Professional Web Applications Themes

Wireless Security - Mac Applications & Software

Howdy all, I'm setting-up a wireless network for my daughter and her three roommates. Two Macs (both running Jaguar), and two Wintel's of unknown OS. They haven't moved in yet but I'm trying to get the basics done before they do. The router is a Linksys BEFW11S4 (802.11b) with a DSL connection. I know I can password protect access to the router to keep the configs safe but how do I set password access to their network? None of the girls are too network savvy and I don't want someone to discover they have access to their wireless network because ...

  1. #1

    Default Wireless Security

    Howdy all,
    I'm setting-up a wireless network for my daughter and her three
    roommates. Two Macs (both running Jaguar), and two Wintel's of unknown
    OS. They haven't moved in yet but I'm trying to get the basics done
    before they do. The router is a Linksys BEFW11S4 (802.11b) with a DSL
    connection.

    I know I can password protect access to the router to keep the configs
    safe but how do I set password access to their network? None of the
    girls are too network savvy and I don't want someone to discover they
    have access to their wireless network because their apartment is a
    "hotspot". Our computers are the Macs so do I just setup a little
    password in the Internet Control Panel or whatever the equivalent is in
    OS 10.x. I'm still learning OS 10.x so bear with me. On the Windows
    boxes, I haven't a clue as where to begin. Thanks.

    --
    Deja Moo: I've seen this bull before.

    My address has been anti-spammed.
    Please reply to: [email]scasseinvalid.net[/email] replacing the invalid with sonic.

    Otto Pylot Guest

  2. #2

    Default Re: Wireless Security

    >
    > I know I can password protect access to the router to keep the configs
    > safe but how do I set password access to their network? None of the
    > girls are too network savvy and I don't want someone to discover they
    > have access to their wireless network because their apartment is a
    > "hotspot". Our computers are the Macs so do I just setup a little
    > password in the Internet Control Panel or whatever the equivalent is in
    In the network preference pane, in the airport tab there is a place to
    enter a password for the network, how you enable this for the router
    should be in the router doentation.

    You might also want to consider making the network closed (basically this
    means that the network doesn't shout out to everyone "hey there's a
    802.11b network here"), enabling WEP and restricting access by MAC
    address.

    Fred


    Frederick Cheung Guest

  3. #3

    Default Re: Wireless Security

    In article <200720031136511953%ottobogus.address.invalid>,
    Otto Pylot <ottobogus.address.invalid> wrote:
    > Howdy all,
    > I'm setting-up a wireless network for my daughter and her three
    > roommates. Two Macs (both running Jaguar), and two Wintel's of unknown
    > OS. They haven't moved in yet but I'm trying to get the basics done
    > before they do. The router is a Linksys BEFW11S4 (802.11b) with a DSL
    > connection.
    >
    > I know I can password protect access to the router to keep the configs
    > safe but how do I set password access to their network? None of the
    > girls are too network savvy and I don't want someone to discover they
    > have access to their wireless network because their apartment is a
    > "hotspot". Our computers are the Macs so do I just setup a little
    > password in the Internet Control Panel or whatever the equivalent is in
    > OS 10.x. I'm still learning OS 10.x so bear with me. On the Windows
    > boxes, I haven't a clue as where to begin. Thanks.

    The following security options are available:

    1) Don't broadcast the network SSID (as noted above). This means you
    have to know the name of the network to connect to it. Also change the
    default admin password for the router.

    2) Only allow certain MAC addresses to connect to it. I don't know if
    your particular router supports this capability; the newer Linksys
    802.11g wireless router certainly does.

    3) Enable WEP (wired equivalent privacy).

    All of these techniques have significant limitations, as has been noted
    in the popular media. However, If you do all of them it should help to
    protect your network against "casual" hackers or miscreants. Those
    aren't the ones you need to worry about though. I would definitely do
    all three for the situation you describe.

    Sandeep
    SSM Guest

  4. #4

    Default Re: Wireless Security

    In article
    <Pine.LNX.4.44.0307202000520.28668-100000kern.srcf.societies.cam.ac.uk>,
    Frederick Cheung <fglc2srcf.DUH.ucam.org> wrote:

    <snip>
    > In the network preference pane, in the airport tab there is a place to
    > enter a password for the network, how you enable this for the router
    > should be in the router doentation.
    I saw that but wasn't sure if the router would.
    >
    > You might also want to consider making the network closed (basically this
    > means that the network doesn't shout out to everyone "hey there's a
    > 802.11b network here"), enabling WEP and restricting access by MAC
    > address.
    >
    There is a warning in the config panel about using WEP so that looks
    like this is where I need to go. I'm still fuzzy about MAC addresses.

    --
    Deja Moo: I've seen this bull before.

    My address has been anti-spammed.
    Please reply to: [email]scasseinvalid.net[/email] replacing the invalid with sonic.

    Otto Pylot Guest

  5. #5

    Default Re: Wireless Security

    Frederick Cheung <fglc2srcf.DUH.ucam.org> wrote:
    > You might also want to consider making the network closed (basically this
    > means that the network doesn't shout out to everyone "hey there's a
    > 802.11b network here"), enabling WEP and restricting access by MAC
    > address.
    the network should still be detectable. Restricting access by MAC
    address won't keep out those who really want in (you can change your
    NIC's MAC). If the installation uses standard WEP without making any
    further specific effort it's not save agains eavesdropping.


    --
    Georg Schwarz [url]http://home.pages.de/~schwarz/[/url]
    [email]geosepost.de[/email] +49 177 8811442
    Georg Schwarz Guest

  6. Moderated Post

    Default Re: Wireless Security

    Removed by Administrator
    foo Guest
    Moderated Post

  7. Moderated Post

    Default Re: Wireless Security

    Removed by Administrator
    SSM Guest
    Moderated Post

  8. #8

    Default Re: Wireless Security

    > I've told the router not to broadcast the SSID but it still shows up
    > under the Airport in the menu bar.
    if you are *currently connected* to that network, the name will show
    up. if you turn airport off and then back on, it should not show up.
    then pick 'other...' and type in the network name/ssid and password,
    and then it will show up again.
    > So far I'm only dealing with one Mac
    > (an iBook) so I've still got some time to set it all up properly. It
    > appears that this is what I need to do:
    >
    > 1. Disable SSID broadcasting so it's not readily apparent that there is
    > a wireless router in close proximity.
    >
    > 2. Password protect the router so that the configs can't be changed.
    >
    > 3. Allow only the MAC addresses from my daughter's and her three
    > roommates computers access to the router.
    all three are excellent. also, consider disabling dhcp and assigning ip
    addresses for each computer manually. this makes it even more difficult
    to connect.

    some routers can tie a mac address to a specific ip, so not only must
    they use a specific card, but that particular card must have a specific
    ip number. other routers don't care what ip number is used as long as
    the card is allowed to connect. either way, its yet another thing to
    set to use that network.
    > I take it that the MAC addresses are machine specific and don't change
    > unless there is some sort of networking hardware change on the
    > individual computer.
    the mac address is a serial number of the network interface, either an
    ethernet port or a 802.11 card. if a machine has both, then there are
    two mac addresses - one for each interface. it cannot be changed
    (unless the card is swapped out), but it can be spoofed.
    nospam Guest

  9. #9

    Default Re: Wireless Security

    In article <200720031614460134%ottobogus.address.invalid>,
    Otto Pylot <ottobogus.address.invalid> wrote:
    > In article <ssm-30F6C0.16371720072003reader1.news.rcn.net>, SSM
    > <ssmnoEmail.invalid.com> wrote:
    >
    > > In article <rstlhvc64kse79at2hujb33a2qkuarqq6u4ax.com>,
    > > foo <foobar.com> wrote:
    > >
    > > > On Sun, 20 Jul 2003 12:50:26 -0700, Otto Pylot
    > > > <ottobogus.address.invalid> wrote:
    > <snip>
    >
    > > > Tell the router not to broadcast the SSID too.
    > >
    > > Exactly. Then you need to know the network's name to connect. However,
    > > the motivated hacker can discover it anyway by sniffing the packet you
    > > use to connect.
    > >
    >
    > I've told the router not to broadcast the SSID but it still shows up
    > under the Airport in the menu bar. So far I'm only dealing with one Mac
    > (an iBook) so I've still got some time to set it all up properly. It
    > appears that this is what I need to do:
    >
    > 1. Disable SSID broadcasting so it's not readily apparent that there is
    > a wireless router in close proximity.
    >
    > 2. Password protect the router so that the configs can't be changed.
    >
    > 3. Allow only the MAC addresses from my daughter's and her three
    > roommates computers access to the router.
    >
    > I take it that the MAC addresses are machine specific and don't change
    > unless there is some sort of networking hardware change on the
    > individual computer.
    Correct, each network adapter has a unique MAC. This isn't foolproof
    though, because hackers can sniff the MAC address that's transmitted
    when you connect to the wireless network and use it themselves.

    You also should enable WEP. Then you've taken all measures that are
    available to you, imperfect as they are.

    Sandeep
    SSM Guest

  10. #10

    Default Re: Wireless Security

    In article <MPG.19850b3a39b82519896c1news.newsguy.com>, Diane Wilson
    <dianefirelily.com> wrote:
    > If the access point is set to disable broadcast of the SSID, how is the
    > network detectable in any useful way?
    sniffing utilities can reveal the network name.
    > > Restricting access by MAC
    > > address won't keep out those who really want in (you can change your
    > > NIC's MAC).
    >
    > OK, so a MAC address can be spoofed. What are you going to use for
    > a spoofed MAC address? How will you know what MAC addresses
    > the router is listening for?
    by watching what mac addresses are being used by machnes that *can*
    connect. then the cracker then uses one of those when spoofing, and
    along with the previously sniffed ssid name, he can probably connect.
    if there is wep, that can be cracked too.
    > > If the installation uses standard WEP without making any
    > > further specific effort it's not save agains eavesdropping.
    >
    > This is the only point you've made that I'd agree with.
    > WEP *can* be broken. Most people who know how to break
    > WEP probably won't bother if there are easier networks
    > to break into, though.
    yep - there are *lots* of wide open networks, so as long as your
    network is harder to connect than your neighbor's, you are somewhat
    safe.
    nospam Guest

  11. #11

    Default Re: Wireless Security

    In article <MPG.19850b3a39b82519896c1news.newsguy.com>,
    Diane Wilson <dianefirelily.com> wrote:
    >In article <1fyf1ca.1az0nfavofrupNgeos.net.eu.org>, [email]geosepost.de[/email] says...
    >> Frederick Cheung <fglc2srcf.DUH.ucam.org> wrote:
    >>
    >> > You might also want to consider making the network closed (basically this
    >> > means that the network doesn't shout out to everyone "hey there's a
    >> > 802.11b network here"), enabling WEP and restricting access by MAC
    >> > address.
    >>
    >> the network should still be detectable.
    >
    >If the access point is set to disable broadcast of the SSID, how is the
    >network detectable in any useful way?
    You can watch for an ASSOCIATE. Or, if you're feeling nasty, you can
    spoof a DISASSOCIATE for a detected client without knowing the SSID.
    The client will respond by re-associating, giving you the
    SSID.
    --
    Matthew T. Russotto [email]mrussottospeakeasy.net[/email]
    "Extremism in defense of liberty is no vice, and moderation in pursuit
    of justice is no virtue." But extreme restriction of liberty in pursuit of
    a modi of security is a very expensive vice.
    Matthew Russotto Guest

  12. #12

    Default Re: Wireless Security

    what about disabling that WEP stuff etc. altogether and using something
    safe instead such as IPSEC?

    --
    Georg Schwarz [url]http://home.pages.de/~schwarz/[/url]
    [email]geosepost.de[/email] +49 177 8811442
    Georg Schwarz Guest

  13. Moderated Post

    Default Re: Wireless Security

    Removed by Administrator
    Otto Pylot Guest
    Moderated Post

  14. #14

    Default Re: Wireless Security

    Sally Shears <com> wrote:
    : Otto Pylot <address.invalid> wrote:
    : : I'm setting-up a wireless network for my daughter and her three
    : : roommates. Two Macs (both running Jaguar), and two Wintel's of unknown
    : : OS. They haven't moved in yet but I'm trying to get the basics done
    : : before they do. The router is a Linksys BEFW11S4 (802.11b) with a DSL
    : : connection.

    : : I know I can password protect access to the router to keep the configs
    : : safe but how do I set password access to their network?

    : Otto, good for you. The girls will love it.

    : I've done similar setup with the following choices:
    : 1. Change the access point name from linksys (which invites hacking) to
    : CompaqVx82m (or other made up name) which should discourage anyone trying
    : to break it by using known defaults. Let it broadcast it's SSID. That will
    : make it easier for the girls and friends to use it.
    : 2. Enable WEP; figure out and write down the password.
    : 3. Forget the "restrict to certain MAC addresses" option. It's too big a
    : maintenance headache.

    Oops!... Add...
    4. Set the config password for the router to something secure and
    different from the network password. You're probably the only one who will
    ever need to config password.

    : This may not be optimum security, but I think it's good security with near
    : optimum usability.

    : -- Sally
    --

    Sally Shears (a.k.a. "Molly")
    com -or- org
    http://theWorld.com/~sshears
    Sally Guest

  15. #15

    Default Re: Wireless Security

    In <bg23h8$7cn$std.com> Sally Shears wrote: 

    And everyone else. If they out smart enough to be able to type in a
    short ESSID....
     

    What's so hard about it? There's no maintenance required. MAC addresses
    don't change unless you change hardware.

    Here's another suggestion: Change the ESSID and WEP key every week.
     


    Can I use that? It's such a great explanation of why home PCs are such
    security issues.
     
    David Guest

  16. #16

    Default Re: Wireless Security

    David Turley <com> wrote:
    : In <bg23h8$7cn$std.com> Sally Shears wrote:
    :> Otto Pylot <address.invalid> wrote:
    :>: I'm setting-up a wireless network for my daughter and her three
    :>: roommates. Two Macs (both running Jaguar), and two Wintel's of
    :>: unknown OS. They haven't moved in yet but I'm trying to get the
    :>: basics done before they do. The router is a Linksys BEFW11S4 (802.11b)
    :>: with a DSL connection.
    :>
    :>: I know I can password protect access to the router to keep the
    :>: configs safe but how do I set password access to their network?
    :>
    :> Otto, good for you. The girls will love it.
    :>
    :> I've done similar setup with the following choices:
    :> 1. Change the access point name from linksys (which invites hacking)
    :> to CompaqVx82m (or other made up name) which should discourage anyone
    :> trying to break it by using known defaults. Let it broadcast it's
    :> SSID. That will make it easier for the girls and friends to use it.

    : And everyone else. If they out smart enough to be able to type in a
    : short ESSID....

    :> 3. Forget the
    :> "restrict to certain MAC addresses" option. It's too big a
    :> maintenance headache.

    : What's so hard about it? There's no maintenance required. MAC addresses
    : don't change unless you change hardware.

    Exactly, Otto is setting up a system for his daughter. If he restricts to
    certain MAC addresses, then he has go adjust the router configuration each
    time one of them changes computers.

    : Here's another suggestion: Change the ESSID and WEP key every week.

    Well, it appears we disagree about this.

    -- Sally
    --

    Sally Shears (a.k.a. "Molly")
    com -or- org
    http://theWorld.com/~sshears
    Sally Guest

  17. #17

    Default Re: Wireless Security

    In <bg4lbo$nni$std.com> Sally Shears wrote: 

    Can Otto adopt me, I don't get new computers all that often.
    David Guest

  18. #18

    Default Re: Wireless Security

    On Tue, 29 Jul 2003 02:15:20 +0000 (UTC),
    Sally Shears (com) wrote: 

    How often do you suppose this will be? I haven't had to change the
    airport card in Powerbook Firewire G3 in three years, and have had the
    same netgear MA401 in my Sony VAIO laptop for two years.

    I don't anticipate changing either for a while. Most students buy
    a computer no more frequently than once in two years. Even assuming
    Otto's daughter gets a new room mate every year, he won't have to
    add/delete MAC addresses more than once a year.
     

    Changing the ESSID doesn't provide much by way of security -- changing
    the WEP ever so often marginally increases security, so I wouldn't bother
    with changing either once a week.

    Bev

    --
    Bev A. Kupf
    Bev's House of Pancakes
    Bev Guest

  19. #19

    Default Re: Wireless Security

    Otto Pylot : 

    Just found a far better treatment of wireless security than has been
    pointed to so far. See:
    http://www.arstechnica.com/paedia/w/wireless-security-howto/home-802.11b-1.html

    The biggie is fixing the admin login hole...too much to summarize --
    read the article.

    -Eric
    Eric Guest

  20. #20

    Default Re: Wireless Security

    Sally: [/ref]

    David: 

    But, if the hacker doesn't know the WEP key, does it do her any good
    to know the SSID? By having open association, you close one more
    opening to get the WEP key, so this may actually improve security if
    WEP is on...
     
    >
    > What's so hard about it? There's no maintenance required. MAC addresses
    > don't change unless you change hardware.[/ref]

    If the hacker has taken the time and effort to crack the WEP key, how
    long do you think it will take to sniff out a valid MAC address?

    Another good quote: Computer security is like being safe from bears:
    you don't need to out run a bear, just your hiking companions.

    -Eric
    Eric Guest

Page 1 of 2 12 LastLast

Similar Threads

  1. Change Flash Security Settings? Security ManagerOffline?
    By nigelnigelnigel in forum Macromedia Flash Player
    Replies: 1
    Last Post: March 14th, 03:31 PM
  2. wireless security on 2003
    By remi in forum Windows Server
    Replies: 1
    Last Post: July 6th, 04:05 PM
  3. Security tool to check CGI scripts for security holes/vulnerabities
    By Trent Rivers in forum Linux / Unix Administration
    Replies: 3
    Last Post: November 24th, 09:42 AM
  4. URGENT: Loss of wireless connection when hitting another wireless network
    By Barb Bowman [MVP-Windows] in forum Windows Networking
    Replies: 7
    Last Post: August 10th, 09:20 PM
  5. wireless network and security
    By Brian Blinderman in forum Windows Networking
    Replies: 3
    Last Post: July 8th, 12:58 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139