Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

5 Wi-Fi security myths you must abandon now

Eric Geier | Oct. 8, 2013
Save yourself and your friends from these outdated or inaccurate security techniques, and learn the current best practices.

But you needn't bother with that operation. A hacker using a wireless network analyzer will be able to see the MAC addresses of every computer you've allowed on your network, and can change his or her computer's MAC address to match one that's in that table you painstakingly created. The only thing you'll have accomplished by following this procedure is to waste some time—unless you think that having a complete list of the MAC addresses of your network clients would be useful for some other purpose.

MAC-address filtering might help you block the average Joe from connecting to your router from an unauthorized computer or other device, but it won't stop a determined hacker. It will render your network more difficult for legitimate users to work with, however, because you'll have to configure your router every time you add a new device to it or provide a guest with temporary access.

Myth No. 3: Limit your router's IP address pool
Every device on your network must also be identified by a unique Internet Protocol (IP) address. A router-assigned IP address will contain a string of digits like this: 192.168.1.10. Unlike a MAC address, which the device sends to the router, your router will use its  Dynamic Host Control Protocol (DHCP) server to assign and send a unique IP address to each device joining the network. According to one persistent tech myth, you can control the number of devices that can join your network by limiting the pool of IP addresses your router can draw—a range from 192.168.1.1 to 192.168.1.10, for instance. That's baloney, for the same reason that the next claim is.

Myth No. 4: Disable your router's DHCP server
The flawed logic behind this myth claims that you can secure your network by disabling your router's DHCP server and manually assigning IP address to each device. Supposedly, any device that doesn't have one of the IP addresses you assigned won't be able to join your network. In this scenario, you would create a table consisting of IP addresses and the devices they're assigned to, as you would with a MAC addresses. You'd also need to configure each device manually to use its specified IP address.

The weakness that negates these procedures is that if a hacker has already penetrated your network, a quick IP scan can determine the IP addresses your network is using. The hacker can then manually assign a compatible address to a device in order to gain full access to your network. As with MAC address filtering, the main effect of limiting IP addresses (or assigning them manually) is to complicate the process of connecting new devices that you approve of to your network.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.