Overview
So now our plain unmarked bar has perimeter protection with a key coded gate and a bouncer with a list. This multilayered security, should keep out nearly all non-members. There will always be people in the world who have the time and means to defeat security measures taken but that is no reason to forego protecting yourself. Hopefully, after deploying one or more of the four following options you have now secured your wireless network from the leeches that exist out there.
Security steps taken:
Secure your router management interface
Setup SSID
Setup wireless security encryption
Setup MAC Address Filtering
SSID is really a catch 22 in my opinion. If you broadcast it, it’s in the open for everyone to see, but if you disable it and someone comes around wardriving and discovers that you’re SSID was disabled they’ll be more inclined to attempt to access your network because you probably have something important to keep hidden. It’s definitely not always the case, but I thought I’d share my 2 cents 🙂
Sorry, I should have added that your passphrase for WPA should be random generated and not a weak passphrase of a plain “dictionary” word that can be cracked very easily.
I agree that not broadcasting your SSID is only a layer but it can still be cracked. Anything can be cracked given the right tools and given the time, any network can be infiltrated.. The point is, to make your network a more difficult target so that the criminal (or hacker if you will) decides to move on to a more easily accessible target.
Considering most wireless networks are unprotected, getting this information out just so people impliment basic protection is a good start.
I agree. The MAC filter is not the equivalent to a bouncer, but more a little old lady asking you for your name without ID. You can lie (spoof) about it. As far as a WPA passphrase, you should use a passphrase generator to generate one for you up to 63 characters long (the longer the better and with all character types). This will make it more difficult, if not impossible, to brute force attack it. Using a dictionary word will only take a few seconds to crack.
Not broadcasting the SSID only adds another layer but it’s not impossible to crack it. Most scanning software will show it but without the SSID so it’s just a bit of extra work for the hacker to sniff that out.
Disabling SSID doesn’t add security. MAC addresses can be spoofed.