Wireless security?

[SeK612]

I'm attempting to secure my wireless network at the moment and this seems to be proving a bit of a challenge.

So far I've added a Mac filter which seems to be keeping unauthorised P.C's out of the network (as I understand this it isn't much of a deterrent for most though as the Mac address can be picked up in packets and spoofed).

I've also added a WPA setting which seems to require wireless connections to need a password to join into the network (which works but it seems a dictionary attack on the password can reveal it).

Is this enough or should I look into the other option on my router (WEP)?

Also I'm managing to pick up someone else network (most of the time by accident as I've disabled the SSID broadcast from my router and my computer seems to automatically connect to the other). Should I attempt to warn whoevers network it is if I can (or would they be keeping it open for a reason?). Also what kind of stuff could be done to such a open network (for the moment it seems internet access is the main thing from the connection but would it be possible to connect to other P.C's on that network or monitor traffic for example?). On the flipside what could happen to users connected to the network (could the owners be monitoring sites that are being looked at whilst connected to the router for example?)?

[backlash]

I also limit the number of IPs to the amount that actually join the network.

Why don't you pick a password that isn't in the dictionary? Why not pick a numerical password or alphanumeric?

[lynx]

Hiding SSID does little for security, anyone with a good scanner can simply look at what you are connecting to and they will see the SSID. However, it does stop the casual user from seeing your network. If your neighbour did that then you wouldn't connect to their network accidentally. You can also configure your computer so that it only connects to your network.

If you happen to connect to someone else's network then with the right software they can monitor your traffic in exactly the same as they could monitor their own traffic. It's also illegal so they could call the police, but in practice it sounds as if they haven't a clue so they are unlikely to find you.

For security, I use WPA2-PSK. It requires a passkey of 8 to 63 ascii characters, but that doesn't need to be memorable. You can set up your client to use the same key, you should not have to enter it every time.

[Barbarossa]

I just use mac address filtering at the moment. It's horses for courses really, it depends on your level of paranoia. I did use WEP for a while, but it's probably overkill for normal home use.

That WPA stuff sounds like what I want to do, I may have a go at that next. As Backlash said, use a "strong" password and you should be immune to brute force attacks.