|
||||||||
----- Original Message ----- From: "Kamil Wencel" <wencel at radion dot org> To: <m0n0wall at lists dot m0n0 dot ch> Sent: Saturday, December 06, 2003 4:53 AM Subject: Re: [m0n0wall] FW: MAC filtering on wireless interfaces > Since MAC address spoofing is a rather common technique > to pass by WLAN "Security" I would not recommend using it. Just because MAC spoofing is rather simple to do and can be easily demonstrated hardly makes it common - I've been running WLANs for several years and have never had anyone hack someone elses MAC. You need to differentiate between those who just want to use this as a tool and those who play with networks for fun or personal improvement (learning.) > > Use an IPSEC over WLAN tunnel instead. I myself allow traffic > shaped HTTP / HTTPS for geeks who still have fun standing in > front of my door and want to get online. > > Apart from that, the whole internal infrastructure uses IPSEC > to reach the internal machines. Many of the users of monowall are not capable of managing an IPSEC based setup as evidenced by the number of questions posted here about how to make it work. Don't discount a simple improvement that gives some security just because there is a better (though more complicated) one. WLANs are inherently insecure but a balance between the effort required to secure and the value of the data at risk must be made. Just because WEP is fairly easily broken is not a reason to turn it off. MAC filtering has it's place among other useful security tools. IPSEC is more secure. Seriously valuable data should not be accessible from WLANs at all. > > --k > John Voigt, President Reston Wireless, LLC High speed internet service no smoke, no mirrors, no wires (tm) http://www.reston-wireless.net/ |