Access list vs WEP

[smee]

Hi all
I have WNR854T Netgear router and was considering Channing the present setup of WEP to just have Assess list of connectible devices. Any thought on the positives vs negatives of doing this.

I'm not a security worrier so thinking that just the access list would be enough. For if someones going to hack you even 128bit WEP can still be done. And maybe removing the encryption would lessen the work of the router.

Any thougths.

Many thanks.

 

[GhostlyPea]

Neither are any good. Rubbish:

- WEP
- MAC filtering
- Hiding the SSID

Does the device support WPA/2? That is the only security measures worth using

- Pea0n

 

[smee]

I'm not trying to stop the top hacker, and think there's lot bigger fish in the sea than me. but just stoping the average user.

 

[Rainmaker]

I'm not trying to stop the top hacker, and think there's lot bigger fish in the sea than me. but just stoping the average user.

It's not so much the hacker after your details, as the paedophile/terrorist down the street who downloaded an app that can crack WEP within 5 seconds at the push of a button. Guess who'll be getting their door put off its hinges next week? (Hint: It's not the paedo/terrorist/whatever).

 

[GhostlyPea]

Then you might as well leave it as it is. The WEP key is far more convenient than using MAC filtering

- Pea0n

 

[KIA]

Rubbish security. The router supports WPA2! Use it!

 

[Skidilliplop]

I'd recommend WPA2 + MAC filter + hidden SSID + Shortening the re-authentication interval.
Still won't stop a determined hacker but it'll hopefully provide enough sequential annoyances that they'll get ****ed off and give up before they make it through them all.

 

[GhostlyPea]

I'd recommend WPA2 + MAC filter + hidden SSID + Shortening the re-authentication interval.
Still won't stop a determined hacker but it'll hopefully provide enough sequential annoyances that they'll get ****ed off and give up before they make it through them all.

Waste of time - Just use WPA2. Nothing more is needed. If they can crack your WPA2 passcode then having the SSID hidden in the first place is pointless as they have found it, MAC filtering is a waste because they will have sniffed some packets and gained a valid MAC address anyway.

Shortening the key lifetime could help but realistically still not worth it

- Pea0n

 

[Duke]

Just use WPA2.

 

[Skidilliplop]

Waste of time - Just use WPA2. Nothing more is needed. If they can crack your WPA2 passcode then having the SSID hidden in the first place is pointless as they have found it, MAC filtering is a waste because they will have sniffed some packets and gained a valid MAC address anyway.

Shortening the key lifetime could help but realistically still not worth it

- Pea0n

Maybe, never hurts to have more security than less.
Plus Access control and encryption arn't the same thing. WPA doesn't stop people you've given the WPA key to and subsequently don't want to re-connect, or wish to apply time of day restrictions to from connecting. This is something you can only do from an ACL


On some routers you can also adjust the output power to reduce the range of the router to give coverage just where you want it and not much further. whether THAT router supports it I have no idea.

 

[GhostlyPea]

Maybe, never hurts to have more security than less.
Plus Access control and encryption arn't the same thing. WPA doesn't stop people you've given the WPA key to and subsequently don't want to re-connect, or wish to apply time of day restrictions to from connecting. This is something you can only do from an ACL

Which they can easily spoof - just change the key

On some routers you can also adjust the output power to reduce the range of the router to give coverage just where you want it and not much further. whether THAT router supports it I have no idea.

Could do but again if therers WPA2 on it, waste of time - even if they could see it they cant get in

- Pea0n

 

[Skidilliplop]

Better Idea. Turn the Wifi off and just use a wire

 

[tntcoder]

Really shouldn't be arguments over this point

What possible disadvantage is there to adding high security to your network at the expense of ticking a couple of boxes, assuming your devices support it and most do.

 

[GhostlyPea]

Inconvenience and lack of necessity I wouldn't want to have to log into the router to start adding MAC addresses when a mate brings his new phone over etc. It isnt that extra security is bad, its just thats its 100% pointless in this instance. Anybody who could crack WPA/WPA2 isnt going to in any way flumoxed by a MAC filter or hidden SSID.

etc. etc. etc.

Anyway as PJ/bop says - just use a cable

- Pea0n

 

[Skidilliplop]

Really shouldn't be arguments over this point

What possible disadvantage is there to adding high security to your network at the expense of ticking a couple of boxes, assuming your devices support it and most do.

^ My thoughts exactly.

 

[tntcoder]

Inconvenience and lack of necessity I wouldn't want to have to log into the router to start adding MAC addresses when a mate brings his new phone over etc. It isnt that extra security is bad, its just thats its 100% pointless in this instance. Anybody who could crack WPA/WPA2 isnt going to in any way flumoxed by a MAC filter or hidden SSID.

etc. etc. etc.

Anyway as PJ/bop says - just use a cable

- Pea0n

MAC address filtering isn't what I meant by high security, I purely meant WPA2 and agree filtering/ssid hiding are somewhat of an inconvenience and waste of time

 

[GhostlyPea]

Aye aye

Anyway, off to the pub

- Pea0n

 

[KIA]

Pea0n speaks the truth.

 

[smee]

Aye aye

Anyway, off to the pub

- Pea0n

Think you finished this thread off with wise words