Advice on how to 'secure' my wireless internet?

Discussion in 'Mac Basics and Help' started by Lincoln 6 Echo, Apr 22, 2006.

  1. Lincoln 6 Echo macrumors member

    Joined:
    Nov 29, 2005
    #1
    So I'll be setting up my first wireless internet router with OS X 10.3.9 and a D-Link 802.11g router this weekend, and I was wonder what I should know about securing it.

    I haven't started but I was wondering how do I make it so that others can't use my wireless signal? I've noticed when I try to access some wireless connections i'm prompted for a password; is that password access setup part of OS X? Or do I need special software?
     
  2. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #2
    You router should have WPA build-in. Select a password and turn it on. There are many more ways to secure your router, but the truth is that WPA is definitely strong enough.
     
  3. Timepass macrumors 65816

    Joined:
    Jan 4, 2005
    #3
    Use either the WPA build in or even WEP 128 works find. YEah both can be crack but it not like it going to happen and it a lot of trouble to do so. Besides if some one really wants on you network they will get on but then again you are a home users so there just no incesitive to hack into you network.

    I would suggest you hardwire into the router while setting it up because it just makes things easier if you mess up something or miss something. Hardwire does not have the equition to deal with during set up. Once you have that done you are good to go.

    Another option is what is call restricted access. The only way to get on the network wirelessly is if your MAC address is already appoved in the router. I did that at home for the pararents since the equition was not working very well and where having a lot of issues with it. Not as safe but it does keep unwanted people off the network. Plus i showed my dad how I did it.

    You can also double up on that and use both settings. That way the info being transimited can not be read and unwanted people will not be able to get on even if they some how figure out the key because there MAC address is not approved.

    Another common thing wireless routers can do is prevent computer connect wirelessly from accessing the network. THey can access the internet but can not transmit or see other computers on it. They are in there own little privit network and only see there own computer.

    Just some random things about routers. The best solution and over all easiest solution is just use either WEP or WPA at the high setting (general 128 bit) and you are good to go.
     
  4. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #4
    Don't bother with WEP, it was replaced for a reason.

    Besides WPA, turn of the SSID (Service Set identifier) of the network, this way, the average computer user will have no idea there is even a network there.
     
  5. carfac macrumors 65816

    carfac

    Joined:
    Feb 18, 2006
    #5
    All of these suggestions are good- go WPA and not WEP, no SSID, but I would add that if your router supports it, designate the MAC addresses of YOUR computers on the LAN, and exclude anyone else.

    All of these can be overpowered by a REAL good hacker, but together, they make it much harder!

    Good Luck!
     
  6. savar macrumors 68000

    savar

    Joined:
    Jun 6, 2003
    Location:
    District of Columbia
    #6
    There's a mix of advice you're getting here. But as somebody who has configured and cracked many wireless networks, you can trust that I know what I'm talking about.

    For encryption, you have three choices: unsecured (no encryption), WEP, and WPA.

    WPA is much stronger than WEP -- IF AND ONLY IF you use a strong key. What this means is don't use "puppydog" as your password, because that can be easily cracked. Use a random combination of letters and numbers and your WPA network will be very safe.

    Not all devices are compatible with WPA, however, and if you have one of those then you're forced to downgrade the entire wireless network to WEP. WEP is better than nothing, but in my experience it can be cracked in less than 30 minutes average. (Federal agents have demonstrated cracking it in 3 minutes, however.) If you live in an apartment, this is a major problem, because somebody can crack your network from the comfort of their own apartment, and you have no way to track them down. (I've done this before, BTW.) If you live in a house, then somebody who's trying to crack is at least going to have to get close to your router, and you might notice somebody parked on the street in front of your house, hunched over a laptop.

    Unsecured is always a bad idea. Anybody can log on if they are close enough to the router, and if they do anything illegal on your connection it gets traced back to you. Also, any services you have enabled on your network (file sharing, etc.) become exposed to anybody who can pick up your wireless signal. Given all of the bugs in various network services, and the tendency for home users not to install all latest patches, you are potentially allowing somebody to view/corrupt your data.

    Other security features:

    SSID Broadcast -- leave this turned on. People tell you its safer to turn it off, but that's not very true. Your network is still easily detectable, and believe me any crackers looking for wireless networks to break into are not listening to SSID broadcasts, they're listening to network traffic (which always has SSID embedded in it.) The benefit to leaving it on is that if somebody comes over and wants to use your network (and you permit them), they'll see it on their computer.

    MAC filtering -- not really worth using. It won't even slow down a cracker who knows what they're doing, and like I just said above, if somebody wants to come over and you permit them to use your wifi, its just another configuration step that YOU have to go through to get them on.

    Bottom line: Use WPA (PSK) and use a strong password.
     
  7. carfac macrumors 65816

    carfac

    Joined:
    Feb 18, 2006
    #7
    Savar:

    Not trying to start an arguement, just trying to learn...

    You said: MAC filtering -- not really worth using. It won't even slow down a cracker...

    I know that you can fake a MAC, but first you have to find out a valid MAC address. I know this was a problem in WEP- Mac went out unencripted, right? I thoiught this was better in WPA...

    Was I misinformed?
     
  8. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #8
    I've seen demonstrations where MAC filtering alone was cracked in less than 5 minutes. WEP and MAC filtering together can still be cracked in under an hour (and sometimes less than a half hour). WPA (assuming a strong password) and MAC filtering are uncrackable for even a pretty good hacker. But WPA (again assuming a strong password) alone is uncrackable for even a good hacker. A very good or great hacker is going to break whatever you put on you network.

    In short, WPA is enough to keep anyone out who you can keep out.
     
  9. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #9
    While it is true SSID hiding is easy to get past, I still see it as a valuable feature to utilize. Besides, you don't loose anything by doing it (assuming you can remember the name of your own network).

    Unless your neighbor happens to be looking for a network to crack, they won't even notice you exist.

    "Out of site, out of mind."
     
  10. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #10
    But those neighbors aren't the ones trying to hack your network. If someone does try to hack your network, they will be using software which finds packets regardless. Personally, I find it a waste of time to just open the router page and check the box that says hide SSID.
     
  11. Lincoln 6 Echo thread starter macrumors member

    Joined:
    Nov 29, 2005
    #11
    Okay, so I've got WPA (PSK) enabled. But I notice that there's also WPA2 and WPA2-Auto. Should I bother selecting either one of these? WPA2 better than WPA?

    Also, I'm not prompted enter my password each time I connect wirelessly. I was asked once, but when I turn off AirPort and turn it back on I'm automatically connected without being asked for a password again. Is this okay/normal?
     
  12. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #12
    Yes, that is perfectly normal. The password is stored on your computer.
     
  13. 3kids macrumors regular

    Joined:
    Apr 27, 2006
    #13
    Glad to see the password is stored after the first time. I wasn't sure how TIVO would work in a wireless network if it required password authorization every time.
     
  14. Timepass macrumors 65816

    Joined:
    Jan 4, 2005
    #14
    sad part is we are talking in pretty simple terms for what you need to do. Just wireless networking and setting it up is pretty techical and is not easy so simplifided it still going to sound like a lot of mumbo jumble.

    I recomend you read the manual for your router either online or the one that came with it. Chances are you have one that has a web interface and based on what you said everything is still defaut

    I going to guess the ip of your router on your netwrok here but go open up a internet window and type in the ip address of 192.168.1.1 and that should go to your router. If that not the ip address then you have to read the manual to tell you the defaut.

    From in there you have to access the security tab and choose either WPA and choose a good pass word or WEP and get the keys all set up. As for the other stuff I dont know as well. My printer can be accessed from the network but it is being done though the desktop. It is plug into the desktop computer and then I told it computer to share the printer. From there other computers can access it and print. As for the TiVo good luck.
     

Share This Page