What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

What is best security strategy for wireless network

S

satwar

Occasional Visitor
I've read that passwords can reduce throughput by 50 %. Is it best then to just use MAC address filter to allow access to your LAN ?
 
Depending on the router/client performance encryption sometimes can impact throughput, but encryption is the only way to secure your wireless, unless you implement enterprise security(RADIUS Server auth). MAC address filtering is just as or weaker than WEP, MAC addresses can be spoofed or copied allowing anyone who wanted in, to get in with little effort. WPA2 + AES is best with 64 hex or 63 alphanumeric or 63 ASCII random characters to form 256 bit hash, but both router/client must support it. TKIP is what WPA uses and is a little weaker but still pretty secure using the same random 256 bit hashes. The only challenge today is preventing the wireless encryption from being dictionary attacked, there has been movement on dictionary attacks performed simply because you have a common SSID and there are hash algorithms built to attack such common SSIDs. So a unique SSID and a long random character 256 bit hash key is best security you can provide yourself at the moment. Try making up an unique SSID then use these random generated keys: https://www.grc.com/passwords.htm . Good Luck!
 
Last edited:
overdrive31 said:
Depending on the router/client performance encryption sometimes can impact throughput, but encryption is the only way to secure your wireless, unless you implement enterprise security(RADIUS Server auth). MAC address filtering is just as or weaker than WEP, MAC addresses can be spoofed or copied allowing anyone who wanted in, to get in with little effort. WPA2 + AES is best with 64 hex or 63 alphanumeric or 63 ASCII random characters to form 256 bit hash, but both router/client must support it. TKIP is what WPA uses and is a little weaker but still pretty secure using the same random 256 bit hashes. The only challenge today is preventing the wireless encryption from being dictionary attacked, there has been movement on dictionary attacks performed simply because you have a common SSID and there are hash algorithms built to attack such common SSIDs. So a unique SSID and a long random character 256 bit hash key is best security you can provide yourself at the moment. Try making up an unique SSID then use these random generated keys: https://www.grc.com/passwords.htm . Good Luck!
Click to expand...

excellent advice! I'll add one more thing. Many of the better quality and newer routers can employ WPA2/AES with little to no throughput loss. FYI, take a look at this page from the WRT400 review. http://www.smallnetbuilder.com/content/view/30775/96/1/3/
 
Last edited:
It's actually in the 802.11n spec that APs / wireless routers must not use HT (High Throughput, i.e. over 54 Mbps) connect rates when using WEP or WPA TKIP.

The only way to get full throughput from a draft 11n router is to use no encryption or WPA2/AES.
 
Excellent information, thank you.

I have been using WPA/TKIP on my 802.11n router because i had some 802.11g bridges. It looks like the only way to fix throughput is to upgrade to 802.11n bridges, then everything will be capable of running WPA2/AES and my tthroughput problems will be over.
 
satwar said:
Excellent information, thank you.

I have been using WPA/TKIP on my 802.11n router because i had some 802.11g bridges. It looks like the only way to fix throughput is to upgrade to 802.11n bridges, then everything will be capable of running WPA2/AES and my tthroughput problems will be over.
Click to expand...

Many "g" devices support WPA2/AES. However they will be limited to 54Mb/s theoretical max throughput due to "g" being a 54Mb/s technology. You should get about 1/2 of the theoretical throughput if things are working OK.
 
satwar said:
Excellent information, thank you.

I have been using WPA/TKIP on my 802.11n router because i had some 802.11g bridges. It looks like the only way to fix throughput is to upgrade to 802.11n bridges, then everything will be capable of running WPA2/AES and my tthroughput problems will be over.
Click to expand...

Are these bridges strictly just a wireless->Lan bridge, and not wireless->Lan+wireless repeaters? If they repeat the wireless signal, to link one bridge to another, each hop or each time one bridge connects to another and not directly to the router the throughput gets cut in half. Just an FYI
Good Luck!
 
The DWL-G820 is a bridge and doesn't use WDS repeating. Any security that relies on rotating keys, which includes WPA won't work through WDS.

Draft 11n bridges that use client mode to associate with APs will support WPA/WPA2.
 
You must log in or register to reply here.

Similar threads

D
Help? Possible to have 2 routers wired and have 4 SSID's
Replies
3
Views
534
Tech9
Tech9
R
Your rules have reached the maximum - Looking for Alternative ways to do MAC filtering on Wifi.
Replies
3
Views
824
SeriousFamily
SeriousFamily
M
Allowing intranet traffic for single host to guest wifi network
Replies
3
Views
402
mikalcarbine
M
Z
The issue of iPhone 16 pro to access the wifi 7 wireless system under the mac address filter of Asus BE88U router
Replies
4
Views
742
zwyin
Z
S
AdguardHome + Unbound on Pi4 Correct DNS settings
Replies
6
Views
2K
sammyano
S
Similar threads
Thread starter Title Forum Replies Date
sfx2000 WPA status - WiFi Security and WiFi7 General Wi-Fi Discussion 45
S WiFi Access Points & Security Cams General Wi-Fi Discussion 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 775 (members: 25, guests: 750)
Back
Top