Someone asked me the other day how does MAC address filtering help to secure a wireless network? If you’re in a position where it would help, I argue there are other things you need to do. But I’ll explain how it works, then what I’d rather you do instead.
wpa2
Configure a Netgear R6300 as an access point
I picked up a used Netgear R6300 cheaply last week to use as an access point. Here’s how to configure a Netgear R6300 as an access point.
Best wireless security mode
What is the best wireless security mode? There are only four choices, and only one worth using, WPA2. But there are some other settings you have to use in order to make WPA2 secure.
How to set up and optimize an Asus RT-AC66U
Consumer routers drive security professionals like me crazy. I’m happy to say I finally found a router that doesn’t drive me nuts. I want you to buy an Asus RT-AC66U. I’m going to tell you why, and I’m going to tell you how to configure it. Here’s how to set up an Asus RT-AC66U and how to optimize an Asus RT-AC66U.
The settings saved on this computer for the network do not match the requirements of the network
If you replace your wireless router with another one, your Windows machines may give you a red X along with this error message when you try to reconnect: the settings saved on this computer for the network do not match the requirements of the network.
The quickest, easiest fix is to forget the network and reconnect. Here’s how to forget a network in Windows 7, and how to forget a network in Windows 10.
Why MAC address filtering doesn’t help security
The other question that came out of my recommended DD-WRT settings was why not filter MAC addresses. I hate to be flip, but MAC address filtering doesn’t help, so why bother?
The reason is because your MAC addresses are broadcast as part of the network traffic, and it’s unencrypted. So your MAC addresses aren’t any secret at all. So it doesn’t do any good. One could argue it doesn’t do any harm. But it adds an extra step every time you put something on your wireless network. Why go to the inconvenience if you don’t gain anything from it?
Why hiding your SSID makes your security worse
I got a couple of questions about my recommended DD-WRT settings, but I’m going to start with the question about why not to hide the SSID. It actually turns out that hiding your SSID is bad for you, and makes your security worse. I’ll explain.
Recommended DD-WRT settings
I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.
For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.
Build the best, most secure wifi in your neighborhood
My neighbor asked me for advice on setting up wi-fi in his new house. I realized it’s been a while since I’ve written about wi-fi, and it’s never been cheaper or easier to blanket your house and yard with a good signal.
Blanketing your house and yard while remaining secure, though, is still important.
Don’t use personal information as your wifi network name
This weekend Lifehacker advised against using things like your name and address as your wifi network name or SSID–if you’re targeted for attack, it makes you that much easier to find when your wifi name is your name or address.
When I set up a wifi network, I usually set the name to the time of day. That way the network name ends up just being a meaningless, useless number, with no clues as to who owns it, or who the broadband provider is. Clever names draw attention, and you don’t want to draw attention.
Let’s talk about two other common security measures that you probably shouldn’t do.