Professional Web Applications Themes

Mac addresses / Multiple airports - Mac Applications & Software

That, of course, is my second dilemma. I still need to be able to input all my mac addresses easily. As for the encryption, do you suggest WEP or VPN? If the latter, how would I authenticate in a mac environment? It is not a possibility to lose the wireless due to cirstances beyond my control. Bobby "Wesley Groleau" <wesgroleaudespammed.com> wrote in message news:JtGcndJYDL6dGpSiXTWJjwgbronline.com... > Bobby Janow wrote: > > year, is there anything else I can do to increase security from outside our > > Yes. Lose the wireless. Or else make sure > _everything_ it does is encrypted. ...

  1. #1

    Default Re: Mac addresses / Multiple airports

    That, of course, is my second dilemma. I still need to be able to input all
    my mac addresses easily. As for the encryption, do you suggest WEP or VPN?
    If the latter, how would I authenticate in a mac environment? It is not a
    possibility to lose the wireless due to cirstances beyond my control.

    Bobby

    "Wesley Groleau" <wesgroleaudespammed.com> wrote in message
    news:JtGcndJYDL6dGpSiXTWJjwgbronline.com...
    > Bobby Janow wrote:
    > > year, is there anything else I can do to increase security from outside
    our
    >
    > Yes. Lose the wireless. Or else make sure
    > _everything_ it does is encrypted.
    >

    Bobby Janow Guest

  2. #2

    Default Re: Mac addresses / Multiple airports

    In article <wBhOa.51719$n%5.528nwrddc02.gnilink.net>,
    "Bobby Janow" <bjanowmsn.com> wrote:
    > I have a question about WEP. There is no wep enabled on these base stations
    > and I'm wondering if it's really necessary. Remember, I'm dealing with a
    > teacher and a lot of middle school students. The only traffic that would be
    > sniffed is internet web stuff and maybe a term paper or two. Each laptop
    > would need to enter the wep key meaning possible phone calls to me when they
    > can't connect. Your thoughts?
    My thoughts are that it's good to use whatever's available to keep
    things secure, although you shouldn't put too much faith in WEP. WEP
    isn't hard to break for anyone who wants to do it. And in an
    environment where both teachers and students will be using it, the key
    is probably not going to remain secret for very long anyway. So it may
    be better in this case to skip on it. In either case, you'd want to
    make sure that users understand they can be listened to while using the
    system.

    --
    Tom "Tom" Harrington
    Macaroni, Automated System Maintenance for Mac OS X.
    Version 1.4: Best cleanup yet, gets files other tools miss.
    See [url]http://www.atomicbird.com/[/url]
    Tom Harrington Guest

  3. #3

    Default Re: Mac addresses / Multiple airports

    Bobby Janow wrote:
    > and I'm wondering if it's really necessary. Remember, I'm dealing with a
    > teacher and a lot of middle school students. The only traffic that would be
    > sniffed is internet web stuff and maybe a term paper or two. Each laptop
    If I were in your position, I would not be
    concerned about that being stolen. Passwords,
    though, allowing one bad-attitude student to
    trash another's work some night.....

    Wesley Groleau Guest

  4. #4

    Default Re: Mac addresses / Multiple airports

    On Mon, 07 Jul 2003 15:58:21 -0500,
    Wesley Groleau (wesgroleaudespammed.com) wrote:
    > I did use a Cisco VPN to connect to my employer's intranet.
    > It was quite easy to set up the OS X end. But I know nothing
    > about what they did on the other end.
    There are situations where VPNs create security risks. Let me
    describe a situation to you. My PC and Mac at home are behind a
    NAT'ing router. I have SMB turned on both so that they can
    file share with each other. The computers are on a private LAN so
    computers on the internet cannot see them (non-routable addresses)

    This weekend I VPNed into University's VPN concentrator. This
    gives my Mac an IP address that is no longer a non-routable address,
    but one that can be seen on the Internet. I left to prepare lunch,
    came back 30 minutes later, and ran 'netstat -p tcp -n' in a Terminal
    window -- lo and behold someone from an Italian DSL site had connected
    to the SMB server on my Mac (under OS X), and was trying to login ....

    So that's a situation where by being VPNed into the Univ's network,
    I made my Mac *less* secure than just being behind a NATed router.

    There is a better description of this at the following URL:
    [url]http://www.tss.northwestern.edu/vpn/issues_vpn.html#nat-security[/url]

    Bev
    --
    Bev A. Kupf
    Bev's House of Pancakes
    Bev A. Kupf Guest

  5. #5

    Default Re: Mac addresses / Multiple airports

    Bobby Janow <bjanowmsn.com> wrote:
    > I've been put in charge of entering 75 iBook mac addresses into 7 airport
    > base stations. I have been given all the addresses on a spreadsheet (excel).
    > Is there a way to input all those addresses in one fell swoop on each of the
    > airports? Bear with me here people, I'm a PC guy but have a decent working
    > knowledge of OSX and 9.X. The iBook given to me has 10.2 on it. I can
    > connect to the base stations with no problem.
    In Excel, arrange the columns with the MAC addresses (in hexadecimal
    format with five colons -- one between each hexadecimal pair) in the
    first column and the names of the machines in the second column. To
    create a tab-delimited text file, either copy the range of cells and
    paste them into your text editor or use Excel's "Save As..." command (in
    the File menu) to export the entire file as a tab-delimited text file.

    Launch AirPort Admin Utility (AAU) and double-click one of the names in
    the list. Click the Show All Settings button, then the Access tab, and
    then the Import button. Navigate to your text file of MAC addresses.

    AAU can configure multiple base stations simultaneously, but as I've
    never done this, I can't tell you which, if any, of the settings in each
    base station will be overwritten and which left intact. When you have
    made all your settings, save the configuration as a file by using "Save
    a Copy As..." in AAU's File menu. Then, in the Select Base Station
    window, select all the base stations you want to configure, click the
    Multiple icon in the toolbar, and navigate to the saved baseconfig file.
    (You can also use AAU to edit this file, but to apply the changes, you
    must "Import..." the changed file when you are in a particular station's
    configuration window or do the "Configure multiple..." thing again.)

    > One reason this task was given to me was because I would like to secure the
    > internal network a bit. The teacher refuses to do the work (union
    > complaints) but I won't go down that road. Considering the size of the task
    > and the fact that 12-14 year olds will be using the iBooks during the school
    > year, is there anything else I can do to increase security from outside our
    > network. We are natted to an internal 10. network with a firewall blocking
    > most incoming ports. We use a DHCP server.
    In AAU's AirPort pane, click the "WAN Privacy..." button and uncheck
    everything; and give the base stations a password that can't be guessed
    easily.
    Neill Massello Guest

  6. #6

    Default Re: Mac addresses / Multiple airports

    Bobby Janow <bjanowmsn.com> wrote:
    > I have a question about WEP. There is no wep enabled on these base stations
    > and I'm wondering if it's really necessary. Remember, I'm dealing with a
    > teacher and a lot of middle school students.
    In that environment -- a floating base of inexpert users -- WEP will be
    a headache. I suggest you follow the KISS principle and keep the network
    open and unencrypted. Access control (MAC) should be enough.
    Neill Massello Guest

  7. #7

    Default Re: Mac addresses / Multiple airports

    Tom Harrington <tphpcisys.no.spam.dammit.net> wrote:
    > Using Apple's "Airport Admin Utility" application, you can save base
    > station configurations to a file, or upload a saved configuration. You
    > could enter the addresses in one base station, save the result, and then
    > upload it to the others.
    Note that "Upload", in AirPort Admin Utility's jargon, means flashing
    the base station's firmware. If you just want to change the
    configuration, use "Import" or "Configure multiple".
    Neill Massello Guest

  8. #8

    Default Re: Mac addresses / Multiple airports

    I'm afraid you're right. Thanks again for all your valuable input. Everyone
    here has been a wonderful help to me. This is a very friendly newsgroup, I'm
    glad I stopped by.

    Bobby J.
    "Bev A. Kupf" <bevakupfebv.mimnet.northwestern.edu> wrote in message
    news:slrnbgk2k1.mj9.bevakupfebv.mimnet.northweste rn.edu...
    > On Mon, 07 Jul 2003 23:09:27 GMT,
    > If this is a concern, you should do two things:
    > a) implement WEP
    > b)

    Bobby Janow Guest

  9. #9

    Default Re: Mac addresses / Multiple airports

    Bev A. Kupf wrote:
    > This weekend I VPNed into University's VPN concentrator. This
    > gives my Mac an IP address that is no longer a non-routable address,
    > but one that can be seen on the Internet. I left to prepare lunch,
    > came back 30 minutes later, and ran 'netstat -p tcp -n' in a Terminal
    > window -- lo and behold someone from an Italian DSL site had connected
    > to the SMB server on my Mac (under OS X), and was trying to login ....
    >
    > So that's a situation where by being VPNed into the Univ's network,
    > I made my Mac *less* secure than just being behind a NATed router.
    Hmmm. That couldn't happen with the setup we had.
    When I fired up the "connect to office" script,
    the VPN KEXT began encrypting ALL ip packets, and
    only the concentrator in Boston (or Dallas) could
    decrypt them. Effectively, I was inside the company's
    firewall, and could not talk to my own ISP even though
    they were passing the packets to the concentrator for me.

    Wesley Groleau Guest

  10. #10

    Default Re: Mac addresses / Multiple airports

    Bev A. Kupf wrote:
    > On Mon, 07 Jul 2003 16:28:47 -0600,
    > Tom Harrington (tphpcisys.no.spam.dammit.net) wrote:
    >
    >>Well, that's VPN all right. Connecting via VPN makes you part of the
    >>remote network you're connecting to, and renders you as safe-- or
    >>threatened-- as that network.
    >
    >
    > Precisely my point ...
    >
    >
    >>Most companies would have had some kind
    >>of firewall to prevent such access to their internal machines, and would
    >>therefore have avoided this problem. I'm not sure that VPN is even
    >>useful on a network that's already as open as the one you describe.
    >
    >
    > And most Universities don't. The one thing that VPN lets me do is
    > literature searches for research articles from home. The database
    > that Northwestern subscribes to (Ovid) is access limited to IP addresses
    > from the Northwestern campus (129.105.0.0 and 165.124.0.0). Without
    > VPN I couldn't access this research resource from home.
    >
    > Bev
    It looks like they also use a proxy, which is a way to provide service
    to off-campus sites with authorization. This is a must faster solution
    and is good for non-secure traffic.

    wheat Guest

  11. #11

    Default Re: Mac addresses / Multiple airports

    In article <58-dnbIr3aqoo5eiU-KYgwgbronline.com>,
    Wesley Groleau <wesgroleaudespammed.com> wrote:
    > Bev A. Kupf wrote:
    > > This weekend I VPNed into University's VPN concentrator. This
    > > gives my Mac an IP address that is no longer a non-routable address,
    > > but one that can be seen on the Internet. I left to prepare lunch,
    > > came back 30 minutes later, and ran 'netstat -p tcp -n' in a Terminal
    > > window -- lo and behold someone from an Italian DSL site had connected
    > > to the SMB server on my Mac (under OS X), and was trying to login ....
    > >
    > > So that's a situation where by being VPNed into the Univ's network,
    > > I made my Mac *less* secure than just being behind a NATed router.
    >
    > Hmmm. That couldn't happen with the setup we had.
    > When I fired up the "connect to office" script,
    > the VPN KEXT began encrypting ALL ip packets, and
    > only the concentrator in Boston (or Dallas) could
    > decrypt them. Effectively, I was inside the company's
    > firewall, and could not talk to my own ISP even though
    > they were passing the packets to the concentrator for me.
    Whether that could or could not happen in your setup is not really
    related to whether the packets are encrypted between you and the
    company's network. What's described above is a case where the remote
    network-- in your case, I guess a company-- is not firewalled from the
    internet. By becoming part of that network, you become as secure or
    insecure as that network, and if the firewall's remote or ineffective,
    you're as vulnerable as the rest of the network.

    --
    Tom "Tom" Harrington
    Macaroni, Automated System Maintenance for Mac OS X.
    Version 1.4: Best cleanup yet, gets files other tools miss.
    See [url]http://www.atomicbird.com/[/url]
    Tom Harrington Guest

  12. #12

    Default Re: Mac addresses / Multiple airports

    Tom Harrington wrote:
    > company's network. What's described above is a case where the remote
    > network-- in your case, I guess a company-- is not firewalled from the
    > internet. By becoming part of that network, you become as secure or
    > insecure as that network, and if the firewall's remote or ineffective,
    > you're as vulnerable as the rest of the network.
    OK, I understand. In that case, it wasn't VPN
    that made the Mac insecure, it was connecting it
    to an insecure network.

    Wesley Groleau Guest

Similar Threads

  1. Multiple Debugging IP addresses
    By HairyDude in forum Coldfusion Server Administration
    Replies: 0
    Last Post: August 5th, 02:11 PM
  2. Multiple Debugging IP addresses
    By covretro in forum Coldfusion Server Administration
    Replies: 0
    Last Post: August 5th, 12:22 PM
  3. Multiple IP Addresses For Same Host in /etc/hosts
    By Tennis Smith in forum Linux / Unix Administration
    Replies: 1
    Last Post: December 9th, 10:15 PM
  4. Sending mail to multiple addresses
    By René de Leeuw in forum ASP.NET General
    Replies: 0
    Last Post: July 22nd, 03:35 PM
  5. Creating link to multiple email addresses
    By Joe {RoastHorse} in forum Macromedia Dreamweaver
    Replies: 1
    Last Post: July 17th, 05:11 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139