Question

Locked

Wireless Security - mac filtering and static IP address

By rafdiazb ·
I have a wireless network, I'm using mac filtering and statics IP addresses to secure my network. So when I need to add a new computer to the network I assign it a static IP address and also add the mac address at the AP's mac filtering list. So, unknown users need to know my IP range to have access.
Is this enough to secure my wireless network?
Do I need WEP/WAP security?
Using static IP addresses is a good idea?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Static vs Dynamic

by dhuffine In reply to Wireless Security - mac f ...

A few suggestions I can make on this matter:

1. Whether its Static or DHCP, just remember not to use the default or stand ranges, such as 192.X.X.X make something up.. Using like 10.X.X.X is a good idea, but a pretty common one too.

2. Setting up Static is not a bad idea, but I don't know that its any more "secure" than DHCP, I'm not an expert on that but it sounds like more of an opinion based thing to me. If anything I've found Static to be a pain when it comes to waiting for the communication to wake up.

3. Setting up WEP/WAP is always a good idea, I use it at home and its so good that half the time I can't even get into my own network cause I can't remember the god awful long password.

4. Filtering MAC address also gives you a great boost in security.

You can also concider setting up a limitation on connecdtions. Not sure what type of router you have but i have a crappy cheap Belkin wireless router, and I can set the number of connections, settup wep, configure mac filtering.

doing all three gives you 3 times the security. Its never a bad idea.

to be honest though, i don't believe static is any more secury than DHCP. If your running WEP, and they don't know your code, then they cannot connect regardless as t what they set there IP address to.

I believe there are packet sniffers out there that will pick up the lan address any how, so again WEP Is a good idea. But Mac Filtering is pretty secure as well, unless its possible to change your MAC address, and I don't know that this would help any how.

Collapse -

something to consider

by CG IT In reply to Static vs Dynamic

here's a link to crack WEP encryption

http://sourceforge.net/projects/wepcrack/

From what is out there, someone intent on getting into a network can crack WEP encryption in about 10 minutes.

WPA is the now secure wireless encryption.

MAC address filter is good, but again, someone who wants to make an effort to get in can get the MAC adress.

Static and Dynamic addressing doesn't provide any security as far as denying someone access to the network. Like MAC addresses, someone intent on getting in can get the LAN address and spoof that their machine is a machine on the LAN and on the MAC filter list.

Collapse -

Oye

by dhuffine In reply to something to consider

A crack for WEP, never came across that before. good Info thanks! I'll have to take a look at this a bit.

Well whats the true end result? No computer is truely safe unless all network traffic is halted

Collapse -

WPA or WPA 2 if supported would be better

by OH Smeg In reply to Wireless Security - mac f ...

It all depends on what you have to work with and also you need to constantly update the Firmware as it becomes available. This is assuming that you are using a Router for security.

Also make sure that you change the default Password to something you can remember and use or all the security that you put in place will be for nothing.

You may find this Discussion on WiFi Access on Unsecured Access Points interesting, not so much for security issues but for the mindset of people out there who think that they have a right to use these for their own ends

http://tinyurl.com/2qbyzr

Apparently some people think that they have a God Given Right to log onto Open WiFi Points and if it has minimal Security to Break what Security there is just to show that it wasn't secure in the first place.

Col

Collapse -

My two cents

by Nonapeptide In reply to Wireless Security - mac f ...

My Two Cents

I've been interested in this topic for a little while now, but it was an article by Tech Republic's own George Ou ( http://blogs.techrepublic.com.com/Ou/?p=454 ) that solidified this opinion of mine: All wireless security procedures that do not use WPA / WPA2 are virtually useless and waste a system administrator's valuable time.

In my opinion, IP / MAC address filtering takes time away from a system administrator that could be better spent on other tasks and doesn't offer any substantial benefits. They offer virtually no security. IP addresses and MAC addresses can be sniffed and subsequently spoofed by anyone who knows how to use Google and double-click an .exe file.

WEP, as CG IT mentioned, can be cracked in mere minutes. An individual doesn't need to be particularly talened to crack WEP either. Google, an .exe and 10 spare minutes will get someone on your wireless network.

As George Ou mentions in the above article, other "security" measures such as masking your SSID and lowering the power of your antenna are also virtually useless. That I am aware of, there are only two legitimate advantages that these inferior security measures will give you: It prevents the clueless wi-fi thief from stealing bandwidth and it shows proof of an attempt at privatizing the WLAN which allows you to prosecute an unauthorized user in the event that a case makes it to court. However, consider that WPA2 will give you those same two benefits along with a very solid encryption method that, as long as you create a decent Pre Shared Key, should withstand any attempt at cracking it.

But, better to read Mr. Ou's article. Also, do a search for his wireless articles for more good info on the topic: http://search.techrepublic.com.com/index.php?q=wireless+security+%22george+ou%22

One more article, this one concerning wireless security and VPNs: http://blogs.techrepublic.com.com/Ou/?p=489

In summary (and to echo OH Smeg's advice): I would suggest saving yourself some time and administrative overhead and implementing WPA2 (make sure that your access point and client machines support it first! :) ).

Edited for grammar

Back to Software Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums