Replies

For a home user, it’s relatively simple if you have a basic understanding of networking (MAC addresses, etc.), but yeah, if someone is intent on getting into your wireless network, MAC filtering isn’t going to save your hide.

I recommend it to folks whose routers I configure, but I always explain that it’s an administrative hassle every time a new person comes over. For the micro-managers among them, they usually like to have that level of control, and I’ll teach them how to input new MACs.

Also, depending on the firmware on your router, it’s not hard to edit that table or the on/off value for it if you know what you’re doing. I setup a dedicated crossover connection between my router and my server for both RADIUS and JTAG connectivity and locked the administrative ports down to cabled-access only.

If you’re paranoid, there’s nothing wrong with throwing another spike strip down in front of war drivers, but if they’re in a half-track or a deuce.25, it’s just a speed bump, I admit.

I understand that AP isolation is really the best way to keep ne’er-do-wells out, but even I had a lot of issues getting that to work on my home network. Virtual APs are cool too; I setup a WEP VAP with AP iso for my Nintendo DS wireless, and it works incredibly well.