Limiting Access to WiFi?

goodtimesnw

Reputable
Feb 21, 2014
10
0
4,510
Hello all,

I would like your input about a unique situation I am trying to solve.

I work at a fire station and oversee our union members mini network... which consists of three stations, routers, three desktop/printer workstations, and numerous personal wi-fi connected devices.

Our union wishes to restrict access ONLY to union members. We have a number of public and non-union personnel who attempt to connect to our network daily and we want this to stop.

My first thought is to enable MAC filtering on the routers, however, I read all over the internet that MAC filtering doesn't do anything for security... and, of course, MAC IDs can be spoofed. We know there is no all-inclusive solution - we're just looking to prevent members of the public from being able to connect to our privately funded network. The likely hood of our rural dept being subjected to members spoofing MAC IDs, etc is pretty low.

I still wish to leave our WPA2-Personal encryption active as well.

Does anyone have any suggestions to restrict access other than changing WiFi keys, hiding SSID, and MAC filtering?

Thanks in advance for your suggestions!
 
Solution
Well....MAC filtering can be spoofed, but it does provide a little speed bump. But then you'll have maintenance issues when an authorized member gets a new device with a new MAC address.

But a password system is really the only way to do it. Be it the WPA2 key, or a Linux based access control front end, or something else...there will be passwords involved. Which may/will get out.

Possibly have it on a 30 or 60 day change cycle.

You could build a Linux based access control system for little or no money. Each person has their own username/password for login. If anything happens, then you know who screwed the pooch.

goodtimesnw

Reputable
Feb 21, 2014
10
0
4,510
Ha, thanks for the reply... I'm a little more advanced than that :)

The key inevitably gets out. Additionally, it's been assumed for years that anyone can use the wireless.... Vendors... Guests... Others. We're changing that now and we don't want the pressure of "sharing the key" to be there. If you know what I mean.



 

USAFRet

Titan
Moderator
Well....MAC filtering can be spoofed, but it does provide a little speed bump. But then you'll have maintenance issues when an authorized member gets a new device with a new MAC address.

But a password system is really the only way to do it. Be it the WPA2 key, or a Linux based access control front end, or something else...there will be passwords involved. Which may/will get out.

Possibly have it on a 30 or 60 day change cycle.

You could build a Linux based access control system for little or no money. Each person has their own username/password for login. If anything happens, then you know who screwed the pooch.
 
Solution