Tim: >> Google around for the myths of wireless security. Jacques B: > You did a great job criticizing my advice, but offered non to improve > on it. Yes I did. Read my last line. i.e. Get credible advice, elsewhere. There's a few websites names like that which (a) point out the pointless *NON* security steps some people take (many of the points I rebutted in your posting), that are UTTERLY WORTHLESS to security and even cause problems, and (b) offers actually useful advice for security. My improvement was in killing the magic and rubbish from the equation. There is nothing other than encryption that you can do to help. As far as "security" goes, *ONLY* encryption provides it. All the other things people do, as advised early up in this thread, thinking that they add security, are utter nonsense. I'll say that again UTTER NONSENSE! The don't provide any security, at all. They aren't even a *slight* aid to security. They have NOTHING to do with it. It's not extra layers of defense, it's extra layers of waffle, confusion, and sheer time wasting. Hopefully that message is clear, now. Even playing with things like MAC filtering and DHCP, which can stop accidental connections, have nothing to do with security. They won't stop a hacker, they won't even stop someone trying manual network configuration when automatic does work, trying to resolve their networking problems, not as a hacking attempt. Do not equate security with burying your head in the sand. Following the useless advice is part of a cargo cult mentality, where one clueless person does something useless, then others ape them (look up "cargo cult", for those who don't know what it means). In fact, some of them will cause many people networking problems, particularly not broadcasting any SSID and messing with power levels. > You slammed my advice to not use an SSID that personally identifies you > for privacy reasons. But then you agree with it (don't use Tim's AP > was your example). I said *IF* you don't want your neighbors to know. But pointed out that it can be better if they do, and why. It's not a *SECURITY* issue, in the slightest. It's hardly even a privacy issue, it's not too hard to work out which access points are where if you have something mobile. The strongest reception locations will point the finger. > My advice is not bullet proof. But it's a hell of a lot better than > what your rebuttal appears to suggest, why even bother with any of > that because if someone really wants to get in, they will. Using that > premise why bother locking your house? Locking your house *does* provide a reasonable deterrent to a break-in, doing a good job of locking it even more so. Merely closing the door and not answering when someone knocks, does not. Much of what you offered has absolutely NOTHING to do with securing a wireless network. Most of that advice was useless in that regards. Why do people insist on parroting that waffle? If they knew what they were talking about, i.e. were in a position to knowledgeably offer advice, they wouldn't include those things. There's zero point in following that advice, all people do is waste their time configuring things that they should just have left alone, falsely feeling secure for doing so, and then giving them another networking headache (e.g. how to connect to their own access point without an SSID). There's a lot of useless and stupid advice about wireless networking that just buggers things up. Duff advice needs slamming, and slamming hard, until people stop giving it, so that other people don't have their time wasted. I'll say it again, do some research into the "myths of wireless security" and "cargo cult mentality." http://www.google.com.au/search?&q=wireless+security+myths http://en.wikipedia.org/wiki/Cargo_cult Wireless *security* nonsense that you shouldn't waste time with: SSID hiding Power level management / antenna placement MAC filtering Killing DHCP servers Special IP addressing/limiting While the last three may help you with network management, i.e. minimising random surprises while trying to use your own network, and something against accidental connections, if sensibly configured by someone who knows what they're doing with networking, they don't do the slightest thing towards security. NB and NB well: MAC filtering so your neighbour doesn't accidentally connect is NOT a SECURITY issue. It doesn't matter, at all, if they try and connect when you've got good encryption. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.