JW0914 wrote:Hiding ssid doesn't improve security, same for mac filtering.
Doesn't it make it more difficult if one doesn't know the SSID, as I've seen what you've said echoed on different forums with no one ever going into detail why it doesn't. Would you also elaborate on the mac filtering as well please.
hiding the SSID doesn't help much because if anyone is actually using the network, they are broadcasting the SSID quite frequently, so you will see it on the air.
Hiding the SSID does two things.
1. if nobody is using the network, it's not visible
2. it doesn't show up by default in pulldown menus.
As a result it's weak protection at best.
As for locking things down to a particular MAC address, the weakness is that you can trivially change your MAC address to an authorized one (and you can detect the MAC address by listening on the network)
both of these harden your system against weaker attackers, but they probably won't get through even the most trivial password. They are speedbumps against more sophisticated attackers, at the cost of being more effort to setup and maintain.
I will do the MAC filtering on my home network, but I have a household of 4 geeks, I would not implement it at my friends house because it would cause lots of problems.
As for the key length, my take >= 16 acceptable, >= 24 good - but obviously opinions differ.
I don't feel comfortable unless my passwords are ~30 characters or longer for sensitive logins.
if I am actually worried about security, I don't use passwords.
If the password is too long, people just write them down or tell their systems to remember them, neither of which really helps much.
I don't think either of these recommendations are good to put in a particular device's page. They are useful to have in a generic "things you can do to improve wireless security", but they should not be presented as absolutes.