 27, 2008
    #2
    1. Advertising

  3. Barb Bowman Guest

    not broadcasting the SSID isn't any kind of security.
    MAC and IP filtering can be used in ADDITION to WPA2 (or WPA if you
    can't implement WPA2).

    firewall rules really are more for application/ports and need to be
    used for things like FTP, some games, etc.

    On Sun, 27 Jul 2008 07:28:25 -0400, ""
    <> wrote:

    >Is it really the consensus that things like
    > c) not broadcasting the SSID
    > d) MAC filtering
    > e) IP filtering
    > f) setting router firewall rules
    > etc.
    >that are available in the router settings are a waste of time and can be
    >ignored?

    --

    Barb Bowman
    MS-MVP
    http://www.microsoft.com/windowsxp/expertzone/meetexperts/bowman.mspx
    http://blogs.digitalmediaphile.com/barb/
    http://digitalmediaphile.wordpress.com
     
    Barb Bowman, Jul 27, 2008
    #3
  4. Guest

    Thank you Barb. That is what I thought but some recent comments on this
    newslist lead me to believe that MAC filtering "added little if anything",
    which is why I asked.

    I already have MAC filtering implemented in my home wlan in addition to WPA.

    I assume if one decides to implements IP filtering, it would be necessary to
    assign IP addresses to the 3 PCs in my home network instead of their present
    setting of:
    "Obtain an IP address automatically" and
    "Obtain DNS server address automatically".

    If I "assign" a specific IP address to a laptop, will it still be able to
    also connect with a wireless hotel network in a hotel room? Or, will the
    assigned IP address prevent such connections?

    Thank you.

    Jeff


    Barb Bowman wrote:
    > not broadcasting the SSID isn't any kind of security.
    > MAC and IP filtering can be used in ADDITION to WPA2 (or WPA if you
    > can't implement WPA2).
    >
    > firewall rules really are more for application/ports and need to be
    > used for things like FTP, some games, etc.
    >
    > On Sun, 27 Jul 2008 07:28:25 -0400, ""
    > <> wrote:
    >
    >> Is it really the consensus that things like
    >> c) not broadcasting the SSID
    >> d) MAC filtering
    >> e) IP filtering
    >> f) setting router firewall rules
    >> etc.
    >> that are available in the router settings are a waste of time and
    >> can be ignored?
     
    , Jul 27, 2008
    #4
  5. Lem Guest

    wrote:
    > Thank you Barb. That is what I thought but some recent comments on this
    > newslist lead me to believe that MAC filtering "added little if anything",
    > which is why I asked.
    >
    > I already have MAC filtering implemented in my home wlan in addition to WPA.
    >
    > I assume if one decides to implements IP filtering, it would be necessary to
    > assign IP addresses to the 3 PCs in my home network instead of their present
    > setting of:
    > "Obtain an IP address automatically" and
    > "Obtain DNS server address automatically".
    >
    > If I "assign" a specific IP address to a laptop, will it still be able to
    > also connect with a wireless hotel network in a hotel room? Or, will the
    > assigned IP address prevent such connections?
    >
    > Thank you.
    >
    > Jeff


    If you want to do some reading on the usefulness of SSID hiding and MAC
    filtering, see
    http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

    Yes, it would be a good idea to use static IPs if you are only going to
    permit certain IPs to have access. Don't forget to also set the default
    gateway IP address.

    For best results, change your NIC to obtain an IP address automatically
    when using a public network (like one in a hotel).

    --
    Lem -- MS-MVP

    To the moon and back with 2K words of RAM and 36K words of ROM.
    http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
    http://history.nasa.gov/afj/compessay.htm
     
    Lem, Jul 27, 2008
    #5
  6. MAC filtering will only deter the truly unmotivated or unskilled. It's
    not that hard to spoof a MAC address. That said, if you only ever expect
    to connect the same 3 machines to your wireless network then it doesn't
    hurt to implement it as a small extra hurdle.

    Just remember than when your cousin Sue comes to visit and wants to use
    her laptop on your wireless than you're going to have to log into your
    WAP and add her MAC address. So there is a bit of administrative
    overhead.

    --
    -Ben-
    Ben M. Schorr, MVP
    Roland Schorr & Tower
    http://www.rolandschorr.com
    http://www.officeforlawyers.com
    Author - The Lawyer's Guide to Microsoft Outlook 2007:
    http://tinyurl.com/5m3f5q



    "" <> wrote in message
    news::

    > Thank you Barb. That is what I thought but some recent comments on this
    > newslist lead me to believe that MAC filtering "added little if anything",
    > which is why I asked.
    >
    > I already have MAC filtering implemented in my home wlan in addition to WPA.
    >
    > I assume if one decides to implements IP filtering, it would be necessary to
    > assign IP addresses to the 3 PCs in my home network instead of their present
    > setting of:
    > "Obtain an IP address automatically" and
    > "Obtain DNS server address automatically".
    >
    > If I "assign" a specific IP address to a laptop, will it still be able to
    > also connect with a wireless hotel network in a hotel room? Or, will the
    > assigned IP address prevent such connections?
    >
    > Thank you.
    >
    > Jeff
    >
    >
    > Barb Bowman wrote:
    >
    > > not broadcasting the SSID isn't any kind of security.
    > > MAC and IP filtering can be used in ADDITION to WPA2 (or WPA if you
    > > can't implement WPA2).
    > >
    > > firewall rules really are more for application/ports and need to be
    > > used for things like FTP, some games, etc.
    > >
    > > On Sun, 27 Jul 2008 07:28:25 -0400, ""
    > > <> wrote:
    > >

    >
    > >> Is it really the consensus that things like
    > >> c) not broadcasting the SSID
    > >> d) MAC filtering
    > >> e) IP filtering
    > >> f) setting router firewall rules
    > >> etc.
    > >> that are available in the router settings are a waste of time and
    > >> can be ignored?
     
    Ben M. Schorr - MVP (OneNote), Jul 27, 2008
    #6
  7. Guest

    Lem wrote:
    > wrote:
    >> Thank you Barb. That is what I thought but some recent comments on
    >> this newslist lead me to believe that MAC filtering "added little if
    >> anything", which is why I asked.
    >>
    >> I already have MAC filtering implemented in my home wlan in addition
    >> to WPA. I assume if one decides to implements IP filtering, it would be
    >> necessary to assign IP addresses to the 3 PCs in my home network
    >> instead of their present setting of:
    >> "Obtain an IP address automatically" and
    >> "Obtain DNS server address automatically".
    >>
    >> If I "assign" a specific IP address to a laptop, will it still be
    >> able to also connect with a wireless hotel network in a hotel room?
    >> Or, will the assigned IP address prevent such connections?
    >>
    >> Thank you.
    >>
    >> Jeff

    >
    > If you want to do some reading on the usefulness of SSID hiding and
    > MAC filtering, see
    > http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx
    >
    > Yes, it would be a good idea to use static IPs if you are only going
    > to permit certain IPs to have access. Don't forget to also set the
    > default gateway IP address.
    >
    > For best results, change your NIC to obtain an IP address
    > automatically when using a public network (like one in a hotel).


    Excellent article. Thank you very much.

    Jeff
     
    , Jul 27, 2008
    #7
  8. Hi
    From the weakest to the strongest, Wireless security capacity is.
    No Security
    MAC______(Band Aid if nothing else is available).
    WEP64____(Easy, to "Break" by knowledgeable people).
    WEP128___(A little Harder, but "Hackable" too).
    WPA-PSK__(Very Hard to Break).
    WPA-AES__(Not functionally Breakable)
    WPA2____ (Not functionally Breakable).
    Note 1: WPA-AES the the current entry level rendition of WPA2.
    Note 2: If you use WinXP and did not updated it you would have to download
    the WPA2 patch from Microsoft. http://support.microsoft.com/kb/893357
    The documentation of your Wireless devices (Wireless Router, and Wireless
    Computer's Card) should state the type of security that is available with
    your Wireless hardware.
    All devices MUST be set to the same security level using the same pass
    phrase.
    Therefore the security must be set according what ever is the best possible
    of one of the Wireless devices.
    I.e. even if most of your system might be capable to be configured to the
    max. with WPA2, but one device is only capable to be configured to max . of
    WEP, to whole system must be configured to WEP.
    If you need more good security and one device (like a Wireless card that can
    do WEP only) is holding better security for the whole Network, replace the
    device with a better one.
    Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html
    The Core differences between WEP, WPA, and WPA2 -
    http://www.ezlan.net/wpa_wep.html
    Jack (MVP-Networking).

    "" <> wrote in message
    news:...
    >I get the impression from reading the messages on this newsgroup that the
    >only security settings in the router one really needs in a home wireless
    >LAN are:
    > a) change the SSID from the default
    > b) use WPA-PSK
    >
    > Is it really the consensus that things like
    > c) not broadcasting the SSID
    > d) MAC filtering
    > e) IP filtering
    > f) setting router firewall rules
    > etc.
    > that are available in the router settings are a waste of time and can be
    > ignored?
    >
    > Thank you.
    >
    > Jeff
    >
     
    Jack \(MVP-Networking\)., Jul 28, 2008
    #8
  9. Guest

    Thanks Jack. Very informative.

    Jeff

    Jack (MVP-Networking). wrote:
    > Hi
    > From the weakest to the strongest, Wireless security capacity is.
    > No Security
    > MAC______(Band Aid if nothing else is available).
    > WEP64____(Easy, to "Break" by knowledgeable people).
    > WEP128___(A little Harder, but "Hackable" too).
    > WPA-PSK__(Very Hard to Break).
    > WPA-AES__(Not functionally Breakable)
    > WPA2____ (Not functionally Breakable).
    > Note 1: WPA-AES the the current entry level rendition of WPA2.
    > Note 2: If you use WinXP and did not updated it you would have to
    > download the WPA2 patch from Microsoft.
    > http://support.microsoft.com/kb/893357 The documentation of your Wireless
    > devices (Wireless Router, and
    > Wireless Computer's Card) should state the type of security that is
    > available with your Wireless hardware.
    > All devices MUST be set to the same security level using the same pass
    > phrase.
    > Therefore the security must be set according what ever is the best
    > possible of one of the Wireless devices.
    > I.e. even if most of your system might be capable to be configured to
    > the max. with WPA2, but one device is only capable to be configured
    > to max . of WEP, to whole system must be configured to WEP.
    > If you need more good security and one device (like a Wireless card
    > that can do WEP only) is holding better security for the whole
    > Network, replace the device with a better one.
    > Setting Wireless Security -
    > http://www.ezlan.net/Wireless_Security.html The Core differences between
    > WEP, WPA, and WPA2 -
    > http://www.ezlan.net/wpa_wep.html
    > Jack (MVP-Networking).
    >
    > "" <> wrote in message
    > news:...
    >> I get the impression from reading the messages on this newsgroup
    >> that the only security settings in the router one really needs in a
    >> home wireless LAN are:
    >> a) change the SSID from the default
    >> b) use WPA-PSK
    >>
    >> Is it really the consensus that things like
    >> c) not broadcasting the SSID
    >> d) MAC filtering
    >> e) IP filtering
    >> f) setting router firewall rules
    >> etc.
    >> that are available in the router settings are a waste of time and
    >> can be ignored?
    >>
    >> Thank you.
    >>
    >> Jeff
     
    , Jul 28, 2008
    #9
  10. "" <> wrote in message
    news:...
    >I get the impression from reading the messages on this newsgroup that the
    >only security settings in the router one really needs in a home wireless
    >LAN are:
    > a) change the SSID from the default
    > b) use WPA-PSK
    >
    > Is it really the consensus that things like
    > c) not broadcasting the SSID
    > d) MAC filtering
    > e) IP filtering
    > f) setting router firewall rules
    > etc.
    > that are available in the router settings are a waste of time and can be
    > ignored?



    Yep. Pretty much exactly that. There are a couple variations of WPA,..any
    of them are pretty good.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Aug 4, 2008
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    6
    Views:
    2,604
    David {MVP}
    Aug 18, 2005
  2. Jeff

    WLAN internet security settings

    Jeff, Jan 6, 2006, in forum: Wireless Networking
    Replies:
    4
    Views:
    804
  3. Gary

    WLAN security

    Gary, Jul 21, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    453
    Duane Arnold
    Jul 21, 2005
  4. Zadecle

    WLAN security

    Zadecle, May 7, 2005, in forum: Computer Security
    Replies:
    3
    Views:
    406
    Jim Watt
    May 7, 2005
  5. Chris Mitchell
    Replies:
    5
    Views:
    12,400
    Barb Bowman
    Dec 26, 2007
Loading...

Share This Page