Support NeoGAF

[ZombieSupaStar]

Well finally bit the bullet and went wireless


picked up one of these


D-Link DGL-4300 IEEE 802.3/3u, IEEE 802.11b/g Wireless Gaming Router
http://www.newegg.com/Product/Product.asp?Item=N82E16833127158

and one of these for my pc (other pc is 2 feet from the router so its wired)

D-Link DWL-AG530 IEEE 802.11a/b/g PCI Tri-Mode Dualband Wireless Adapter
http://www.newegg.com/Product/Product.asp?Item=N82E16833127136


so far so good, signal strength is rated excellent, and I have SSID broadcast disabled, WPA encryption, and mac filering on.


The DS cant connect (figure its the wpa, so Ill just use the wifi usb adapter)


but what can I use for my xbox / 360 / ps2 ? is there like some wireless hub I can connect all 3 into and the wireless tap into the router?

 

[Gio_CoD]

If you've got MAC filtering enabled you really don't need WPA. Just explicitly enter the MAC address for the DS, computers, and wireless game adapter.

Buy a 15 dollar hub with an uplink port from CompUSA, plug the wireless game adapter into the uplink port, plug the Xbox, PS2, whatever the hell else into the remaining ports. Voila.

 

[maxmars]

If you've got MAC filtering enabled you really don't need WPA. Just explicitly enter the MAC address for the DS, computers, and wireless game adapter.

Just for the record, this configuration lets TCPIP packets flow through the air without encryption, although WEP isn't that difficult to crack either.

 

[Gio_CoD]

Just for the record, this configuration lets TCPIP packets flow through the air without encryption, although WEP isn't that difficult to crack either.

Yeah it does, but nobody is sitting outside your house trying to sniff out your traffic because they think it contains highly sensitive information. They just want internet access for free. The solution stops that.

 

[Dr_Cogent]

If you've got MAC filtering enabled you really don't need WPA. Just explicitly enter the MAC address for the DS, computers, and wireless game adapter.

This is not true.

Both can be worked around by a hacker. You want both to provide as much security as possible.

Always lock down your network as best as possible. You never know who your neighbors are sometimes. Better to be safe than sorry. Enable both MAC filtering and WEP or WPA.

 

[Gio_CoD]

This is not true.

Both can be worked around by a hacker. You want both to provide as much security as possible.

Always lock down your network as best as possible. You never know who your neighbors are sometimes. Better to be safe than sorry. Enable both MAC filtering and WEP or WPA.

Anybody with enough technical knowhow to figure out your MAC address and then spoof it (well... spoofing is easy, figuring it out is hard) is going to get into your network regardless. WEP can be cracked in less than 15 minutes, and for all intents and purposes, is completely useless.

 

[maxmars]

WEP can be cracked in less than 15 minutes, and for all intents and purposes, is completely useless.

It's really unfortunate that Nintendo chose not to go with WPA.

 

[DarienA]

Anybody with enough technical knowhow to figure out your MAC address and then spoof it (well... spoofing is easy, figuring it out is hard) is going to get into your network regardless. WEP can be cracked in less than 15 minutes, and for all intents and purposes, is completely useless.

And WPA can be cracked as well but that doesn't mean you shouldn't enable it. The rule isn't don't put it up, the rule is put up as much as possible.

EDIT:

Oh wait the DS doesn't support WPA? Ah.... well anyway you should still turn on WEP.

 

[Dr_Cogent]

Anybody with enough technical knowhow to figure out your MAC address and then spoof it (well... spoofing is easy, figuring it out is hard) is going to get into your network regardless. WEP can be cracked in less than 15 minutes, and for all intents and purposes, is completely useless.

Regardless. The idea is to make it as hard as possible. Not as easy as possible.

That's the point.

When I lock my doors at night, I lock the door handle lock and the dead bolt. I don't just lock one and figure, hey - if they're coming in - they're coming in.

That's the entire idea behind security. You don't just throw up your hands and say fuck it. We all know that everything that can be secured can be broken, but you don't take a slack ass attitude just because it "can" be broken.

 

[Gio_CoD]

Regardless. The idea is to make it as hard as possible. Not as easy as possible.

That's the point.

When I lock my doors at night, I lock the door handle lock and the dead bolt. I don't just lock one and figure, hey - if they're coming in - they're coming in.

That's the entire idea behind security. You don't just throw up your hands and say fuck it. We all know that everything that can be secured can be broken, but you don't take a slack ass attitude just because it "can" be broken.

I just leave my front door open and resign my personal safety to the gods.

EDIT

Plus, it's good to leave some wiggle room. When the Feds come and ask me who was downloading all those Xbox games and feature length movies, I can blame it on my neighbor saying he must have jumped on my unsecured wireless connection.

 

[Dr_Cogent]

I just leave my front door open and resign my personal safety to the gods.

Good luck with that.

 

[ZombieSupaStar]

the router supports wpa2 I just cant figure out of the wireless adapter does (im new to this wireless stuff).

 

[Deleted member 1235]

WEP can be cracked in less than 15 minutes, and for all intents and purposes, is completely useless.

It's not completely useless, Airsnort is a total bitch to get running on a windows PC and doesn't even work with a lot of Wifi cards. Have you cracked WEP before?

I tried for about an hour one day and couldn't get the program to run at all, so I gave up. WEP worked for my neighbour. Pretty much that is all you need (EDIT: all you need in a lot of cases), a deterrant.

A friend of mine uses 1 of 8 unsecured wireless connections around his house and just jumps around them all, I imagine he can't be fucked bothering to crack any of the protected ones so...

 

[Gio_CoD]

It's not completely useless, Airsnort is a total bitch to get running on a windows PC and doesn't even work with a lot of Wifi cards. Have you cracked WEP before?

I tried for about an hour one day and couldn't get the program to run at all, so I gave up. WEP worked for my neighbour. Pretty much that is all you need, a deterrant.

For one, I agree that all you need is a deterrent. That's why I suggest enabling MAC filtering and being done with it. People just want internet for free, 99.9 percent don't give a shit about your files or the sites you visit. The chances of your neighbor being some dedicated hacker with a severe interest in your web surfing activities are pretty slim.

Two, yes, I have cracked WEP before. Lots of times. Just gotta get a supported wifi card. I use the DWL-AG660.

 

[Dr_Cogent]

The chances of your neighbor being some dedicated hacker with a severe interest in your web surfing activities are pretty slim.

The chances of winning the lotto are slim too, but people do it.

If there was no chance, I would say your solution is fine. Since there is a chance, your solution isn't good enough IMO.

 

[Gio_CoD]

The chances of winning the lotto are slim too, but people do it.

If there was no chance, I would say your solution is fine. Since there is a chance, your solution isn't good enough IMO.

Well then we've discovered a finely drawn line between the two of us. You're paranoid. I'm not.

 

[DarienA]

Well then we've discovered a finely drawn line between the two of us. You're paranoid. I'm not.

This is not about paranoia anyone who works in IT and deals with wireless networking or network security in general would tell you to turn on all the available protocol security pieces you have.

 

[Dr_Cogent]

Well then we've discovered a finely drawn line between the two of us. You're paranoid. I'm not.

A little paranoia never hurt anyone.

Better to be safe, than sorry.

I've found in life that the people who think

It can never happen to me

usually have it happen to them.

This is not about paranoia anyone who works in IT and deals with wireless networking or network security in general would tell you to turn on all the available protocol security pieces you have.

QFT. Read any good doc on how to secure your network, and they will never suggest you take the Haleon half-baked approach.

 

[Gio_CoD]

This is not about paranoia anyone who works in IT and deals with wireless networking or network security in general would tell you to turn on all the available protocol security pieces you have.

Not everybody. I'm a network admin, and while I do have a locked down WAP at the office, I don't feel the need to employ the same security measures at home. For one, I don't have 70 people using my home network. It's just me and the girlfriend. Two, I know my neighbors. They don't even have kids, so I feel completely confident in merely enabling MAC filtering and disable the SSID broadcast on my network at home. And to be honest, the only reason I do that is to stop people from wardriving. If my neighbors just asked me if they could hop on my network I'd let 'em (assuming they split the bill with me).

 

[Dr_Cogent]

Not everybody. I'm a network admin, and while I do have a locked down WAP at the office, I don't feel the need to employ the same security measures at home. For one, I don't have 70 people using my home network. It's just me and the girlfriend. Two, I know my neighbors. They don't even have kids, so I feel completely confident in merely enabling MAC filtering and disable the SSID broadcast on my network at home. And to be honest, the only reason I do that is to stop people from wardriving. If my neighbors just asked me if they could hop on my network I'd let 'em (assuming they split the bill with me).

Give me your address. :lol

 

[DarienA]

Not everybody. I'm a network admin, and while I do have a locked down WAP at the office, I don't feel the need to employ the same security measures at home. For one, I don't have 70 people using my home network. It's just me and the girlfriend. Two, I know my neighbors. They don't even have kids, so I feel completely confident in merely enabling MAC filtering and disable the SSID broadcast on my network at home. And to be honest, the only reason I do that is to stop people from wardriving. If my neighbors just asked me if they could hop on my network I'd let 'em (assuming they split the bill with me).

How long have you been a Net Admin? I've been one for over 7 years now and I have to say I've NEVER come across a net admin or engineer who said don't bother turning a security feature on. That is crazy.

Let me guess you don't run an antiviral program, firewall or do hard disk maint on your pc regularly either right?

 

[ZombieSupaStar]

A little paranoia never hurt anyone.

Better to be safe, than sorry.

I've found in life that the people who think

It can never happen to me

usually have it happen to them.



QFT. Read any good doc on how to secure your network, and they will never suggest you take the Haleon half-baked approach.

so is my approach?


disabeled broadcasting, custom named, SSID
WPA enabled
mac filter enabled


good enough?

 

[Gio_CoD]

Give me your address. :lol

Why don't you just go ahead and tell me how you're going to find out an enabled MAC address to spoof? Since you're obviously well versed in the art of cracking WLANS.

 

[Dr_Cogent]

Why don't you just go ahead and tell me how you're going to find out an enabled MAC address to spoof? Since you're obviously well versed in the art of cracking WLANS.

Haleon,

I'm a computer engineer by trade. Don't think I can't figure any of that shit out easily. Do the research, implement the plan. I doubt it would be insurmountable considering what I know already and what I can figure out.

 

[Dr_Cogent]

so is my approach?


disabeled broadcasting, custom named, SSID
WPA enabled
mac filter enabled


good enough?

Sounds good to me man.

I'm sure DarienA would agree as well, but he can chime in if he doesn't agree.

 

[Gio_CoD]

How long have you been a Net Admin? I've been one for over 7 years now and I have to say I've NEVER come across a net admin or engineer who said don't bother turning a security feature on. That is crazy.

Let me guess you don't run an antiviral program, firewall or do hard disk maint on your pc regularly either right?

5 years. And like I said, I don't take the same approach at work. I'm sitting behind a software Checkpoint NG-1 firewall that is behind another Netscreen 25. The network in our office is segregated into three seperate VLANS (of which the Wireless access is only available on one) according to security risk. Due to the nature of business my company is involved in, some users need to engage in higher risk (for viruses and spyware) web-surfing, and therefore, they are segregated on a VLAN seperate from the rest of the network. Of the other two VLANS we have a general employee VLAN and a contractor VLAN. The WAP is using WPA with MAC filtering enabled (executive and guest access) with the SSID broadcast disabled. Keys are reset on a monthly basis.

So yes, the office network is more than secure, but the reason for that is because I have to account for 70 employees and numerous guests and contractors that utilize my office network. My home network isn't subject to the same scrutiny because it's just me and the girlfriend on it.

 

[Gio_CoD]

Haleon,

I'm a computer engineer by trade. Don't think I can't figure any of that shit out easily. Do the research, implement the plan. I doubt it would be insurmountable considering what I know already and what I can figure out.

So basically you're admitting you have no idea how you would be able to find out a MAC address then. As far as I know, there is no exploit out there to discover a computer's MAC address through sniffing unencrypted packets emanating from a WLAN. The only way you'd be able to do it is to social engineer me into visiting a site that you have set up. And that solution would rely on the user's incompetance.

So when you "figure that shit out easily", let me know.

 

[Dr_Cogent]

So basically you're admitting you have no idea how you would be able to find out a MAC address then. As far as I know, there is no exploit out there to discover a computer's MAC address through sniffing unencrypted packets emanating from a WLAN. The only way you'd be able to do it is to social engineer me into visiting a site that you have set up. And that solution would rely on the user's incompetance.

So when you "figure that shit out easily", let me know.

Took me 10 seconds to find this on google.

http://home.jwu.edu/jwright/papers/wlan-mac-spoof.pdf

I am sure I could find a way in pal.

It's been documented in plenty of places that MAC address filtering is not unbreakable. It is possible, and I am sure it's possible to be done remotely.

 

[Gio_CoD]

Took me 10 seconds to find this on google.

http://home.jwu.edu/jwright/papers/wlan-mac-spoof.pdf

I am sure I could find a way in pal.

Wow, you found out how to spoof a MAC address? You're a certified Kevin Mitnick.

A fucking Linksys router can clone a MAC address. Changing your MAC isn't the hard part. I'm asking how you plan to find out what MACs are enabled on my router. Any dumbass can spoof their MAC address.

 

[DarienA]

My home network isn't subject to the same scrutiny because it's just me and the girlfriend on it.

A suggestion... don't pass on your lackadaisical home wireless security habits to others.

 

[Gio_CoD]

It's been documented in plenty of places that MAC address filtering is not unbreakable. It is possible, and I am sure it's possible to be done remotely.

Of course it's not unbreakable. The easiest way to break it is... wait for it... to spoof your MAC! The tricky part is finding out what MACs are enabled in the filtering. That's the part I'm asking you to do. And regardless of all this, I'm not sure where the disconnect here is. I've said from the very beginning solely enabling MAC filtering isn't perfect security. I'm just saying that for 99.9 percent of the home users out there, it's more than enough.

 

[Dr_Cogent]

Wow, you found out how to spoof a MAC address? You're a certified Kevin Mitnick.

A fucking Linksys router can clone a MAC address. Changing your MAC isn't the hard part. I'm asking how you plan to find out what MACs are enabled on my router. Any dumbass can spoof their MAC address.

Routers have been hacked in the past and can be hacked. Like I said before, and if you argue the point you aren't as good of a network engineer as you claim to be, that anything that can be secured - can be broken into. You're lackadaisical attitude towards local security is pretty lame if you ask me.

More is more. Having it enabled will not hurt anyone except for someone trying to get in.

edit - Holy shit. DarienA are you reading my mind? You used "lackadaisical" in your post like mine. :lol

Of course it's not unbreakable. The easiest way to break it is... wait for it... to spoof your MAC! The tricky part is finding out what MACs are enabled in the filtering. That's the part I'm asking you to do. And regardless of all this, I'm not sure where the disconnect here is. I've said from the very beginning solely enabling MAC filtering isn't perfect security. I'm just saying that for 99.9 percent of the home users out there, it's more than enough.

And I'm saying more is better. More is more. More is better. Don't take a half ass approach. I would rather others here reading be more secure than less.

 

[DarienA]

Cogent.. the word just seemed to fit.

Wow, you found out how to spoof a MAC address? You're a certified Kevin Mitnick.

A fucking Linksys router can clone a MAC address. Changing your MAC isn't the hard part. I'm asking how you plan to find out what MACs are enabled on my router. Any dumbass can spoof their MAC address.

Not that I've ever done any hacking but I was under the impression that data packets that can be sniffed on the wireless network including among other things authorized MAC addresses.

 

[Gio_CoD]

Routers have been hacked in the past and can be hacked. Like I said before, and if you argue the point you aren't as good of a network engineer as you claim to be, that anything that can be secured - can be broken into. You're lackadaisical attitude towards local security is pretty lame if you ask me.

More is more. Having it enabled will not hurt anyone except for someone trying to get in.

edit - Holy shit. DarienA are you reading my mind? You used "lackadaisical" in your post like mine. :lol



And I'm saying more is better. More is more. More is better. Don't take a half ass approach. I would rather others here reading be more secure than less.

If you manage to hack into the router to get the list of filtered MAC addresses, why wouldn't you just:

A.) Add your own MAC so you could get onto the network.
B.) Get the WEP/WPA key and type it in on your wifi card.
C.) All of the above.

And no, this "Anything can be broken into" line isn't true. Sure, MOST things can be broken into because they rely on the incompetence of IT techs not keeping up to date with patches, firmware revisions, CERT advisories, etc... I was at a seminar last year for Firebox firewalls, and I heard an interesting statistic. 97 percent of security intrusions are the result of incorrectly configured hardware or software. That leaves 3 percent that are true code vulnerabilities.

As for you thinking my stance on home security is lame, that's fine. Agree to disagree. I just have basic trust in my neighbors.

 

[Gio_CoD]

Cogent.. the word just seemed to fit.



Not that I've ever done any hacking but I was under the impression that data packets that can be sniffed on the wireless network including among other things authorized MAC addresses.

I'm not sure if they are or not to be completely honest with you. I would imagine they would have to be to some degree for the MAC filtering on the router to even work. Personally, I don't have the slightest clue how you would go about pulling the MAC address out of sniffed packets though.

 

[DarienA]

If you manage to hack into the router to get the list of filtered MAC addresses, why wouldn't you just:

A.) Add your own MAC so you could get onto the network.
B.) Get the WEP/WPA key and type it in on your wifi card.
C.) All of the above.

And no, this "Anything can be broken into" line isn't true. Sure, MOST things can be broken into because they rely on the incompetence of IT techs not keeping up to date with patches, firmware revisions, CERT advisories, etc... I was at a seminar last year for Firebox firewalls, and I heard an interesting statistic. 97 percent of security intrusions are the result of incorrectly configured hardware or software. That leaves 3 percent that are true code vulnerabilities.

As for you thinking my stance on home security is lame, that's fine. Agree to disagree. I just have basic trust in my neighbors.

I'm kinda been skipping the conversation between you and Cognet but let's back up... if you're asking how hard would it be for me to gain access to your mac filtered only wireless home network? The answer is pretty easy.

Data packets sent on your wireless network will contain the mac address of the client they are coming from... there are easily available software packages that can sniff these data packages and give you a list of clients and mac addresses... from there I believe it's a simple registry hack on to change the mac address of your own wireless card you want to use to get in.

Again I've not done any of this personally only done some casual reading about it.

I'm not sure if they are or not to be completely honest with you. I would imagine they would have to be to some degree for the MAC filtering on the router to even work. Personally, I don't have the slightest clue how you would go about pulling the MAC address out of sniffed packets though.

I quickly found 2 software packages when googling.. I hesitate to mention their names.

TomsNetworking has some pretty thorough articles on WEP cracking and bypass mac filtering.

 

[Gio_CoD]

I'm kinda been skipping the conversation between you and Cognet but let's back up... if you're asking how hard would it be for me to gain access to your mac filtered only wireless home network? The answer is pretty easy.

Data packets sent on your wireless network will contain the mac address of the client they are coming from... there are easily available software packages that can sniff these data packages and give you a list of clients and mac addresses... from there I believe it's a simple registry hack on to change the mac address of your own wireless card you want to use to get in.

Again I've not done any of this personally only done some casual reading about it.





I quickly found 2 software packages when googling.. I hesitate to mention their names.

I'd be interested to see how easy it would be to actually pull a MAC address out of a sniffed packet. I'd also be interested to see the actual headers that contain the MAC address. Like I said in the above post, obviously the information must be transmitted at some point for the MAC filtering to work, but I'd like to know the frequency and the sorts of programs you could use that actually enable one to pull that information out of the headers.

 

[maxmars]

FIGHT!

 

[Dr_Cogent]

If you manage to hack into the router to get the list of filtered MAC addresses, why wouldn't you just:

A.) Add your own MAC so you could get onto the network.
B.) Get the WEP/WPA key and type it in on your wifi card.
C.) All of the above.

And no, this "Anything can be broken into" line isn't true. Sure, MOST things can be broken into because they rely on the incompetence of IT techs not keeping up to date with patches, firmware revisions, CERT advisories, etc... I was at a seminar last year for Firebox firewalls, and I heard an interesting statistic. 97 percent of security intrusions are the result of incorrectly configured hardware or software. That leaves 3 percent that are true code vulnerabilities.

As for you thinking my stance on home security is lame, that's fine. Agree to disagree. I just have basic trust in my neighbors.

True, I could just add the MAC if I hacked it, but wouldn't it be more sneaky, and also more undetectable if you didn't notice an additional MAC address in the list? Also, I would expect it's quite possible to get MAC addresses out of the air over unencrypted traffic (Dariens post above helps affirm this belief).

I have to disagree with you on the "anything can be broken into" disagreement. Sure, most security holes are due to things not being patched, but there was the initial moment when they weren't patched or the hole wasn't even known. For every wall they put up out there, someone inevitably tears it down it seems.

If you are fine with your network config, that's fine by me. I just don't think it's right to give the same advice out to newbs. They may not know their neighbors like you do, and the thing is - sometimes we think we know people when we really don't.

Anyhow, I gotta say - I love a good heated debate.

 

[Gio_CoD]

I actually do have to conceed the ease of MAC discovery to Darrien. Look up Kismet to see why.

 

[DarienA]

I actually do have to conceed the ease of MAC discovery to Darrien. Look up Kismet to see why.

Yes I'm familiar with that package... and another that will do it even if you have SSID broadcast turned off.

 

[Gio_CoD]

True, I could just add the MAC if I hacked it, but wouldn't it be more sneaky, and also more undetectable if you didn't notice an additional MAC address in the list? Also, I would expect it's quite possible to get MAC addresses out of the air over unencrypted traffic.

I have to disagree with you on the "anything can be broken into" disagreement. Sure, most security holes are due to things not being patched, but there was the initial moment when they weren't patched or the hole wasn't even known. For every wall they put up out there, someone inevitably tears it down it seems.

If you are fine with your network config, that's fine by me. I just don't think it's right to give the same advice out to newbs. They may not know their neighbors like you do, and the thing is - sometimes we think we know people when we really don't.

Anyhow, I gotta say - I love a good heated debate.

Yeah, there is always going to be the initial window of time in which a group discovers a vulnerability and the moment a vendor patches the vulnerability. Working in IT, you're always subject to some risk.

However, it becomes increasingly easy to secure your network if you keep up with certain security mailing lists. Personally, on the first of each month I go through Google and pretend I'm a hacker. I google up any information on my home office switches, firewalls, and OSes and see what sort of new exploits are out there. If I find anything (that hasn't previously been sent in an advisory mailing), I go to the vendor and inquire about a patch. The reason I don't do that at home is because going through looking for vulnerablities on a dozen odd pieces of hardware takes upwards of 20 hours to do. It's an exhausting process.

 

[Gio_CoD]

Yes I'm familiar with that package... and another that will do it even if you have SSID broadcast turned off.

Netstumbler.

 

[Dr_Cogent]

I actually do have to conceed the ease of MAC discovery to Darrien. Look up Kismet to see why.

Yeah, I figured it wouldn't be difficult at all. That shit gets passed over the wire all day long.

I've had to use network analyzers here at work from time to time, and the MAC is in the header usually from what I have seen.

 

[Gio_CoD]

I almost forgot about my baby. A Proventia G100 IPS was installed on the front end last year. Inline baby. That means it'll automatically drop packets from Dr_Cogent when he tries DDoSing me.

 

[Dr_Cogent]

I almost forgot about my baby. A Proventia G100 IPS was installed on the front end last year. Inline baby. That means it'll automatically drop packets from Dr_Cogent when he tries DDoSing me.

:lol

That "my baby" comment reminded me of Harold and Kumar Go to White Castle.

 

[Gio_CoD]

:lol

That "my baby" comment reminded me of Harold and Kumar Go to White Castle.

Great movie. The jaywalking part had me laughing my ass off.

 

[Dr_Cogent]

Great movie. The jaywalking part had me laughing my ass off.

OMG. Totally. I fucking love that part.

 

[trmas]

Part of my job requirements are to "test" security for networks. One of the reasons the government won't really utilize wireless despite its convenience is how many security holes are present. It's improving, but no wireless network is really secure. You can tighten it down, and should, but many people have no idea what exactly should be done.

1. Disable broadcast of the SSID if you can
2. If using WEP use the 192-bit version, and if using WPA you still don't want to use a common word even if it is encrypted
3. Lock down MAC addresses, although some posters are right - if someone knows how to spoof MAC addresses (easy to do), this will not help
4. Lock down your firewall - don't just open up ports unless you know what they do. Use firewalls in your wireless router AND at the desktop level. People who use ZoneAlarm tend to make it useless, because they just let ZoneAlarm open all these ports for programs when they don't even know what process in the application is calling for connectivity
5. If using VPN, AES encryption standards are preferred.

I have a wireless network at home, and have set MANY up for others, but remember it still has to be useable when you are finished. Wireless networks are a balance between functionality and security.

 

[DarienA]

Part of my job requirements are to "test" security for networks. One of the reasons the government won't really utilize wireless despite its convenience is how many security holes are present. It's improving, but no wireless network is really secure. You can tighten it down, and should, but many people have no idea what exactly should be done.

1. Disable broadcast of the SSID if you can
2. If using WEP use the 192-bit version, and if using WPA you still don't want to use a common word even if it is encrypted
3. Lock down MAC addresses, although some posters are right - if someone knows how to spoof MAC addresses (easy to do), this will not help
4. Lock down your firewall - don't just open up ports unless you know what they do. Use firewalls in your wireless router AND at the desktop level. People who use ZoneAlarm tend to make it useless, because they just let ZoneAlarm open all these ports for programs when they don't even know what process in the application is calling for connectivity
5. If using VPN, AES encryption standards are preferred.

I have a wireless network at home, and have set MANY up for others, but remember it still has to be useable when you are finished. Wireless networks are a balance between functionality and security.

I'm glad you felt the need to flaunt your wireless network security prowess... however "mines is still bigger!"

Then again PC Magazine/PC World, etc. have printed the above list countless times.