We hear it all the time — “WEP’s broke, so why use it?” Most people then move to MAC filtering and are content to just leave it at that. However, as this TechRepublic article explains, that may not be enough. The short version: with little effort, an intruder can pull a valid MAC address out of the air and bind it to their card, thus spoofing a valid address and getting onto the network. As such, a combination of WEP and MAC filtering should be used.

Realistically speaking, this should be plenty for 90% of the home users out there, provided they are taking other measures to protect personal data. For example, encrypting password lists and not sharing drives and folders to the wireless portion of the network. As the article also explains, however, even this combination could be trivial for someone who knows what they are doing, which still leaves many businesses open to attack.

The article discusses using TKIP, and this is a good idea. But the question becomes, what are you protecting? The data in the air, the connectivity itself, or the data on the network (i.e., on servers and workstations)? Using encrypted technologies such as VPNs, SSH, and so forth is a big help to protecting data in the air. Working with companies and ISPs to use SSL for email, for example, can go a long way toward helping prevent passwords from flying around in clear text. Using encrypted IM connections such as those provided by Trillian can help keep conversations private as well. (And while you’re at it, make sure any services running on that laptop are protected from other users of the airwaves as well.)

So the important part, in my opinion, becomes the network. If someone borrows your bandwidth, so what? These days, unless they’re sitting outside your office sucking up everything with BitTorrent or keeping an expensive ISDN link up and running with their traffic, there’s not much point in sweating it. A better option is to segment or firewall the wireless network from the main network.

Got a spare NIC? Slap it in your computer, hook your WAP or router to it, and firewall it off. Got a spare box and some NICs? Set up a real firewall with an Open Source product like IPCop. Regardless of the method, just limit that traffic through.

Yes, it’s nice to protect the airwaves. Just remember where the good stuff is located; that’s what you really want to protect.