Why MAC address filtering doesn’t help security

The other question that came out of my recommended DD-WRT settings was why not filter MAC addresses. I hate to be flip, but MAC address filtering doesn’t help, so why bother?

The reason is because your MAC addresses are broadcast as part of the network traffic, and it’s unencrypted. So your MAC addresses aren’t any secret at all. So it doesn’t do any good. One could argue it doesn’t do any harm. But it adds an extra step every time you put something on your wireless network. Why go to the inconvenience if you don’t gain anything from it?

Read more

Recommended DD-WRT settings

Recommended DD-WRT settings

I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.

For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.

Read more

How to be a hero next Christmas (or your next family get-together)

My mother in law didn’t have wifi set up, but she picked up a smart TV this year, so she asked me if I could help her with it. So I picked up a D-Link DIR-615 on sale, brought it with me and set up wi-fi securely (hints: set the SSID to whatever time it happens to be, disable WPS, disable WEP and WPA, and use WPA2 with a long password with some numbers and symbols in it) and once it seemed to be working right, I put her TV and laptop on it. Then, as other relatives trickled in, they asked me for the wireless key. Soon the air was full of Androids and Apples chattering away on wireless.

Read more

Things I wish everyone knew about home computer security

I’m a security professional by trade, with two certifications. I’m not responsible for defending your computer networks, but I want your networks to be secure. There’s a really simple reason for that. If your computer and your network is secure, then it isn’t attacking mine. Or anyone else’s.

Several fellow subscribers to a train-related interest group that I like got hacked recently, and have been sending out spam messages. They’ve received a lot of advice in the hours since. Some of it has been good, and some not as good. So I tried to think of some things that people could do in about 30 minutes to keep the crooks at bay.

Incidentally, the computer crooks won’t be going away. Computer crime happens because the criminals can make more money doing that than doing something legal. The only way to make it stop is to make it too hard, so that getting a real job becomes more profitable. You won’t solve that problem in 30 minutes, but if we all take that single step down that road, we’ll make the world that much safer. So, with that, let’s roll up our sleeves. Read more

Doc, what security settings are you using on your network?

A reader who will remain anonymous (he can out himself if he wishes) sent me an interesting observation. He was in his doctor’s office last week, and out of curiosity, he ran a wifi scanner on his phone just to see what networks were available and how they were secured.

What he saw wasn’t pretty. Especially considering he was in a building full of doctors, lawyers, and financial advisors. Read more

Securing wi-fi isn’t about price gouging

The so-called wi-fi golden era is over, and apparently being glad about it makes me an absolutist.

But John C. Dvorak is wrong. This isn’t about making people pay for Internet access. It’s pure security. Toilets and drinking fountains are free because the majority of people don’t abuse them. The Internet can’t be wide open and free like a public restroom because when it was totally wide open and free in the 1990s, too many people abused it. Read more

How to make a DMZ with two routers

I’ve alluded in the past to why it’s a good idea to make a DMZ with two routers, but I’ve never gone into depth about how and necessarily why to do it.

If your ISP gave you a combination modem/switch/access point/router and it only supports 100 megabit wired and 54-megabit (802.11g) wireless and you want to upgrade to gigabit wired/150-meg (802.11n) wireless, here’s a great way to make the two devices work together and improve your security.

Read more

How I secured my new wireless router

For the first time ever, I actually have a wireless router that can cover my whole house. I’ve been interested in wireless security for a long time, but haven’t actually had to do much with it because I wasn’t running any wireless networks at home.

I spent a few minutes securing my network after I got it up and running. I talked at rather long length about that in the past, but on a really practical level, here’s what I did in a mere 10 minutes that will make a big difference.

Read more

How to secure your wi-fi router

It’s not enough to know what to look for in a router. I wanted to get some solid advice on wi-fi network security. Who better to give that advice than someone who built an airplane that hacks wi-fi? So I talked to WhiteQueen at http://rabbit-hole.org, the co-builder of a wi-fi hacking airplane that made waves at Defcon.

Hacker stereotypes aside, WhiteQueen was very forthcoming. He’s a white hat, and I found him eager to share what he knows.

Read more

WordPress Appliance - Powered by TurnKey Linux