IT folks please take my survey on Wireless Security

[SHIFT_COUPE]

If you do anything IT related or if you have experience with WiFi routers or access points please take my survey. I need more data!

This is for a graduate level information security class so data is very important. If you are not familiar with the topics then kindly exit the survey.

Your help would be awesome


http://www.surveymonkey.com/s/YB39HVC

[hitbychance]

done!

[MinisterofDOOM]

Taken. I've got a simultaneous multi-band router, so I use different encryption standards for different bands.

[Towncivilian]

Taken.

IMO, MAC address filtering is a waste of time. MAC addresses are easy to spoof, and it can create headaches for the network owner when friends' devices try to connect (unless of course there is a separate guest network).

[Dattebayo]

Done. That was a pretty good run of all the involved issues and options, good job.

There was no mention about frequencies, channels or bands, tho. Also nothing about WDS, signal repeating or broadcast mediums. (Just attempting to help)

[MinisterofDOOM]

Taken.

IMO, MAC address filtering is a waste of time. MAC addresses are easy to spoof, and it can create headaches for the network owner when friends' devices try to connect (unless of course there is a separate guest network).

Absolutely agreed. MAC filtering is far too tedious to justify any benefits. I hate that many universities depend on it for access regulation. It makes using multiple devices on campus a nightmare.

[SHIFT_COUPE]

MAC address filtering is garbage. I'm glad you guys recognize that. Many don't, which is a shame. There are other alternatives to authentication that work far better. It all depends on where it is being implemented though.

The purpose of this survey is to determine how people have different perceptions of what WiFi security is as well as how to properly use it.

Dattebayo, thanks for the mention on frequencies. That is a whole other very broad topic! Frequencies do have the potential to be intercepted etc. This would get us into the topic of wireless intrusion prevention and detection. Both of which can deal with frequency interception. I will mention it and use it in my paper but I didn't want to get too far off the scope. Thanks again.

Thanks for the responses guys. I appreciate it very much!

[BusyBadger]

Done. I've got MAC filtering enabled at home, because I've set home networks up for people that insist on it after having heard or read about it providing an extra level of security and I need to remember how to do it. In that sense, what a customer wants (as opposed to what they need), it's somewhat important. What they really need is to not broadcast their SSID for all to see.

You didn't have the option to select multiple encryption types for those that multiple networks at different physical locations, and "default" is misspelled in one of your questions, not that it's going to make any difference.

[PoorManQ45]

Done. I've got MAC filtering enabled at home, because I've set home networks up for people that insist on it after having heard or read about it providing an extra level of security and I need to remember how to do it. In that sense, what a customer wants (as opposed to what they need), it's somewhat important. What they really need is to not broadcast their SSID for all to see.

Both of those offer a false sense of protection.

Any script kiddie can fire up BackTrack and immediately see all Mac addresses and SSIDs in the area.

[BusyBadger]

Both of those offer a false sense of protection.

Any script kiddie can fire up BackTrack and immediately see all Mac addresses and SSIDs in the area.

I would say incomplete protection instead of false sense of protection, in that no network is ever completely secure. In both cases extra steps are needed to circumvent security. Are they easily accomplished, sure...so's social engineering and it's usually faster, and certainly more entertaining.

No single method is perfect, it's all about layers. You can lock your car, park in a good spot, have a chipped key and a fuel cutoff but if someone really wants your car they're going to get it. Show me a complete, iron-clad security solution and I'll be the first to implement it and spread the word. I wonder how much they'll pay to hear it.

[C-Kwik]

Absolutely agreed. MAC filtering is far too tedious to justify any benefits. I hate that many universities depend on it for access regulation. It makes using multiple devices on campus a nightmare.

While I agree that MAC filtering from a security standpoint is pointless, I don't see why its such a bad idea from a access regulation standpoint. With the assumption that schools want to limit access to students and faculty and most people have multiple devices, MAC filtering provides a pretty effective method of providing access without making it overly cumbersome. My community college and the school I had my internship at both used a login based system. Both had a lot of problems when I tried to access with multiple devices simultaneously. My current school uses MAC filtering and lets me register up to 6 devices. I regularly use three and have never had any issues with the credentials. I'll admit it might be more cumbersome for someone who has automatically registered more than the maximum number of devices, but most students don't have that many devices. As long as one understands what a MAC address is and how to find it on their device, manually managing your registered devices is pretty easy. But once everything is set-up, its pretty easy to work with. Hell, when I set-up a new boot partition for W8 on my laptop, I didn't have to do anything to get online other than to find and connect to the router since my MAC address stayed the same.

[MinisterofDOOM]

Oh, it's definitely effective for access control. It's just tedious for the end-user.

[szh]

I use MAC access controls for a slightly different purpose at home ... I selectively block my son's gadgets after 9:25pm (his bedtime), while leaving my computer (locked with a fingerprint reader) and my wife's iPhone untouched. it isn't really a big deal to open up the network for visitors - I just add them to the MAC list when needed.

So, no "under the covers" access to the Internet with his iPod and iPad when he is supposed to be asleep!

FWIW, my home WiFi set up is "No SID broadcast, require strong password, WPA2 Personal security, MAC access controls" ... as far as I know, nothing more is available anyway, right? The fact that it is a short-range radio system protects us more than anything else, I suppose.

Z

[SHIFT_COUPE]

Z - For home use that is a great idea! Wait til he gets older and figures things out!

[szh]

Z - For home use that is a great idea! Wait til he gets older and figures things out!

Yup! I do expect it to happen (given that he is almost 14 years old now and pretty computer savvy already) ... but that means he will then have earned the right to stay awake longer by then, etc.

Z

[RCA]

This is how I see it...

If you are trying to protect yourself from the average Joe then MAC filtering and hiding SSIDs will be useful. But those same people will be thwarted by any non-WEP encryption. The people you are worried about, the real educated intruder will be using tools that will make MAC filtering and SSID hiding irrelevant.

Your best bet is to:
- turn off WPS and UPnP
- use an encrypted VPN
- do not save network settings to your device. Type your password in every time. Do not let your machine assume and auto log on to your WiFi.

[Dattebayo]

Or you could just disable DHCP and create your own fu*ked up subnet...