Someone asked me the other day how does MAC address filtering help to secure a wireless network? If you’re in a position where it would help, I argue there are other things you need to do. But I’ll explain how it works, then what I’d rather you do instead.
What is the best wireless security mode? There are only four choices, and only one worth using, WPA2. But there are some other settings you have to use in order to make WPA2 secure.
Consumer routers drive security professionals like me crazy. I’m happy to say I finally found a router that doesn’t drive me nuts. I want you to buy an Asus RT-AC66U. I’m going to tell you why, and I’m going to tell you how to configure it. Here’s how to set up an Asus RT-AC66U and how to optimize an Asus RT-AC66U.
The other question that came out of my recommended DD-WRT settings was why not filter MAC addresses. I hate to be flip, but MAC address filtering doesn’t help, so why bother?
The reason is because your MAC addresses are broadcast as part of the network traffic, and it’s unencrypted. So your MAC addresses aren’t any secret at all. So it doesn’t do any good. One could argue it doesn’t do any harm. But it adds an extra step every time you put something on your wireless network. Why go to the inconvenience if you don’t gain anything from it?
I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.
For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.
My neighbor asked me for advice on setting up wi-fi in his new house. I realized it’s been a while since I’ve written about wi-fi, and it’s never been cheaper or easier to blanket your house and yard with a good signal.
Blanketing your house and yard while remaining secure, though, is still important.
This weekend Lifehacker advised against using things like your name and address as your wifi network name or SSID–if you’re targeted for attack, it makes you that much easier to find when your wifi name is your name or address.
When I set up a wifi network, I usually set the name to the time of day. That way the network name ends up just being a meaningless, useless number, with no clues as to who owns it, or who the broadband provider is. Clever names draw attention, and you don’t want to draw attention.
Let’s talk about two other common security measures that you probably shouldn’t do.