On Saturday 25 Jul 2015 11:23:39 Peter Humphrey wrote: > On Saturday 25 July 2015 11:19:39 meino.cra...@gmx.de wrote: > > Short "second" question: > > Is it possible to limit the devices, which could connect to the access > > point, to some MACs ? > > It depends on the device you choose for your access point. Some allow you > to filter MACs, others may not. Sorry I can't help you choose - it seems > to be hard to find real information before you buy.
I think that Meino wants to implement a MAC ACL on his hostapd settings, rather than on a separate router appliance. Have a look in the configuration file hostapd.conf. You can define your own accept/deny files and list in there any devices you want to explicitly allow or deny from connecting to the hostapd. > > (I know, this is not 100% secure, since even those could be faked, but > > the average script kiddy may be block for a while.) > > As you say, MACs are supposedly prone to being spoofed. I only say > "supposedly" because I haven't seen any reports of its happening. Much > depends on what you perceive the threat to be: are you in a city with any > number of unknown people passing by daily, or like me in a village where > you know your neighbours? > > Of course, you'll also have an effective firewall on each machine that can > be reached from the wireless network. Unless you have your AP running 24-7, WPA2 should be secure enough for most purposes. If you are in the middle of a city, next to a university with a known branch of script kiddies, then set up a VPN between the two devices. You do understand that MAC ACLs will not deter anyone who can use kismet and aircrack-ng. With regards to setting up your firewall on the PC, it would not harm to set up two VLANs, seperating the PC LAN subnet from the wireless. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
