Quote:
Originally Posted by EssDee
Sometimes all that's required is some form of deterrent. For example, when it comes to looking for access to a wireless network 'off the cuff' in an area aren't you more likely to piggy back onto the network with no encryption and advertised SSID than those that have these measures covered? Hence my house analogy - would an opportunist housebreaker (no such crime as 'burglary' in Scotland!) pick the only house in the street with an alarm?
|
Again, the alarm analogy doesn't fit - there's nothing in any of the settings being discussed which is the same as having an alarm on the house, none of the measures discussed will alert you to an intrusion. Ask yourself this, would an opportunist thief be put off by the fact that there are no numbers on a house?
Quote:
Originally Posted by EssDee
I wasn't having a dig Rob. Just felt that those a little less familiar with such matters than ourselves should not be put off implementing even the most basic of measures.
|
I know you weren't having a dig, it's all cool
My problem is that I quite often see people spending a great deal of time and effort implementing the advice of well meaning people only to find that they haven't increased the security posture of their systems at all. In fact, in many cases, they've often needlessly complicated the setup of their systems and gained no benefit from it.
Yes MAC filtering can be a useful administrative tool, and can be used to provide a limited assurance that there are only a limited pool of possible MAC addresses that can be connected to your machine. Hiding the SSID of a wireless access point can give you a limited assurance as to the anonymity of your system (especially if you've also
changed the SSID). Neither of these measures makes your system more secure though, and they should never be extolled as security providing features.