I do take precautions with my wi-fi (absurdly long password, good encryption, MAC filtering) but keep in mind as others have said, this is a layered approach.

Which means, each layer makes it harder for someone to get through.

Let's say that each layer will block 9 out of ten serious attempts to get into your system. Most folks that are just casually interested will not go through the effort to overcome each layer unless they think you are a high-value target. But someone with unlimited time, resources and motivation will eventually defeat any and all security measures. The idea here is the same as having good security on your home. The more difficult you make it for bad guys to get in, the more they are going to try to find a softer target. However, if you have the National Guard on your doorstep with grimly determined looks on their faces and you can see a hundred guys in uniforms and an APC in the background when you peek out, you know they're getting you out of your house, it's just a matter of when and on what terms.

radius is a pre-2012 term, its called network policy server these days.

RDP with NLA (network layer auth) is the MS recommended but i use Logmein.

each one of those "myths" is best practice for SMB wireless enabled businesses. i wouldnt put too much weight on a blog piece at pcworld. each and every one of those myths can help layer security.

You can make long "complicated" passwords that are easy to type and remember. Start by moving to a passphrase. Switch vowels to numbers, symbols, etc. Develop a system that you can remember and works for you.

*2016r0wr0wr0wy0urb0at*

etc...

We all learn as we go.

my passphrase is:

HelloHelloThisIsScheckyShpilkaFromTheTouchyFeelyPo keySqueelyMaritalAidAndRubberProtuberenceCompanyOf PasaikNewJerseyForThoseOfYouLadiesWhoThinkBenWaIsT heOwnerOfAChineseLaundryPleaseComeInForAPersonalFi ttingFromMyWifeBrunHilda

So even if you're in an apartment and 12 people have a decent signal to your wireless router, and your password is something easy like john12345, what are the odds that someone would use a tool to Crack the password in 30 secs and gain access to your Internet? I'm guessing fairly low.

Doesn't windows itself block other users on your network or home group from accessing your files as well?

You know, we hear about all of the gun battles that erupt when cops bust people for child porn, so it is understandable that they would raid the house when they were likely to be asleep.

What?
Never happens?
Well, then why the eff did they think they had to do it that way?

How about an ssh tunnel?
This option is gratis, with free software.

it depends. a lot of apartment buildings have budding hackers as tenants. when i was in my college apartment building, we would try to break into as many wireless networks as we could. i remember messing with my friend and sending his shared printer about 1000 full size pics of penises.

windows does have a firewall but it depends on how they setup their lan.

Needs more symbols

Fairly low, correct.

Depends on how you set windows.

Win.

ssh2 is great for command line interfaces, i use them daily to work with my rhel servers. they are not so great for rdp connections to windows machines as the connection is buggy.

the primary security concern with rdp, especially with NLA enabled is a man-in-the-middle scenario. traffic is passed to a sniffer of some sort which can root out the creds you are using to connect.

logmein rescue addresses all these concerns and is the only remote SSL/TLS tool to be endorsed by major banks and credit card companies.

As someone who's broken into many a wireless network (for fun) and secured many more (professionally) these points are key:

- WEP is useless. I was able to break into these at age 14 using articles posted on the internet about replaying packets/capturing IVs.

- MAC Filtering is useless. The reason is your MAC is broadcast in plaintext for all to see, regardless of your encryption. You can readily see what MACs are communicating with what access points and vice versa. You can 'change' your MAC address to match a client that's in the allowed list.

- Hiding the SSID is useless. When you see a hidden SSID all you need to do is either wait for someone to join the AP (who know the SSID) and this will be broadcast for all to see. Or if you're impatient you can deauthenticate one of the clients, force them to reconnect and you'll get the SSID.

- If you have a good WPA2 password; you're FINE. WPA2 is not broken, UNLESS someone can GUESS (Brute Force) or otherwise acquire your password via other means your wireless transmissions from your devices to/from your router are secure (what happens after that is another question...) ***

- ^ UNLESS your router has a WPS vulnerability (that 'easy connect' button on some routers that allows you to push it, then on your device to automatically configure them). Not as big an issue on routers within the last few years.

*** For a long time AT&T was giving its customers 2wire router/modem combo units that followed a simple formula for SSID and password; 2wire### and a 10 DIGIT password. This means the SSIDs were guaranteed between 2wire000 and 2wire999 and passwords between 000000000 and 999999999. It used to take me about 1-3 hours to crack ANY one of these (in a lab environment of course) on a desktop computer utilizing a GPU (video card) to figure out password (CPUs suck at this).

I performed an experiment where I drove around the city for a bit and found all the 2WIRE### SSIDs I could, as to limit the amount of SSIDs to examine. I then precomputed ALL the handshake possibilities for each SSID (If you have two networks with the same SSID and different passwords, the handshake doesn't look the same). The database was massive, but of all the 2wire### i had almost a 80% success rate being able to determine the WPA2 password. The ones I couldn't the users either changed the default password or had a newer 2wire that came with a alphanumeric passwords.

If they want in, they're going to get in, it's only a matter of when and what they can reach. Wifi should be isolated from the wired net.

MAC addresses can be sniffed and spoofed. Encryption is just a math problem. If you're not moving, a computer can crank on it for as long as it's needed.

For good security, you would do two phase authentication (Radius, etc) and a Certificate. You should rotate passwords and certificates on a periodic basis as well as turning off radios during middle of night, if not also in day when no one else is home, etc.

Agreed, hiding your SSID and MAC filtering do nothing to improve your security, they only add headache.