What security do you use? I think a list of MAC numbers would work well.
you should add wep encryption to that
From Mr Goo -
Wireless Security:
<disclaimer>The amount of effort you should go to is directly proportional to the value of what you are protecting. I am often called upon to protect reasonably valuable information in a corporate environment, but I have no experience in protecting national secrets for the government, so take from this what you may ! I do not work for Cisco, and have no official relationship with them.</disclaimer>
MAC address filtering - this can VERY easily be spoofed. Programs and registry hacks exist to do this in Windows, and most *NIX platforms allow you to do this natively in the O/S.
The best bit about breaking in to a network protected with only MAC filtering is that the details an attacker needs (the allowed MAC addresses) are broadcast for an attacker to see in each and every packet (which in a wireless network can be sniffed straight from the air), and it is simply a case of waiting until you go offline, (or performing a number of sneaky tricks to make you go offline) then connecting pretending to be you … voila, you’re in.
MAC address filtering is also often prone to various ARP flooding attacks, which have varied levels of success, from being a minor annoyance through to causing some poorly written filters to simply open the floodgates.
WEP - the Wired Equivalency Protocol, contains a number of very well known cryptographic flaws, allowing an unskilled attacker with some easily obtainable software (such as Air Snort) to decode your WEP key (and hence gain access to your network) in as little as 15 minutes … this is scary !
Some of the methods employed by many corporates these days include using proprietary equipment, such as that available from Cisco which has it’s own security extensions, or alternatively, protecting their private networks from their wireless network. Cisco have developed TKIP, which essentially rolls the WEP key dynamically, with the idea being that if you roll the key often enough, an attacker will never be able to obtain enough packets to decode your WEP key, and MIC, which adds some additional info to a packet to allow you to confirm the packet has not been altered in transit.
For many years people have been happy to treat their wireless networks in a similar way to how we treat the Internet … wild and untamed, and these people often have nothing in place to stop you from accessing their wireless network … instead they use firewalls to protect their private network from the wireless network, and insist on the use of VPN technology to access the private network from the wireless network.
There are also a number of new options now based on 802.1 xs, such as LEAP and PEAP, but these are probably beyond the scope of this thread.
Hope this helps.
I always think about it this way: the Wireless world is at such a state where there consists two main groups of people:
clueless first time users who leave their networks completely unprotected with varying interestingness of data.
amateur computer experts who apply every security protocol known to man to protect their rather boring school assignments and pron.
Given there are only a finite amount of hackers out there, you don’t really need to make your network unbreakable, just less breakable than everyone elses. The effort required to break your network combined with the relative crapshoot of how useful it would be to break it should deter nearly all hackers. Unless you have something important enough for people to go after you specifically, this should be enough:
- Static IP’s
- Turn off broadcasting
- MAC filtering
- WEP
- non-default settings (eg, set your SSID to c@np1nt or something and your IP range to 10.0.0.34 - 37)
Well, that won’t do.
Thanks.
I’m trying to make a couple of Intel APs that aren’t made any more work with 3Com APs.
I have applied every security protocol known to man - I am not an amateur, I do not have any school assignments, and well, you are right about the pr0n. 
carnivorousplant-
As Goo said, everything depends on what you are trying to protect. If this is a home system, then you do not need perfect security. You just need to make it too much work to mess with.
Why do you lock the doors on your car? Is it to keep the bad guys from ever getting in? Of course not - if they really want to get in to your car, they will get in. The object is to make it more trouble to break in than it would be to find another car with the doors unlocked.
For a home system, non-default SSID, static WEP, MAC filtering, and turning off broadcast would be more than sufficient. I would also turn down the radio power so it does not blast out to the street. While static WEP can be broken, to do so takes a brute force approach and, as Shalmanese said, you are not that interesting. If your AP does not do these, then you need to balance the level of security you can do with the cost of a new AP that does.
When I am wardriving (trying to find unsecured access points) I am looking for easy internet access. If someone is using just about anything other than the defaults, then it is too much trouble to mess with. There will be someone else on the next block with the defaults.
If this is a business, then you have a lot more to worry about because a business IS that important. I would implement some type of dynamic WEP keys. If your AP does not do that, then it is worth the money to get an AP that does.