[TriLUG] OT: best home wireless router?

Jim Tuttle jjtuttle at trilug.org
Tue Jun 16 12:02:32 EDT 2009 

Kevin's advice is spot-on.  Maintaining the list of MAC addresses is a
pain and provides no security.  It became clear to me after having
several friends over and having to add them to the list of known hosts.
 Hiding the SSID is funny, too.  Have a look at kismet, the network
sniffer, and you'll quickly realize that MAC addresses and hidden SSIDs
are a waste of time.

Jim



Kevin Hunter wrote:
> At 2:50pm -0400 on Mon, 15 Jun 2009, David Matusiak wrote:
>> I'd like to tap the collective intelligence of TriLUG and seek advice on a
>> new home wireless access point.  My vintage Linksys is still going strong,
>> but I'd really love to have a whitelist for known friendly MAC addresses. 
>> I'm pretty sure this is a common feature these days, but I'm more
>> interested in what new whiz-bang things are out there that I don't know
>> about.
> 
> I, too, like Linksys.  On the other hand, it's the first one I got, and
> I got the coveted 3.x version.  Here's to primacy of learning!
> 
> Two thoughts:
> 
> 1. Have you already installed new firmware on your current Linksys? Most
> post-factory firmware already has the features you mentioned.  Firewall:
> check.  MAC address "security": check.  Internal network routing: check.
> My current favorite firmware is Tomato.  Ask Alan Porter to tell you
> more about it.  (You're welcome, alpo!)
> 
> 2. Depending on how much of a security nut you are, let me caution you
> against using "known friendly MAC addresses."  At best you keep the
> computer-noobs and honest folks from your router.  At worst, you think
> you're secure, and the clever crackers have mimicked a MAC address that
> works.  Worse, this method doesn't scale if you want to let any friends
> use your router when they visit.  You have to manually keep the MAC
> address list up-to-date.
> 
> This also means that any traffic on your internal WLAN is openly
> broadcast.  Not a big deal if you're sole setup is individual computers
> talking to the net, but you want to transfer docs between computers on
> the WLAN, that is openly transmitted.
> 
> The better suggestion is to use WPA2 encryption.  As far as I'm aware,
> the only known crack is a brute force method, which takes a LONG time,
> for any decent length and randomish password (>10 characters).  This
> encrypts internal communication, lets you easily tell your friends the
> password, and you don't have to worry about keeping the MAC address list
> up-to-date.
> 
> (Further note: don't hide the SSID either.  Other security issues
> involved with that one, and it does little more than maybe slow a real
> cracker down.)
> 
> Cheers,
> 
> Kevin
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20090616/aa73d6d4/attachment.pgp>

More information about the TriLUG mailing list