topic Re: WiFi Security in Tech Help - Software/Hardware etc

WiFi Security

10 — Tue, 11 Feb 2020 12:18:46 GMT

I have a problems with outsiders trying to attach to my WiFI network, there is a path outside our house and a seated area where people often stop for lunch, there thay try to attach, my router 'sees' them, and refuses access as the password is wrong all attempts at access are logged which takes up router time.

What I'd like to do is:-

1) Hide the SSID broadcast.

2) Set the security to 'None'

3) Invoke Mac address filtering so only pre-coded Mac addresses will be allowed access.

Anyone have any thoughts?

Re: WiFi Security

VileReynard — Tue, 11 Feb 2020 13:46:32 GMT

Then you will have zero security.

Hiding the SSID broadcast doesn't stop outsiders seeing it - how do you think your wifi devices know what SSID they are connecting to?

It is easy to spoof MAC addresses.

If you switch off security then everyone could log all your unencrypted clear text.

Re: WiFi Security

Baldrick1 — Tue, 11 Feb 2020 16:26:13 GMT

@10

Hiding the SSID might fool some devices. However I don't know if this is possible with Plusnet hubs. I know you can on some Asus devices. However 'hidden' networks still show up on WiFi sniffer apps.

Turning off security makes no sense whatsoever.

I doubt that your bandwidth is being significantly impacted by these attempts at theft.

Re: WiFi Security

198kHz — Tue, 11 Feb 2020 18:41:21 GMT

Agreed on all points with previous answers.

As long as it's WPA2 with a strong password I don't see a problem.

Re: WiFi Security

idonno — Wed, 12 Feb 2020 17:43:49 GMT

I don't use a hub (TP-Link router /Fritz!Box) and use mac filtering for everything - I run a white list. Even if they got the password, if they aren't on that white list, still no connection. I don't run a guest network either. Bit of a pain when people come visit/stay but it does mean I have control of who connects and who doesn't. Hiiding the SSID simply shows up as hidden round these parts but showing it I don't think it makes much difference to be honest. No security is exactly what it says on the tin....NO security i.e. open house, all hours......... Good luck on that one.

If the Hub doesn't do what you want, you need to spend some money on a better router.

Re: WiFi Security

VileReynard — Wed, 12 Feb 2020 20:47:22 GMT

That MAC address security is cumbersome and doesn't protect you against a semi-serious attack.

https://linuxconfig.org/how-to-gain-access-to-a-mac-whitelist-wifi-network

BTW, I haven't tried this out. 😀

Re: WiFi Security

bobpullen — Wed, 12 Feb 2020 21:50:24 GMT

@10 wrote:

What I'd like to do is:-

1) Hide the SSID broadcast.

2) Set the security to 'None'

3) Invoke Mac address filtering so only pre-coded Mac addresses will be allowed access.

Anyone have any thoughts?

Others have already said it, but throwing my hat into the ring - It's a bad idea.

Re: WiFi Security

idonno — Thu, 13 Feb 2020 18:20:00 GMT

@VileReynard wrote:That MAC address security is cumbersome and doesn't protect you against a semi-serious attack.

As it says in the comments..... "The reality here is these instructions would have been valid in 2013 but we are 2017".

Even so It would have been overkill years ago for what I use the internet for and we certainly don't have park benches where people can spend hours loitering around trying to connect. 😃

Re: WiFi Security

VileReynard — Thu, 13 Feb 2020 19:42:36 GMT

The beef of the commenter was that the instructions use old varieties of software (but still commonly used) when people should be using newer varieties.

Didn't say the old software isn't still distributed...

But the point is that captures are interpreted using MAC addresses - which cannot be encrypted as these specify source and destination devices within the LAN. No TCP/IP addresses are required.

So if you know a whitelisted MAC address (which you do) you can connect (no password) to the network.

For genuine security from semi-casual connections, scrap wifi and use ethernet cabling.

Re: WiFi Security

7up — Fri, 14 Feb 2020 10:33:03 GMT

@10 wrote:

What I'd like to do is:-

1) Hide the SSID broadcast.

2) Set the security to 'None'

3) Invoke Mac address filtering so only pre-coded Mac addresses will be allowed access.

Anyone have any thoughts?

My thought is that you must like drama..

Why would you want no security after admitting you're getting people trying to connect to your network? - You're utterly nuts to want to give them an open door.

Mac addresses can be spoofed. Okay yes you'd need to be pretty serious about attaching to that network but there are people out there that look like you and me who will happily do so. They don't actually go around dressed like white wizards wearing a special hackers hat.