| MetaFilter's site and server can always use upgrades of hardware, software, and bandwidth, as well as more stable funding for continued support of its small but high-skilled moderation and backend team! If you'd like to chip in, you can donate to Metafilter. |
Wireless security
WiFi security in a nutshell: leave MAC filtering turned off, SSID broadcasting turned on, and use WPA2 (or at least WPA) with a long randomly-generated password.
MAC filtering is pointless because MACs are easily spoofed. Turning off the SSID broadcast is pointless because your SSID can easily be gleaned anyway by watching other traffic. Neither measure does anything meaningful to keep a black hat out of your network. Either measure will, at some point, keep you out of it.
Use a straightforward SSID. Street number and name is a good choice: it's easy to see which of the visible WAPs is yours, and strangers will know whose door to knock on to request network access.
Keep your random WPA password in a text file on your USB stick, and paste it in as required. If a black hat can't look up your WPA password in their pre-built password dictionary, they can't access your network. Use WPA2 if all your devices support it, WPA if not. If you have devices that only support WEP, upgrade them.
There's a story doing the rounds at the moment about those dastardly Russians and their use of nVidia GPU's to crack WPA/WPA2 passwords by brute force. So, let's assume their claimed password test rates (about 400 million passwords per second) are close to the mark.
Let's also assume you've used the password generator linked above, which gives you a search space of 5215 = 54960434128018667122720768 possible passwords. Let's assume that the black hat is going to be lucky enough to crack your password after searching one millionth of that space - 54960434128018667122 passwords. At 400 million per second, that will take only 137401085320 seconds, or about 4300 years.
A one in a million chance of cracking your WPA password within 4300 years is probably acceptable.
