MAC control vs. WEP/WPA

[akers]

I have been using MAC control, WAN Ping Blocking and SSID Broadcast turned off to secure my wireless network. Can someone give me the pros and cons of this solution instead of WEP/WPA or other types of encryption.

Thanks in advance to all the really smart folks out there.

 

[Crusty]

None of those are really effective at all.

Changing a MAC address on a wireless card can be done completely in software without even rebooting the computer.

WAN ping blocking will only affect computers on the outside not being able to ping your public interface on your router.

Even if you aren't broadcasting your SSID, wireless cards can still associate with your wireless AP.

In short, you aren't protected at all by only using those 3 features. Your data is still completely unencrypted and anyone running a packet sniffer can see all of your traffic that is traversing your wireless network.

If you want to be secure, you need encryption. WEP is the basic form and is completely crackable. For all intents and purposes I would never ever use WEP. WPA-PSK using AES is currently the best security you're going to get on the consumer side of things.

Make sure you use a strong password for your pre-shared key and you'll be good to go.

 

[spidey07]

MAC filtering is useless as the addresses can be changed and are sent in the clear, unencrypted. No broadcasting SSID is also useless as it's trivial to get the SSID and can cause trouble with clients.

WPA2 with AES encryption and a strong, complex password of 12 digits or more and nobody is getting on your network or reading your data.

Without any encryption like you have now everything you do can be read and captured.

 

[akers]

Thanks guys, that was an eye opener. My IT guru coworker is not as sharp as I thought he was.

Follow-on question. I installed an Intel Ultimate-N 6300 AGN network card in my laptop. I want to replace my old Belkin Pre-N router to get the most out of the 6300 that I can. I would like dual band and the ability to attach a network drive. Printer support would be nice but not essential. Any suggestions?

Thanks again.

 

[Emulex]

read small net builder - you need to understand the limitations of the 3x3 devices and band to get the max performance.

 

[nickbits]

mac filtering is effective against "casual users" from leeching your connection but not much else

 

[akers]

Thanks for all the help. I just picked up an Asus RT-N56U at Frye's for $130. I based my decision on the great review on small net builder. I will be using all the security features it offers and as a bonus, one USB port for a hard drive and the other for a printer (I can finally retire my old Belkin wireless print server.) Worked out great.