 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Mac Forum / General / Networking / April 2005Wireless security with MAC access list only
I've just set up a new ActionTec DSL modem+Wireless router using only the MAC authentication (deny all except for the list) security only. Is this sufficient, or is it easy to figure out and spoof a MAC address? The reason I turned off WEP, btw, is that one of my computers (an iMac running 10.3.8) for some reason fails to connect with the 64 bit WEP key, no matter what version of the key I type, (just the Hex, 0x or $ preceding it). The other two computers seem to work fine. Mystifies me, but there you go. It seems to me that the WEP key stuff is just a bit too complicated for mere mortals like me. Apple seems to have not got the kinks out. The connect to "other" dialog from the Airport menu and "Internet Connect" list three WEP options (WEP, WEP hex and WEP ASCII), while "System Preferences pane seem to have NO options, just type the old password here folks (who knows whether it is just the hex or 0x or $, certainly I don't). Unfortunately, I get different results depending on which dialog I use and which computer I use (all running 10.3.8 BTW). But none of them seem to get a consistent connection with my iMac. To rant a bit more, whether you get the check box to put the WEP password into your keychain seems to vary from dialog to dialog and computer to computer too.  SignatureJames Meiss <http://amath.colorado.edu/faculty/jdm> > I've just set up a new ActionTec DSL modem+Wireless router using only > the MAC authentication (deny all except for the list) security only. > > Is this sufficient, or is it easy to figure out and spoof a MAC address? I'm not going to pass judgement on what's sufficient security. I'll just tell a story. I live in a suburban development of houses on quarter-acre lots. From my deck, I can sometimes get a stronger wireless signal from neighbors than from my own base station. From my study, I can occasionally pick up a recognizable signal (surprising how many unsecured networks named Linksys there are in my neighborhood). On two separate occasions, my MacStumbler has gone nuts picking up a rapid sequence of networks, one every second or two, all on channel ten, all at the same signal strength (too weak to do me any consistent good), and each one on a different MAC address (none of the ones I checked corresponded with identifiable hardware). SignatureAF "Non Sequitur U has a really, really lousy debate team." --artyw raises the bar on rec.sport.baseball : I've just set up a new ActionTec DSL modem+Wireless router using only : the MAC authentication (deny all except for the list) security only. : Is this sufficient, or is it easy to figure out and spoof a MAC address? : The reason I turned off WEP, btw, is that one of my computers (an iMac : running 10.3.8) for some reason fails to connect with the 64 bit WEP : key, no matter what version of the key I type, (just the Hex, 0x or $ : preceding it). The other two computers seem to work fine. Mystifies me, : but there you go. Well, you're halfway there. The problem is that without WEP or WPA encoding, you are wirelessly transfering your data as clear text for any cracker to intercept even if they are not 'connected' to any of your computers. Remember this is a radio signal available to anyone with the proper receiver. If this is a 'new' router it should come with WPA as a security option. WPA is much more secure than WEP and it also configures more easily. If the wireless router does not do WPA, get another one which does. WPA is the standard for these kind of networks. Also, mark the setting to not broadcast the name of your home network; this makes it a little harder to break into. hth --Fred > : I've just set up a new ActionTec DSL modem+Wireless router using only > : the MAC authentication (deny all except for the list) security only. [quoted text clipped - 15 lines] > more easily. If the wireless router does not do WPA, get another one which > does. WPA is the standard for these kind of networks. Ah. Thanks for a clear and reasonable explanation. The ActionTec does have WPA, so I'll try that. So far it seems to work with all my computers, which is better than WEP. It seems to be the case that on the ActionTec I set the "PSK String" and then on the Macs I use "WPA Personal" with that same string as a password. The help file says to use an "alphanumeric' string of at least 8 characters. I guess that means ascii and that more is better? The ActionTec also has a "Group Key Interval" and other "enterprise" settings which the help file says to ignore if you are not a professional. Scares me off anyway. Feel free to comment... > Also, mark the > setting to not broadcast the name of your home network; this makes it > a little harder to break into. Good idea. Thanks. SignatureJames Meiss <http://amath.colorado.edu/faculty/jdm> > The help file says to use an "alphanumeric' string of at least > 8 characters. I guess that means ascii and that more is better? Yes, and non-dictionary terms are much preferred. "Ophtalmology", evven though difficult and long, is much less difficult to crack than kS5lp76 or some such. Also, there is AFAIK no problem using punctuation marks and "extended " characters like é, å, etc. Signature/Z Remove NOT..INVALID to email ... : It seems to be the case that on the ActionTec I set the "PSK String" and : then on the Macs I use "WPA Personal" with that same string as a : password. The help file says to use an "alphanumeric' string of at least : 8 characters. I guess that means ascii and that more is better? IIRC the max is 32 characters. Use as many as you can remember. What I do is use a very good 8-place pw and them fill in the rest of the 32 with things I can remember. I end up with somethng like: goodpswdnetworknamemystreetname and I munge a few of the filler characters just for good measure. : The ActionTec also has a "Group Key Interval" and other "enterprise" : settings which the help file says to ignore if you are not a : professional. Scares me off anyway. Yes, you want the personal setting. Don't try to mess with the professional or enterprise settings because they require password server, which you don't have. --Fred > I've just set up a new ActionTec DSL modem+Wireless router using only > the MAC authentication (deny all except for the list) security only. > > Is this sufficient, or is it easy to figure out and spoof a MAC address? It's easy to figure out and spoof a MAC address. > The reason I turned off WEP, btw, is that one of my computers (an iMac > running 10.3.8) for some reason fails to connect with the 64 bit WEP [quoted text clipped - 17 lines] > password into your keychain seems to vary from dialog to dialog and > computer to computer too. SignatureAlan Baker Vancouver, British Columbia "If you raise the ceiling 4 feet, move the fireplace from that wall to that wall, you'll still only get the full stereophonic effect if you sit in the bottom of that cupboard." |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.