Airport Network Security

Discussion in 'Mac Apps and Mac App Store' started by jbrown, Jul 11, 2005.

  1. jbrown macrumors 6502a

    jbrown

    Joined:
    Jul 7, 2002
    Location:
    London
    #1
    Several networks are springing up where I live.

    Is there any way to see if anyone has tried to get onto my network...or see if anyone is on it


    cheers in advance :)
     
  2. Applespider macrumors G4

    Applespider

    Joined:
    Jan 20, 2004
    Location:
    looking through rose-tinted spectacles...
    #2
    What wireless router are you running?

    If it's Airport based, download the Airport Management Tools and run the Client Monitor to see which other MAC addresses are on the network.

    If you're really concerned, then if you hide your SSID and turn on MAC filtering, there's very little chance of someone managing to get onto it.
     
  3. jbrown thread starter macrumors 6502a

    jbrown

    Joined:
    Jul 7, 2002
    Location:
    London
    #3
    Thanx.

    What is SSID, and how do I hide it? And turn on Mac filtering?

    I'm on a reg Airport Extreme setup.

    I don't really mind if someone just uses my internet connection - but if they get on my network, just how much mischief can they get up too?? :eek:
     
  4. Darwin macrumors 65816

    Darwin

    Joined:
    Jun 2, 2003
    Location:
    round the corner
    #4
    Since your using an Airport Ex Station the instructions follow:

    In your Utilities folder you will have an Airport Admin Utility that you might have used already to alter settings on the base station, find your station in the list and when you access it a new window will pop up showing configuration settings

    SSID is the ID which the network broadcasts for people to know that its there, turn it off and the network won't be on display for others to see, that fuction on Airport is called Closed networking and there will be a simple checkbox to work that

    Going to the Access part you can add your MAC no. (a uniqie no. for each network hardware, ethernet, Airport etc) click add and there then click the button that says "This computer"

    Of course there is always the "make sure you have passwords for both base Station and network" speech but the Admin Utility is pretty straight forward so that shouldn't be a problem to do :)
     
  5. Applespider macrumors G4

    Applespider

    Joined:
    Jan 20, 2004
    Location:
    looking through rose-tinted spectacles...
    #5
    The amount of trouble might depend on what sharing permissions you have set and what they might be downloading. If they're using your connection for downloading music/movies from P2P networks, you might wake up one day to a summons from the BPI for lots of cash. If you think someone's just hopping on to check their webmail, then you might be happy to do that. If you're on a limited bandwidth broadband service, you might also want to limit people's ability to use your account.

    Do you have WPA or WEP security set up on it at the moment?

    To stop your Airport Base broadcasting your SSID (which is the name of your network as it appears in your Airport bar in the menu bar), open up the Airport Admin Utility, select the network, choose configure and tick the box that says 'Create a closed network'. This will mean that anyone wanting to join your network would need to know both the name of the network and the password to be able to join it.

    To filter the MAC addresses that can use your network, stay in the Admin Utility and click on Access Control. You'll see a + sign next to the box at the top, click on that and enter your Mac's MAC address (or Airport ID) and a description. Whenever any other computer/router wants to join your network, you'd have to go in there and update the Access Control list with the new MAC address. That includes things like Airport Expresses. You can find your MAC (Airport ID) in System Preferences, Network under the Airport tab of Configure or in the System Profiler under Network
     
  6. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #6
    Use WPA security. WEP can be cracked very easily.

    In order of importance:
    1. WPA Security
    2. Restrict to registered MAC addresses.
    3. Do not broadcast your SSID.
    In truth, the last one doesn't do very much, but in combination with the others, it becomes more powerful. Make sure the WPA password is not a simple word. Make it a phrase. Use mixed case and special characters as allowed.
     
  7. Eniregnat macrumors 68000

    Eniregnat

    Joined:
    Jan 22, 2003
    Location:
    In your head.
    #7
    I think all of this is over reacting, especially when people talk about packet cracking, at least if your network consists of only a link to the internet. If your really worried, hard line it. All the advice above is good.

    Also use strong random passwords. This little app helps generate strong keys. Also, change passwords from time to time.

    You can further improve security, at least from passing snooping by reducing the power output of your wireless base station so that it covers a minimum area.

    Lastly, use the file vault feature of OSX. Also, anything that is truly sensitive, you should encrypt anyway. You don't have to use OSX, but don't rely on MS words password protection scheme, or many other programs.
     
  8. jbrown thread starter macrumors 6502a

    jbrown

    Joined:
    Jul 7, 2002
    Location:
    London
  9. swindmill macrumors 6502a

    swindmill

    Joined:
    Mar 17, 2005
    Location:
    KY
    #9
    What about restricting the number of IP addresses to the number of computers on your LAN? I've done this as well as assign certain IP addresses to each computer on the LAN, which leaves no open IP addresses to use.

    I also use WEP and will start using WPA when I take the time to look into it.

    . . . just curious if limiting IP addresses is effective
     
  10. Darwin macrumors 65816

    Darwin

    Joined:
    Jun 2, 2003
    Location:
    round the corner
    #10
    I have also done this, I've set 10 IPs aside for my home network but its easy to go beyond that range by seting up a computer for a manual address
     

Share This Page