Wireless security: MAC filter good enough?

Is an exclusive MAC filter by itself a good security solution for wireless security?

Does disabling the SSID broadcast help at all?

If a MAC filter is not enough, what security mode should I use?

This is all for home use and in a semirural area where I don’t really fear hackers lining up at my door to bust in, but still.

If you’re in a fairly rural area, you’ve not got much to worry about. However -

Generally, MAC filtering is not secure enough - it’s possible to sniff the MAC address out and then spoof it.

Use WPA-PSK, turn off SSID, and use MAC filtering. If you don’t live in the downtown core, that should be more than adequate.

MAC addresses are easy to sniff and discover. People can easily change the mac addresses of most computers. So it does not provide very much security.

Disabling SSID broadcast makes it more difficult to know that there is wifi to use. So it is of some help. I would not turn off SSID it mostly makes it more of a pain in the but to setup things and provides little in the way of security.

Use WPA2-psk most every thing supports it. It is pretty easy to use.

Actually, disabling SSID broadcast has the (to me) convenient side effect that my iPod won’t connect on its own, which means the kids don’t have access to the internet. Just typing my network name to log in is not that much of a price to pay for that “feature”. Experience has shown me that I forget to turn off wifi all too often when I give the iPod to the kids.

Trouble. When I enable security, it autoconnects. Is there a way to force it to ask before connecting?

It’s not just possible, it’s trivial. Every packet sent contains a MAC address of an allowed device in the header. Looking at a single packet gives you everything you need to get access to the network - simply look at the header, use that MAC address and you’re in.

Turning off your SSID broadcast is about as useless as MAC filtering. Doing both isn’t any more useful.
WPA on its own is more than sufficient to keep out undesirables, and it’s easy to implement and provide access to friendlies. Don’t bother with multiple security schemes - if you have WPA enabled, suppressing SSID or MAC filtering doesn’t add any additional security value.