Wireless Security Tips
As Will said in this post, Wireless Security is essential for an efficient and reliable network. You would honestly be amazed in how many Wireless Hotspots are either badly secured or not even secured at all, I have came around 30 Hotspots in my immediate vicinity out of 52 which are badly/not secured.
In addition to Will’s handy advice, I’d like to throw in my few cents about the issue.
svA/svA2 With Radius
svA/2 with a Radius Server or Wireless Access Point Database is easily the most secure way for your Wireless network. Making it nigh impenetrable, due to individual accounts and passwords, and the fact you can throw things in like certificates which would even make the most skilled hacker cringe and sweat trying to break into your network.
Do not use WEP unless you have no other Choice.
WEP is barely security these days. Think of it as a very cheap garbage bag trying to hold lots of spiky bits, it’s going to come apart. Why? Because WEP can easily be cracked in under a minute depending on the security length of the WEP key. There are programs out there which sniff the wireless packets automatically before cracking the password, which can even let a twelve year old gain access to your network.
Hide your E/SSID
Hiding your ESSID will not prevent determined Hackers, but it can pass basically basic scans, and be a small annoyance to people trying to break into your wireless network.
It doesn’t hurt to use MAC Filtering
While Will highlights the fact that Mac Filtering can easily be overcome, not everybody can do it. It takes someone going in and after monitoring Wireless signals, spoofing(Taking the identity of) a MAC Address belonging to the actual network. However like hiding your E/SSID, It’s another annoyance, and is harder to overcome then the above. Think about it this way, you’re basically barricading your network against attacks. And each thing is a hurdle. All these things together can make your network safe as it can possibly be.
Mac filtering - sure.
MAC filtering, however, is still useless - and more effort than it’s worth.
Anyone who can crack WEP or svA, can also spoof a MAC Address.
As far as hurdles go - it’s a pretty darned low one, that’ll just make the more inexperienced trip and stumble.
True on all accounts, the fact remains through that a majority of Wardrivers/WiFi Hackers do tend to be amateurs. And if the person’s Wireless Network is rather small, it’s not too much of an effort to implement. Besides for most amateurs, spoofing a MAC address is harder then cracking WEP.
Besides, you add enough determinants, short of a few honeypots, and only a few hackers will finally overcome most of the hurdles.