AirPort security

[macangeles]

Hi,

I've been trying to read up on Airport, Airport Express, and security issues but I've just ended up more confused.

Is Airport or Airport Express secure enough for a small business wireless network? Which is more secure?

Are there any good links to advice or advice someone could give me on how to make Airport as secure as possible?

Thanks so much!

 

[Eniregnat]

Look, given the right tools, 1 computer, 2 wireless cards, and software, and time, no network is completly safe.

That given, do the following.

Start right off the right way.
Use compleatly random passwords. RPG- A good program.

Set a password for the basestation.
Rename basestation etc...
Modify Basestation prefrences to only what you need. If you don't need the ethernet networking, disable it.

Wireless mode- Create wireless network

Name- something that you can remember, but is misspelled, or random- write it down.

128 WEP - Use a something random.

Channel- automatic

Create closed network (it won't broadcast it's name)

Reduce transmitter power to the minimum to cover your offices.

Use multi-casting, this will reduce range.

Actualy- I don't have any more time for this. This is a start. You can set up your network so that it only works with computers who's MAC address is authorized. I'll let somebody else continue.- Through Access controll.

Spoofing, packet injecting, and poor WEP key decription is still possible. Lucent cards are very resistant to weak keaying of packets, and Apple uses lucent cards. Others will chime in. Weather frequent DHCP releasing or static addressing is more secure is a debate. The bigest threat is social enginering, resist it, be warry, and above all, don't live life in fear.

 

[alexprice]

Hi,

I've been trying to read up on Airport, Airport Express, and security issues but I've just ended up more confused.

Is Airport or Airport Express secure enough for a small business wireless network? Which is more secure?

Are there any good links to advice or advice someone could give me on how to make Airport as secure as possible?

Thanks so much!

Hi there, ok I could talk for hours about this but I'm gonna try to keep it short and sweet..

1.) Get an Airport Extreme base station
2.) Enable WPA security and create a password for it
3.) Change the password for the base station
4.) Setup "Access Control" and add all of the wireless clients

There are other security features, you shouldn't need all of them enabled at the same time, it all depends on how you want it all to work, access control can be a pain if there's new wireless clients arriving and leaving as you would need to add the mac addresses of the new machines everytime somebody arrives.

Can you tell us more info about what will be going on and what you want from the network?

Alex.

 

[macangeles]

Wow, thank you so much for the replies. I am trying to educate myself on computer and network security and this is a lot of help. I have the basic knowledge of what proper passwords are and that kind of thing but have not been familiar with WEP vs WPA and all that stuff until recently. If you also know of any books that would be good to read that would be great - I'm not looking just to have someone tell me what to do but also learn so I can help myself.

Desktops are connected directly via Ethernet, and the wireless connection will be for those with laptops and will be used for email and some sensitive things such as online banking. Do you recommend not doing ANYTHING sensitive over wireless because wireless security is not foolproof? New users isn't a problem - there won't be many new computers using the wireless.

 

[Mitthrawnuruodo]

128 WEP - Use a something random.

Do NOT use WEP. WEP is totally broken and a wardriver will need very few packets (which s/he himself can provoke sent) before your whole network is open.

Use WPA with a long non-dictonary password. Something like 20 random big/small letters and numbers with a few other signs, like $%&(), will be quite safe.

And, please, search a little. There has been LOTS of wireless security threads the last couple of weeks. Shouldn't be too hard to find one of them...

 

[macangeles]

And, please, search a little. There has been LOTS of wireless security threads the last couple of weeks. Shouldn't be too hard to find one of them...

I did do a search and read all of the threads I could fine. They were very helpful but I guess I still had questions.

What I'm coming up with is that anything "sensitive" should not be done over wireless no matter what security precautions are taken. Is that right?

 

[Eniregnat]

What I'm coming up with is that anything "sensitive" should not be done over wireless no matter what security precautions are taken. Is that right?

Yes and no.

[Edit] Use a condom and plug into a physical hard line when ever possible. Above all, use a condom![/URL]

Look, if your worried, you have reason, but don't believe that hackers are canceling you pad looking for weak packets. I really hate how terrorists are behind every door. That said take precautions. If you can plug in for sensitive information, do. As at least two of us have noted, use random passwords of significant length. I store all of my passwords in a strong blowfish encrypted meta file. I use the program I linked above to create most of my random passwords. How many MacRumors people rekey their apartments with non-Schlage locks? I bet very few. Schlage master keys are easy to make and fined. Your credit card information is much more variable than you think. You apartment or car is more likely to be broken into. Every hard card purchase that you make has any number of way it can get stolen. Take every precaution you think is necessary.

Something you might not think of, a bit of a digression, never use the ATM function of your CheckCard. You can and do likely use your ATM card as a credit card. If you use it as a credit card and if somebody steals it, you can be reimbursed. If you used it as an ATM card and the number with key code is stolen, you get nothing back. Just a tiny little fact your bank doesn’t highlight. Use reputable ATMs when ever possible, preferably of the issuing bank.

Sorry for the rant. I am all for minimizing risk, but people don't assess risks very well. It sucks when bad things happen to people, but I truly believe that the media (of which we are now a part of) really move relatively rare problems to being perceived as very common. Take a look at shark attacks. More people are killed by dear in the US every year than all other large animals and lightning combined. I don't hear about to many dear slayings on the news though.

 

[xsedrinam]

Do NOT use WEP. WEP is totally broken and a wardriver will need very few packets (which s/he himself can provoke sent) before your whole network is open.

Use WPA with a long non-dictonary password. Something like 20 random big/small letters and numbers with a few other signs, like $%&(), will be quite safe.

And, please, search a little. There has been LOTS of wireless security threads the last couple of weeks. Shouldn't be too hard to find one of them...

Just now setting up in new residence (apartments) which have provided dchp ethernet, but I don't have the network name to enter WPA setup menu. They gave me router info to set up with dchp manually but the IT didn't have any other information. Any suggestions for setting up WPA. I'm checking google meanwhile.
X