Wireless Security: Thoughts/Experiences?

Discussion in 'Mac Basics and Help' started by Seasought, Nov 22, 2005.

  1. Seasought macrumors 65816

    Seasought

    Joined:
    Nov 3, 2005
    #1
    I've done some reading on wireless Internet security risks and have taken some simple steps using native OS X apps (firewall, services, etc...), doing md5 checksums, watching important log files, password protecting things, but I also read an article about how easy it is to exploit a 'protected' wireless network using easily obtainable free software to sniff and crack one's way into unwanted territory.

    I've always liked the idea of setting up a small wireless setup in my apartment with the proper MAC filtering, firewall, WEP - whatever to protect it but, is there something I'm missing that's more effective (short of going with a secondary hardware firewall or going back to wired)?

    All of you with experience exploiting this or protecting yourself against it I'd love to hear your thoughts read your links. I've been taking my Powerbook around my area (war driving) just to see what hotspots are out there and it's quite disturbing to think people are so clueless about potential risks/problems with regard to their home networks.

    Thanks in advance.
     
  2. TheMonarch macrumors 65816

    TheMonarch

    Joined:
    May 6, 2005
    Location:
    Bay Area
    #2
    Don't use WEP... WPA is much more secure... Also keep in mind where you live... If you suspect that a lot of people really close* to you have wifi equipment, then opt for a stronger security (WPA)... Otherwise, WEP is secure enough for the average user. Don't sweat it too much ;)


    *What I mean by close, is that you get other people's signal in your home close (Not having to wardrive)
     
  3. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #3
    Also make sure to check the box "create a closed network" in the AirPort Admin Utility. This will make it so without 3rd party (black-market) software, others will not even know the network is there. In other words, your AirPort will not 'broadcast' its name; someone could be right next to your hub, and unless they know the name of your network, and type it into their computer they can't log into it. WPA is also good on top of this.

    Also, since you are in an apartment, you can change the strength of your AirPort hub, therefore making the range less, so it will only be within your area. This way, only your direct neighbors could pick up the signal, not half of the floor. To do this; in the AirPort Admin Utility, click "Wireless Options...," then in that window, at the bottom, slide the slider to whichever strength fits your needs best.
     
  4. Seasought thread starter macrumors 65816

    Seasought

    Joined:
    Nov 3, 2005
    #4
    I'm always paranoid about these things...and now that I own a Powerbook (and am quite obsessed with it) I must protect it from evil...I must...<eyes glaze over>

    Thanks for the advice
    :D
     
  5. Seasought thread starter macrumors 65816

    Seasought

    Joined:
    Nov 3, 2005
    #5
    Will do, I'll have to experiment with the range settings.

    I considered setting up my old linux box as a 'honey pot' that DoS attacks them or just sends them nowhere, but I think that might be going overboard...

    Thanks for the tips, appreciated. :D
     
  6. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #6
    Why not use WPA, it's just as easy to set up as WEP, and just as easy to log on to (assuming you know the password). But it is much better.
    Kinda like when you go to the grocery store, and they have skittles on sale, and the 20 oz bag is the same price as the 5 oz bag - which are you going to chose? ;)
     
  7. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #7
    What's a 'honey pot'? :confused: :confused: :confused:
     
  8. Danksi macrumors 68000

    Danksi

    Joined:
    Oct 3, 2005
    Location:
    Nelson, BC. Canada
    #8
    Sounds like a server that's deliberately 'open' - then should anyone try to access it, the machine turns nasty on them. Covers them in honey :rolleyes:
     
  9. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #9
    That sounds like a lot of fun. :p
     
  10. Will Cheyney macrumors 6502a

    Will Cheyney

    Joined:
    Jul 13, 2005
    Location:
    United Kingdom
    #10
    With most routers it's actually easier!
     
  11. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #11
    Guess that' just another reason to thank Apple! :)
     
  12. SummerBreeze macrumors 6502a

    SummerBreeze

    Joined:
    Sep 11, 2005
    Location:
    Chicago, IL
    #12
    MMM.....skittles....

    WPA might not be as good as candy, but it is definitely something you should use instead of WEP. I have it set up at my apartment building, and all of my roommates (who aren't exactly computer people) had no problem getting online.

    Of course, I'm still a bit paranoid, so whenever I do online banking or anything that has to do with identity/credit cards, I plug into the wall.
     
  13. Seasought thread starter macrumors 65816

    Seasought

    Joined:
    Nov 3, 2005
    #13
    Sounds good actually.
     
  14. Aggamemnon macrumors member

    Aggamemnon

    Joined:
    Nov 24, 2005
    Location:
    Bath
    #14
    Wireless Security

    Wireless can be a nightmare and, having done some wardriving, I can assure you that the security is no joke.

    WEP is totally non-acceptable.

    WPA is bareable, but I would strongly advise that you pick a long key and have both numbers, letters and non-alphanum chars. Something like _f00^B&R_:) but longer.

    Hiding the SSID of the network is optional as anyone capable of cracking it is capable of picking the SSID from the air. MAC filtering is also up to you (it is trivial to spoof a MAC address).

    However, there is another school of though that encourages you to leave your internet connection open via your WiFi, and set the SSID to something meaningful and helpful (such as your address). This provides a public service and may be useful to someone. For example, I make use of the WiFi in my road when my router is down or I am in the garden (as I am wired at home). You can protect access to your internal network by using VPNs to make a secure Virtual Private Network, and/or SSH tunnels.

    Or, you could secure you WiFi to the max as I stated earlier, AND run a VPN behind it.

    Hope that helps.
     
  15. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #15
    What's a VPN? How does it work? How can I do it?
     
  16. Aggamemnon macrumors member

    Aggamemnon

    Joined:
    Nov 24, 2005
    Location:
    Bath
    #16

Share This Page