Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Will the real Wireless security procedure please stand up?


25 Jun 2011   #1

 
 
Will the real Wireless security procedure please stand up?

When I set up my (only on when needed) wireless network, I researched many tutorials, security schemes and 'expert' opinions. So how can it be that what some say are essential steps to truly securing your wireless network, others say are myths and, in fact, detrimental to security?

Having read the information at the links provided, I've come to believe the latter.

First, a tutorial on these forums:

Wireless Security: How To Protect Your Network

Note the recommendations to disable SSID broadcasting, use MAC filtering and turning off DHCP.

Even Linksys endorses some of these practices:

Linksys | Learning Center

Now read the information at these links (below). They not only contradict these methods, but condemn them as 'security suicide':

The six dumbest ways to secure a wireless LAN | ZDNet

Wireless LAN security guide - By George Ou

How to break MAC filtering (wifi security)

MAC filtering seems to be the largest security vulnerability here...It seems that any MAC address entered in the permit filter is automatically allowed in...no password authentication required!(?) With the right freeware, anyone can determine your MAC address and spoof it. One article analogizes this to using an ID card which anyone can steal and walk right in the front door with no one to stop them.

One wonders, if the 'accepted' practices of filtering, SSID disabling, etc are so detrimental to security, why do thes "myths" continue unabated?

I myself have disabled MAC filtering. SSID broadcast disabling doesn't seem to be a large issue, so I'll wait to re-enable that when more data is in.

Not mentioned yet is a strong password. This may be the best defense, coupled with a strong security protocol (such as WPA, WPA2) and encryption. Is there more?

I'd be interested in hearing form the security experts amongst us. Any other links or information (on wireless or CAT5 networks) are very welcome!

James


My System SpecsSystem Spec
.

25 Jun 2011   #2

Windows 8.1 Pro (x64)
 
 

Use both MAC Filtering and a strong Password. The SSID doesn't matter, it won't have an impact on security one way or the other. Turning off or on DHCP will not affect security. DHCP just manages handing out IP addresses (and other network information) so you don't have to do it manually.

But yes, use both MAC filtering and a strong Password/Encryption the strongest your Wireless Hub/Card can support.
My System SpecsSystem Spec
25 Jun 2011   #3

 
 

Quote:
use both MAC filtering and a strong Password/Encryption the strongest your Wireless Hub/Card can support.
But doesn't MAC filtering leave one susceptible to MAC spoofing? From what I've read (and admittedly, this doesn't seem clear), MAC filtering authenticates a MAC address and thus does not require the password. Is this correct?
My System SpecsSystem Spec
.


25 Jun 2011   #4

Windows 8.1 x64 x3 + Windows 10 Preview
 
 

The way I understand this to work is that if using mac filtering you must be on the allowed list and enter the password - this is the way it has always worked on the many different routers that I have used in the last 30+ years.

as for the non display of the SSID this is a simple but effective security system - If a potential hacker cannot see the network as existing then they are less likely to try to hack it
My System SpecsSystem Spec
25 Jun 2011   #5

 
 

Quote   Quote: Originally Posted by Barman58 View Post
The way I understand this to work is that if using mac filtering you must be on the allowed list and enter the password - this is the way it has always worked on the many different routers that I have used in the last 30+ years.
Hi Barman,

That's the way it should work, but in my readings, there seem to be vague implications, but nothing that outrightly states that permitted MACs must also use pw authentication. Seems a no-brainer, but I'd really like to see a definitive statement on the matter rather than set up wireless networks only to find out later that I left a gaping security hole. I just can't seem to find an authorative article plainly stating that (likely) reality.

Quote:
as for the non display of the SSID this is a simple but effective security system - If a potential hacker cannot see the network as existing then they are less likely to try to hack it
That's what I thought, until I found this MS article last night (incidentally, I have SSID set to hidden, also MAC filters and strong, strong password and encryption passphrase):

Non-broadcast Wireless Networks with Microsoft Windows
My System SpecsSystem Spec
25 Jun 2011   #6

Windows 8.1 Pro (x64)
 
 

Quote   Quote: Originally Posted by James Colbert View Post
That's the way it should work
It comes down to how you configure it and if your hardware allows you to do. Having both MAC Filtering and a strong password is security in depth. However, as far as I know all of them support MAC Filtering and Passwords because that Password is part of the encryption key. Without it the encryption will fail. And no the Wireless HUB never sends the full-encryption key to any computer.

Now as for SSID, you only are hiding one part of it. There are several ways to actually see a wireless network. Just because it doesn't broadcast an SSID does not make it invisible. Any serious attacker will get around that in a jiffy.
My System SpecsSystem Spec
25 Jun 2011   #7

Windows 8.1 x64 x3 + Windows 10 Preview
 
 

All that anyone can do with regards to data security is to assess the level of protection applied, potential loss involved and likelihood of attack. No system is 100% secure all we need to do is make the system more difficult to break than the next persons system, so that the hacker movs on to the easier target.

Home users are unlikely to be targeted directly by the professional hacker, the potential return is just not there. It is more likely that the security discussed here will deter the casual opportunist looking for free wireless access, (these are unlikely to be using network sniffers,in any case).

The use of limited accounts protected with secure passwords at the file level, firewalls, and the best available wireless security should suffice to prevent all but the most determined attack.

in a business environment the stakes are higher as is the likelihood of attack, and then the more advanced systems are viable. I have worked with systems where all data drives were physically removed from site outside of working times, so the security levels can vary tremendously.
My System SpecsSystem Spec
25 Jun 2011   #8

 
 

Thanks Barman and logicearth. I appreciate the input. I'm going to play around with some neighbors wireless networks (with permission, of course ) just to see what I come up with. I'll post back if anything of interest is discovered.

James
My System SpecsSystem Spec
28 Jun 2011   #9

 
 

Just updating for those who may turn up this thread in google...as mentioned, mac filtering is an additional layer of security rather than a free pass in for spoofers (i.e., passphrase still necessary).

Here is a pretty good primer on wireless security:

Wireless Wi-Fi network security tutorial 101 (part 1)

Note that it is 4 parts. The link to part two is near the end of the article, with subsequent links in subsequent parts.

Here also is a link to the Technologies branch of this site, which contains a lot of good info:

Technologies (IT & IS)

James
My System SpecsSystem Spec
Reply

 Will the real Wireless security procedure please stand up?




Thread Tools



Similar help and support threads for2: Will the real Wireless security procedure please stand up?
Thread Forum
Solved Wireless Security Network & Sharing
Wireless indicator drops to 4/5 even if real signal is 5/5 Network & Sharing
Solved How to Permently Disable Microsoft Security Essentials Real time prote System Security
Chrome OS: Will the real (potential) user please stand up? Chillout Room
Will the 'real' Windows 7 testers please stand up? Chillout Room
Will the 'real' Windows 7 testers please stand up. News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:33 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33