Sometimes I think I'm the only person who takes Wi-Fi security seriously. Unlike all of my neighbors, I run my Wi-Fi access point with a hidden SSID so that nobody casually browsing the available networks will be tempted to try and connect to it. I also run it on half power, which is plenty sufficient to reach all round the house and garden without exposing it all along the street.
Of course, I also have it set to use WPA2-PSK, and it has a long and complex non-dictionary password. On top of that I enabled MAC authentication so that only known devices can connect. Yes, I know that most of these features can be cracked by determined attackers but all the good books say that defence in depth is the best approach, and the more layers of protection I have enabled the less the risk.
Should I actually worry about anybody connecting to my internal network through Wi-Fi? There's several other computers and devices on the internal network, although they are all secured with user names and passwords different from the wireless router credentials, and all sensitive folders and shares are locked down to the network admin account. But I really don't fancy having somebody I don't know wandering around my network.
Plus, anyone who did connect could get out onto the Internet through my proxy server, absorbing my bandwidth and exposing me to the risk of action if they do anything illegal over my connection. And I have to pay for my bandwidth, so why should I let other people soak it up browsing Facebook, playing games, and viewing doubtful content.
So it seems like my security approach is sensible. Unfortunately, Google doesn't agree. I recently bought my wife a Google Nexus 7 tablet so that she can soak up my expensive bandwidth browsing Facebook, playing games, and viewing pictures of cats. All the reviews I read said it's really easy to set up - you just choose your locale and your network connection, enter your Google account details, and (as we say over here, though I don't know why) "Bob's your uncle."
Yeah, you reckon? At step two you have to choose an existing wireless network and connect to it, or select "Add a network" if you use a hidden SSID. That's fine, but if I don't enter the MAC code of the device into the wireless router's configuration I can't connect. At this point the screen just says "Not in range" and you can't do anything about it.
Usually, when setting up any other computer, I skip the network setup and then go into the device information page to find the MAC address (that's what I had to do with our HTC Android phones). But Android on a tablet is obviously paranoid about not being able to talk to its Do No Evil home because there's no option to set up a network later. I guess they think that nobody would ever dream of using a tablet (where you can read books, watch videos, and listen to music) if there's no Internet connection.
And just to make matters worse, when you set up a new connection and don't get it exactly correct (such as the wrong letter case in the SSID, or an incorrect password) you can't edit it. The only options are "Connect" and "Forget It" - you have to remove the connection and then start all over again. And the dialog quite happily closes without saving the settings or warning you they'll be lost if your finger wavers a little on the onscreen keyboard.
So the only remedy to finish the setup seemed to be to go into the router's configuration and turn off MAC authentication while the tablet connected. Then, after setup is complete, find the MAC address in the tablet's system information pages, add it to the list in the router, and then turn MAC authentication back on. Assuming, of course, that turning off MAC authentication didn't lose the list of existing permitted addresses (I suggest you take a screenshot or copy them into Notepad first).
However thankfully, after three attempts when I finally got everything right in the tablet's connection dialog, my wireless router configuration page (after I turned MAC authentication off) detected that some unknown device was trying to connect and displayed the MAC address for me to add to the permitted clients list. After that I could turn MAC authentication back on and it worked. So completing the tablet's three page setup wizard only took the best part of an hour. Including swearing time.
It was only then that I discovered why I had so much trouble with the connection settings dialog - the tablet was suffering from the "phanton keystrokes" issue several other people have encountered (search the web for "nexus 7 phantom typing" for more details). So the next day it was back to the store to swap it for another one. From a different batch. And go through all the MAC authentication thing again because the MAC address is different.
And now I just need to figure out how to get it to talk to my wife's Exchange Server email account - which is exposed as a service over HTTP by our remote email hosting provider. And convert all the music she indoors wants putting onto it from WMV to MP3 format. Perhaps I'll need to take a holiday and stock up on new swear words before then...
Are you sure the MAC address was not printed on the box or on a label on the device? I've yet to get a network-capable device that does not have its MAC address printed on the box, but it's good to know if the Nexus doesn't. Cheers.
Yep, that was the first thing I looked far, and it isn't. But the production date is, and the one that didn't suffer phantom keystrokes was dated Feb 2013. A shiny new one! Might be useful to check if you decide to buy one - the faulty one I had was dated Dec 2012. Maybe they were excited about the holiday season and were rushing to get it finished...