There have been lots of articles lately that explain how to secure a wireless network. Most of this articles contain at least one measure that is not enhancing security at all. This does not neccessarily mean that it is lowering the security on the other hand though. Let us take a look at the six dumbest ways to secure a Wireless Lan.
1. Mac Filtering
Mac Filtering does not protect against the forgery of a mac address, which is terribly easy using a network sniffer. It still could be a valuable line of defense against neighbours and kids who are only able to push buttons and donĀ“t understand the concept.
2. SSID Hiding
This is hiding SSID beaconing on the access point while four other mechanisms are able to broadcast the SSID.
3. LEAP Authentication
It relies on its users and their passwords. LEAP requires strong passwords to be relativly secure and we all know about the passwords of normal day users.
4. Disable DHCP
DHCP allows the automatic assignment of IP addresses. If you disable it you have to assign all IPs manually. It is not taking longer than 10 seconds to figure out the IP scheme of any network and assign the own IP address.
5. Antenna Placement
This is pretty useless as well, telling everyone to move their antenna in the midth of the room and running them with little power. The antenna of the access point is not the only factor that determines if it can be reached, the antenna of the client is also a factor. What if the hacker has a bigger antenna that still reaches your access point ?
6. Just use 802.11a or Bluetooth
This has nothing to do with security, those are just different standards.
Related posts:
- How to Secure your Wireless Network
- Protect your Wireless Lan
- Wireless Security: Attacks and Defenses
- Building a better Password
- 20 Minute Guide to Pc Security
- Network Security Software Bothunter
- Easy Debian Wireless Connections with Wifi-Wiz
- Pure Networks Security Scan
Mac filtering is just a waste of time as is SSID hiding and disbling DHCP.
Even though no single technique will keep anyone out, I try to use 5 or 6 at a time so that, although still possible to break, it will deter the majority of “War Drivers” who can easily hop on to my next door neighbor’s network with little to no work at all. belive me ;)
I live in a small town in Alaska that is just on the outskirts of Anchorage. None of the permenant residents have the vaguest idea of how to even use a computer, so I turn on MAC filtering and check the logs every once in a while to make sure that there is nothing funky. If I lived in a big city, I would be using very different tactics.