[NTLK] Mac Fitering And Encryption

Ed Kummel tech_ed at yahoo.com
Fri Mar 23 01:27:48 EDT 2012


I keep outsiders from my wireless network by using two tools.
Monowall is my primary router
And a radius server. Of course, this is a bit much for most people, but for me, I have over 30 devices hooked up to my network at any given time, and while I do run a split network (server traffic is offloaded onto it's own network) the extra security of a RADIUS server gives me peace of mind...and once it's set up, it just sits quietly on the network and minds everybody's business to make sure everything's secure!!

Ed
web/gadget guru
http://newton.tek-ed.com (download Newton packages)
 
------------------------------------------------------------------------
"I believe that banking institutions are more dangerous to our liberties than standing armies..."
      Thomas Jefferson



________________________________
 From: Terence Griffin <terence.griffin at nist.gov>
To: "newtontalk at newtontalk.net" <newtontalk at newtontalk.net> 
Sent: Thursday, March 22, 2012 2:12 PM
Subject: Re: [NTLK] Mac Fitering And Encryption
 
How about reserving DHCP and limiting local IP address? Does that help 
keep outsiders off?


On 03/22/2012 01:10 PM, Jeremy O'Brien wrote:
> On Wed, Jun 15, 2011 at 04:37:55PM +0000, ssgconway at juno.com wrote:
>>    My WEP experience has been, as far as I know, good, security-wise.  Visitors who ask to get on-line have to be added to the MAC Address list or they cannot get on.
> Both are false. If someone wanted to get on your network, your WEP key
> can be cracked within _minutes_, and MAC address whitelisting is useless
> if you have at least one authenticated client on your network. The MAC
> address that the OS sends when it does its authentication is completely
> handled in software, and can be changed very easily. So all an attacker
> has to do is clone an authenticated clients' MAC address and boom, he's
> on.
>
> If I were parked outside your house and all you had was WEP and MAC
> address filtering, I could be on your network in 5 minutes tops.
>
> Not trying to hate, just trying to spread awareness of the _extreme_
> insecurity of WEP and the ease of breaking it and MAC address filtering.
>
> If you're actually concerned about your wireless security, at least use
> WPA2. Otherwise, you might as well be running an open network.
>
> Jeremy
>
> ====================================================================
> The NewtonTalk Mailing List - http://newtontalk.net/
> The Official Newton FAQ     - http://splorp.com/newton/faq/
> The Newton Glossary         - http://splorp.com/newton/glossary/
> WikiWikiNewt                - http://tools.unna.org/wikiwikinewt/
> ====================================================================


==================================================================== 
The NewtonTalk Mailing List - http://newtontalk.net/
The Official Newton FAQ     - http://splorp.com/newton/faq/
The Newton Glossary         - http://splorp.com/newton/glossary/
WikiWikiNewt                - http://tools.unna.org/wikiwikinewt/
====================================================================


More information about the NewtonTalk mailing list