Will enabling mac address filtering be better than wpa?

[Wheatmaster]

i have that option on my belkin router and i believe that feature is easy to use than wpa?

 

[8ballcoupe]

I think you should use both MAC address filtering and WPA. WPA is not hard to use -- certainly no harder to set up than MAC address filtering. Anyway, I doubt seriously that anyone is going to suggest that MAC addy filtering is "better" than WPA. WPA is easy-to-use encryption. I imagine that you should be using TKIP pre-shared key with your setup. (I'm assuming here that your wireless client is WPA-capable.)

Ernie

 

[spamcop]

Originally posted by: Wheatmaster
i have that option on my belkin router and i believe that feature is easy to use than wpa?

I agree with Ernie, use both. MACs are easily spoofed. Someone would likely be more than just casually interested in your network to try to pop both WPA & MAC filtering. If you are really paranoid (not a bad thing), look into tunneling everything over IPSEC pipes. Then block everything that is not a tunnel. The bandwidth takes a hit, but at least your connection would only them be subject to spectrum management issues (RF-DOS).

 

[Rainsford]

Defense in depth is always better than not, at least as far as security goes. Using WPA (encryption) and MAC filtering is better than one or the other by themselves. However, WPA is far better than MAC filtering if you want to use one or the other. WPA fixes many of the problems with WEP and I am not aware of any quick way to crack WPA if it is used with TKIP, and even more so if it is used with AES (your hardware has to support this).

To sum it up, I would NEVER just used MAC filtering with encryption because on an unencrypted wireless network, picking your "approved" MAC addresses out of the air is trivial for an attacker who can then change their's to match your approved one, thus allowing them complete access to your network. Contrast this with WPA where the attacker needs to know the encryption key and, as far as I know, the algorithm (whether TKIP or AES) is designed not to reveal the key in any way.