[Cboldt]

Using WPA-PSK/AES with MAC filtering is a "belt and suspenders" way of securing your network.

There is more than one way to obtain unauthorized access. For most home networks, it is sufficient to limit the machines that are authorized (e.g., via MAC limiting), without getting to the "user" level.

Encryption is necessary to make it more difficult for strangers to snoop on your broadcast keystrokes.

The problem with this article is that it plants the idea that data encryption instigated/required by the WAP will prevent unauthorized access.

[PogySailor]

It does make a hash of access control and packet protection. But then again I don't expect to high a level of technical detail in a newspaper. I didn't link to the article so I don't know if they referenced some other material on the subject.

Since WPA-PSK is one of the standard models of 802.11x, it does control access. If the client (or supplicant in 802.11x lingo) doesn't have the proper key, the WAP will not establish a connection. The data confidentiality is provided by TKIP (WPA) or AES-CCMP (WPA2). The PSK that controls access also is used as the seed for the packet encryption for both methods.

The problem I see with most (if not all) consumer WAP models is that out of the box they are "open" and most people don't bother to set up any authentication or encryption. And the documentation that comes with them (at least 6-8 months ago) isn't really straight forward with the need to change settings.

For instance, I found several open WAP's in my neighborhood when I was setting my WLAN up (scanning to see if I needed to change the WAP's channel) and helped them get locked down. The homeowners didn't know they were at any risk.

If I didn't do networks for a living (I'm a CCNP/CCDP) I'd have never known how important it is to change those defaults.