Help me make my home network secure.

Discussion in 'General Mac Discussion' started by VooDooPope, Sep 30, 2004.

  1. VooDooPope macrumors member

    Joined:
    Jun 9, 2004
    Location:
    The Heights, Houston TX
    #1
    Here is my current set up. I have a cable modem connected to my Airport Extreme Base station. I don't think I set any sort of security setting when I set it up I just plugged it in and ran with it.

    Wirelessly connected to the base station is my Powerbook and my G5 iMac.

    I also have an airport express hooked up in the living room to extend the range and stream music to my home theater system.

    Right now I'm probably wide open so what to do I need to do to make this network secure?

    Thanks in advance.
     
  2. tvfilm macrumors newbie

    Joined:
    Sep 19, 2004
    #2
    linksys

    i use linksys router, has a great security features

    can u log into the airport base and adminster the settings?

    like

    168.192.0.1 or whaTEVER
     
  3. mischief macrumors 68030

    mischief

    Joined:
    Aug 1, 2001
    Location:
    Santa Cruz Ca
    #3
    Linksys BITES.

    I've yet to have a good experience with one of their POS routers.

    You need to set your Airport to not broadcast it's network name. Here's a link: http://www.apple.com/support/airport/

    Grab all 3 PDF's. They go over all you could ever want to know about Airport networks including how to secure them.

    Just adding a router without securing your Airport network would be a huge waste. Just get the PDF's and learn how it works. As long as you remember your password, network name and/or have a paperclip handy you're cool. ;)

    Don't be intimidated, just get the PDF's and you'll understand the whole shebang. It's a very friendly read as compared to most Networking manuals.
     
  4. emw macrumors G4

    emw

    Joined:
    Aug 2, 2004
    #4
    Although I have had tremendous success with my Linksys routers (went from wired to wireless), I agree that the need to add one is questionable, especially a wired one since it won't help at all.

    The Airport has enough built-in security to cover your needs, as long as you follow the appropriate guidelines that mischief recommends, but the big ones are:

    - Don't broadcast the SSID
    - Use MAC address filtering
    - Use a good password that others won't guess
    - Change the default IP address and admin password on the router
     
  5. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #5
    I'd add, don't rely entirely upon the firewall/SPI/NAT of the router. Running a software firewall on the Macs behind the router is just a second line of a good defense. Also, make sure you use (and insist on, for others) a strong password for all accounts on all machines attached to your network. Passwords are your LAST line of defense.

    Edit: And for the love of pomegranates, don't use the firewall control from the Sharing Prefpane. Learn to use it via command line or, use BrickHouse/SunShield to control it.
     
  6. timon macrumors member

    timon

    Joined:
    Sep 27, 2004
    Location:
    Tustin, CA
    #6
    If you not planing on having others come over and use your network then turn on WPA. Everything from Apple should support it. If not you will have to use WEP which is not as good at WPA but not bad if you use 128 bits.

    MAC address filtering is a royal PIA if you have others coming over and I really don't think it's needed.

    If you want to broadcast the SSID that's fine just make sure that you change it from the default so hackers will not know which router your using, at least they have to work a little harder to figure it out. Even if you don't display it you still want to change it.

    WPA and WEP passwords don't have to be hard to remember but just make sure you use upper and lower case with numbers. Sometimes you may want to use numbers as letters such as 5's for S's and 3's for E's. Just mix it up.

    The Admin password is the one you really want to keep secure. Once set tape a copy to the bottom of your router, don't do this in an office, so you won't loose it.

    Save a copy of your configurations so you don't have to put everything back in by hand.

    And above all, HAVE FUN :D
     
  7. varmit macrumors 68000

    varmit

    Joined:
    Aug 5, 2003
    #7
    I too like the rest above, use a cheaper linksys router, but I'm sure the Extreme Base Station has the same options. Tell the Base Station to not broadcast SSID (and even change the default name), and use WEP to encrypt to keep others off your wireless network. Also change the default admin name and password. If you forget the name and password, there is a way to reset the Station back to default settings so you wont be locked out completely if you forget.

    The Base Station will act as a natural firewall from the internet unless you open a port to forward to a certain computer. Such as if you wanted to run a web server to share a web site, you would need to forward port 80 to the correct machine, but you need to do that manually. So if you didn't open any ports, you are as safe as that setup will get without going out and getting more hardeware like a real firewall.
     
  8. mischief macrumors 68030

    mischief

    Joined:
    Aug 1, 2001
    Location:
    Santa Cruz Ca
    #8
    Password help:

    If there's an obscure set of names you have totally in mind you can often just use one for the login and another, related term for the password itself, substituting numbers for letters where they're graphically appropriate.

    Obscure sets of placenames work great (Hawaii, the Pacific Northwest, Pacific Islands are some good examples) along with Scientific Names, Chemistry terms, obscure novel characters/places, etc.

    DO NOT use novels that are common knowledge. Realize that any hacker has memorized all of Tolkiens' works for example and will guess very efficiently if that's your theme.

    You might want to get Norton Personal Firewall. Not because it's any better than the built in firewall in OS X but because it provides a convenient log of intrusion-attempting IP's. I used this feature when I was administering a network of Fixed-IP machines to smack around a number of students at the local HS (tracked their IP's) who wanted us for Quake servers. The OS X Network Utility can be quite useful in Unlimited-Pinging hackers into submission. ;)
     
  9. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #9
    I have to disagree with this. While this might foil your 10 year old sitting at your Mac, it won't stop a cracker for very long at all. Any words that appear in a dictionary are fair game. Any slang words are fair game. Pretty much, any printed word is fair game. The only SAFE passwords are those that are seemingly random letters and numbers.
     
  10. mischief macrumors 68030

    mischief

    Joined:
    Aug 1, 2001
    Location:
    Santa Cruz Ca
    #10
    Law of diminishing return. Why would a hacker bother expending enough energy to crack a twelve digit password on my home network when there's a business with six digit passwords on their Wireless Access point two blocks away?

    There's no such thing as a SAFE password unless it refreshes with every packet over top of a public/private style encryption scheme on a tunnelled VPN using keys larger than 512 bits.

    Most people don't need anywhere near that level of paranoia however because the vast majority of folks with Wireless Access Points buy Linksys or Belkin routers that don't demand a replacement password for the one it comes with. Airport at least requires a custom one before it's setup closes. This means that just by setting your Airport up you're more secure than 99% of other wireless networks where all you need is:

    Login: Admin

    Password (Blank or "admin")
     
  11. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #11
    Touché. While I was speaking of passwords in general, not those applied specifically to a WEP/WPA/WiFi webconfig login key.
     
  12. VooDooPope thread starter macrumors member

    Joined:
    Jun 9, 2004
    Location:
    The Heights, Houston TX
    #12
    Wow. Thanks for all the great advice. I'll be securing my network this weeknd.
     

Share This Page