[mdlug] Linksys WRT1900AC v2 Setup

David Lee Lambert davidl at lmert.com
Tue Dec 26 19:53:26 EST 2017 

I'll second the risks vs benefits.

I have two wireless bridges (one built into a router,  one an older
bridge-only device), a hodgepodge of wired and wireless devices,  some
level of security on mobile devices so we can use them roaming safely,  and
either user-level security or no open services on wired devices.

The older wireless bridge allegedly supported WEP or WPA,  but I never got
that to work; perhaps it was a"pre-standard" implementation.

Hence,  I'm running open WiFi with SSID broadcast,  and only limited MAC
locking.

Advantages:
* simple setup.  New devices just have to discover the SSID,  not receive a
password.
* no need to generate/rotate the password on a regular basis (because there
isn't one).

Disadvantage:
* some devices pop up a warning about connecting to an unsecured network.

Might be advantage or disadvantage :
* the open WiFi seems to be a honeypot for teenagers and older kids; they
hang out in the street near my home dinking with their phones,  in clear
view of my security cameras,  but wander off if anyone opens the door.

Potential disadvantages:
* The FBI, or KGB, or some dudes with friends in Nigeria, could cruise the
neighborhood in a windowless van with a directional antenna and pick up
cleartext traffic,  or brute-force open services.
* A scruffy-looking guy could drop a backpack on my lawn containing a
portable device that does the same.
(But that's why I have security cameras and participate in Neighborhood
Watch...)

On Dec 26, 2017 1:15 PM, "Jeff Hanson" <jhansonxi at gmail.com> wrote:

> MAC address filtering and hiding an SSID is both very weak security.  MAC
> addresses can be faked.  IIRC, SSID can be sniffed from active connections.
>
> Disabling remote access is helpful depending on how secure the
> authentication is.
>
> It's a matter of evaluating practical risks vs. benefits.  If you are
> concerned about amateurs freeloading on your network then it's easy enough
> to fool them.  Against a pro then don't count on it.
>
> I don't bother with address filtering or SSID hiding.  I'm in a rural area
> where even accidental connections are rare.  I block remote access because
> I don't need it.  Internally I use sshfs with keys for file sharing between
> anything that matters, unauthenticated Samba for anything that doesn't.
>
> On Tue, Dec 26, 2017 at 12:27 PM, Peter Bart <petertheplumber at att.net>
> wrote:
>
> > Merry Xmas All,
> >         I am setting up my new router. I am using a Linksys WRT1900AC
> >         v2 running DD-WRT. I will eventually be setting this up to use
> >         VPN, but my more immediate question relates to MAC address
> >         filtering, hidden vs visible SSID. I've allways used MAC
> >         address filtering as a layer in my lockdown of my wireless AP.
> >         Ditto for hiding my SSID's. Along with going through and
> >         disabling any services enabled by default and not used. One of
> >         those would be remote access to the router.
> >
> >         What are your opinions of  necessity as the the three items
> >         named? Am I too paranoid? I do these each as a layer in my home
> >         network security, I don't view anything as the end all. Are
> >         there any other things I should be doing in addition or in
> >         place of?
> > --
> > Best Regards,
> >
> > Peter The Plumber
> > <petertheplumber at att.net>
> > _______________________________________________
> > mdlug mailing list
> > mdlug at mdlug.org
> > http://mdlug.org/mailman/listinfo/mdlug
> >
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>

More information about the mdlug mailing list