On Wed, 15 Nov 2006 04:21:20 -0500, "David" <this@is.invalid> wrote in
<3O2dnbrVQ9p5RsfYnZ2dnUVZ_oydnZ2d@comcast.com>:

>"John Navas" <spamfilter0@navasgroup.com> wrote in message news:nvall2tiqs8prpn3kh4f6195ldf3o1fg6f@4ax.com...
>> On Wed, 15 Nov 2006 00:21:08 -0500, "David" <this@is.invalid> wrote in
>> <NoqdnXzfWfgHPsfYnZ2dnUVZ_sGdnZ2d@comcast.com>:
>
>>>- Max length, strong SSID, went ahead and disabled broadcasts since it
>>> was easy
>>
>> Bad idea. Turn SSID back on. Just make it unique. Length is
>> irrelevant. There's no (zip, zilch, nada) "strength" in the SSID.
>
>>>- Went ahead and enabled MAC filtering
>>
>> Bad idea. Won't do any real good, likely to cause problems.
>
>I've tried to read up on these and AFAICT both present low hurdles.
>I'm not relying on them, and the way I see it a hurdle is a hurdle and
>I'll take it even if it is low. The Intel software remembers the SSID
>for me and I only have one MAC address to whitelist so I'm not seeing
>an issue WRT inconvenience. Taking this into consideration, why do
>you say they are a bad idea?

<http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security_Myths>

THE SIX DUMBEST WAYS TO SECURE A WIRELESS LAN
<http://blogs.zdnet.com/Ou/index.php?p=43>
(Wireless LAN security hall of shame)

MAC filtering: This is like handing a security guard a pad of paper
with a list of names. Then when someone comes up to the door and
wants entry, the security guard looks at the person’s name tag and
compares it to his list of names and determines whether to open the
door or not. Do you see a problem here? All someone needs to do is
watch an authorized person go in and forge a name tag with that
person’s name. The comparison to a wireless LAN here is that the
name tag is the MAC address. The MAC address is just a 12 digit long
HEX number that can be viewed in clear text with a sniffer. A
sniffer to a hacker is like a hammer to a carpenter except the
sniffer is free. Once the MAC address is seen in the clear, it takes
about 10 seconds to cut-paste a legitimate MAC address in to the
wireless Ethernet adapter settings and the whole scheme is defeated.
MAC filtering is absolutely worthless since it is one of the easiest
schemes to attack. The shocking thing is that so many large
organizations still waste the time to implement these things. The
bottom line is, MAC filtering takes the most effort to manage with
zero ROI (return on investment) in terms of security gain.

The downside of MAC filtering is that it often results in mysterious
problems that waste lots of time to troubleshoot and fix. With no real
upside, and a significant potential downside, it just doesn't make
sense. Think cost:benefit ratio.

SSID hiding: There is no such thing as "SSID hiding". You’re only
hiding SSID beaconing on the Access Point. There are 4 other
mechanisms that also broadcast the SSID over the 2.4 or 5 GHz
spectrum. The 4 mechanisms are; probe requests, probe responses,
association requests, and re-association requests. Essentially,
youre talking about hiding 1 of 5 SSID broadcast mechanisms. Nothing
is hidden and all youve achieved is cause problems for Wi-Fi roaming
when a client jumps from AP to AP. Hidden SSIDs also makes wireless
LANs less user friendly. You dont need to take my word for it. Just
ask Robert Moskowitz who is the Senior Technical Director of ICSA
Labs in his white paper Debunking the myth of SSID hiding.

The downsides of SSID hiding are that it (a) makes it more likely that a
neighbor will set up on the same channel as you, resulting in
interference that can make your Wi-Fi problematic, and (b) can cause
mysterious dropouts with products and/or drivers that don't handle it
well. Again, with no real upside, and a significant potential downside,
it just doesn't make sense. Cost:benefit ratio.

>>>Speed tests via wireless are coming in around 7Mbps
>>>no matter where I am. Which is about half of what I get through the router
>>>via hardwired LAN. The wireless performance sounds low to me but I
>>>need to do some more research into that.
>>
>> That is low. With good signal you should be getting about 22 Mbps
>> wireless to wired, or about 11 Mbps wireless to wireless.
>
>Well after netstumbling for any problems and updating software and
>tweaking everything I could find I still get substantially lower test results
>over wireless vs hardwire on the Speak Easy Speed Tests. As a sanity
>check I used iperf to check desktop<->notebook bandwidth and it
>reports a little over 25Mbps. Maybe after some sleep I'll finish getting
>to the bottom of this <yawn>.

A likely cause of your problem is RF interference. (Check your error
rate.) Perhaps a neighbor is using the same channel and hiding the
SSID, so you haven't noticed. ;)

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>