I have 2 wired desktops and one wireless laptop. I am having a problem with making a connection when I use WEP. If I instead use the "MAC Filter" option on my Belkin Router to set the MAC #'s of only the computers that I wish to allow to connect to my network, wouldn't this in effect keep hackers out so that I do not need to use WEP?

Hi
Well, doing the mac only thing will keep ppl out for a shorter period of time than if you ran the wep and mac thing. Tools are available (to tools that want to hack your stuff) that will make short work of unencrypted wifi traffic. If you live in a rural area this might not matter much as there's a reduced risk of being noticed and targeted. If you live in a urban area you will probably be noticed. And then there are tools such as the ones I know who like to drive through town with tools running in their laptops, conected to gps, so they can log the wifi ap's of an entire town and make a map showing all.

MAC filtering isn't anymore secure than WEP. MAC addresses for NICs can be changed on the fly using software - which opens up plenty of doors for hackers.

But all in all, WEP and/or MAC filtering are very good deterrents, because most hax0rs (and especially casual ease droppers) will go onto the next unprotected WiFi access point.

I say do both:

MAC
WEP
or
WPA-AES

or if you have those new security features like WPA-AES along with MAC filter.

As already said, the MAC filter is only a minor obstacle to a determined intruder. Furthermore, if you don't use encryption like WEP or WPA, then most of your own network traffic is visible to everyone meaning that your passwords and traffic content are broadcast plaintext to everyone in your wifi radius.

The book on securing wireless:
1) position your AP so that you dont broadcast beyond your area - eliminate as much radiation leakage as possible.
2) change your SSID - possibly change it regularly.
3) dont broadcast your SSID - these 2 items lower your profile. Remember that an open WAP broadcasting linksys is code for please use me.
4) use WPA, not WEP & rotate the key - WEP can be broken in minutes. There are numerous articles on cracking WEP & WPA, but if your passphrase is long enough (20 chars min), and you only have a few clients, WPA can be good enough. The more clients you have, the greater the risk.
6) change user (if you can) and certainly the password.
7) if you must allow unauth'd traffic, establish trusted & untrusted VLANs.
8) turn it off when you're not using it.
9) if your clients start getting kicked, suspect a break-in attempt & change everything. The first step in cracking "secured" wireless is to get the SSID, and the 2nd easiest way to do this is to force clients to re-auth. Each auth request sends the SSID in clear text. The easiest way is to social it.
10) dont write your keys or SSIDs down. Keep control of your laptop.

The secret to security is to balance the lock against the value of the goods (information) behind the door, and to avoid making the door so shiny it attracts attention.

Change the SSID true you should do that in any case. Give it a name that you give your network (workgroup or mylocal.domain for home users).

Some WR also give you the option to block the SSID from being broadcast and shown on programs like passmark wireless mon.

As for the keys there are many options you can try. Just remember what keys or method you choose, because if you mess up you'll have to start all over again.

As YosefM said:

The secret to security is to balance the lock against the value of the goods (information) behind the door, and to avoid making the door so shiny it attracts attention.

GREAT POST, YosefM!

(imo: this ought to be a Sticky AND an entry in Problems Solved )

Thanks for all the good info. Now that you made me paranoid I have a few more questions.....

I sometimes log on to my neighbor's wifi open signal....but I never see any of their data comunications..... So is special software needed? Exactly where does one go, or what keys are pressed if a neighbor wanted to peek. And exactly what kind of stuff is open for curious neighbors (not so much professional hackers) to see. Could emails be seen, or would you be able to tell what websites the person visited, or can you see im's typed in chat rooms? What about any banking transactions online?

Can a curious neighbor with hardly any computer savvy see that stuff without special software? (IF they need special software, is that readily available for a small price?)

Whatever your neighbour does, it's his/her business. We will not help you eavesdrop on them.

No, no one here is going to help you or anyone spy on other people. I am posting this to make people aware of the dangers of wireless (and wired too).

Yes. And a high quality wifi adapter.
Everything that is not encrypted can be seen. That includes most email. (Most web mail services encrypt the authentication process, but the content is still trasmitted in plaintext). Most websites do not use secure authentication, so your passwords and usernames are plaintext. All non-https website content is plaintext. Virtually all FTP traffic is plaintext. All DNS queries are plaintext (so one can see what servers you use). IRC is usually plaintext, instant messaging and other chat solutions may be plaintext. Internet is rather transparent really

Banks and other money-related services do use encryption, so you don't have to worry aboyut that.

You can get the tools for free. It does take some effort to use that stuff, but one can find script kiddie guides online if he so desires.

I hope you realize that, having requested & gained this knowledge, you are now obligated to assist your neighbor in locking you out of their network?

Seriously, help 'em out - you might just gain a friend.

i have an older linksys 802.11b wireless router (I know i need to upgrade to at least g). I use WEP, MAC address and have broadcat SSID disabled. With my comps off, I still see activity lights on cable modem and router flashing. So, is there a montoring prgram or some way to see if unauthorized users are accessing my network?

Do you have an activity light for wireless too? If that one is blinking, then I would be worried.

Some routers allow you to view active wireless clients and/or active TCP connections.

The traffic between the modem and the router is just normal internet background radiation. Keepalive signals, broadcasts, random sweeping port scans - nothing to worry about really.

Remember, the Inet is a public highway and there's always traffic on it.

specifically, your subnet on the ISP has more than just you on it, and
therefore the NIC cards in all this hardware are seeing it and flash lights to
show the device(s) are working ok

If you're concerned about your neighbor spying on you, then there's probably nothing to worry about. Extracting information from indescriminately broadcasted packets requires someone who is very knowledgable and specialized software. Your average neighbor hasn't a clue....

Everything stated is very true. I am going to make this a sticky, as we get lots of Wifi questions.

I use passmark wireless mon to monitor my wireless network connections, you can do a lot with it also. But you can see what others in your surrounding area were you live would see if they had the same installed on their system.

Broadcasting:

Status
SSID
MAC
SPEED
Encrypt
Signal Strenght
Channel

etc...

as seen here:

There is another way to improve your wireless signal in your dwelling by using an AM radio on a station where there is no talk, no music just to get a clear channel with not static interference. So the idea is to place that wireless router in the basement where you get a clear station. This will give you the best possible signal in your dwelling.

Which would be EXCELLENT, then Very Good, Good...

So far so good in my case...

On two floors the signal is is EXCELLENT on the third it's Very Good!

Thanks Rick and others.... good to know that it is not all that easy to spy for a casual neighbor user. That makes me feel a little better. And no to Didude and Notsue.... i have no desire to spy on neighbors....could care less about what poop my neighbors might have in their puters or emails ....heck, i don't even listen to their phone conversations anymore.